Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed Monday that a trove of customer data had been exposed in a breach linked to its third-party payment processor, Global-e, sending new waves of concern across the crypto community.
While Ledger claims that private keys, wallet funds and payment information were not accessed, the incident revealed the names and contact details of users who purchased devices through its online store, reigniting long-standing fears about recurring data leaks and the real risks they can create.
Within hours of the revelation, users began reporting an increase in phishing emails and scam attempts. Fraudsters posing as Ledger or Global-e support appeared to exploit the leaked data to pressure recipients into handing over sensitive information.
This is not the first data breach Ledger has suffered. In 2020, the platform was the victim of another large-scale breach affecting nearly 300,000 users. In 2021, fraudsters sent fake Ledger hardware wallets to users following these phishing attempts.
Security researchers warn that similar campaigns following past Ledger leaks have led to wallet takeovers, financial losses and, in some cases, concerns about physical targeting in so-called “keystroke attacks.”
Ledger’s latest data breach raises pressing questions about who is most at risk and what users can realistically do to protect themselves.
Who is at risk?
Security experts say the risk is not limited to those whose data has been exposed. Anyone known to own a hardware wallet can become a phishing or social engineering target, whether or not their information appears in a leaked database.
“If you are part of the leak, the risk is even higher because it makes you a dated official target,” Ouriel Ohayon, CEO of Zengo Wallet and wallet security expert, told CoinDesk.
Certain types of data leaks significantly increase the risk of threat to a person Alexander Urbelis, head of information security at and a cybersecurity expert said physical address information is particularly sensitive. A “home address in a breached data set that could be linked to a hardware wallet,” he said, “increases the risk profile for these individuals.”
What does the Ledger-targeted phishing attack look like now?
Users have reported receiving unsolicited emails claiming to be from Ledger support, even if they do not have a Ledger wallet. Experts say attackers often rely less on technical exploits and more on psychological pressure.
“The best phishing scams are trust games: They exploit trust and time pressure, not necessarily code,” Urbelis said. “They start by flattering your confidence using your real name and your actual order details, then turn to fear and urgency with a ‘security alert’ or ‘replacement device’ that compels you to act immediately.”
These messages, he added, are increasingly coming “by text message or as compelling, unsolicited support calls,” not just email.
What can we do to protect ourselves?
Experts emphasize that no legitimate business will ever ask for a recovery phrase – and that unsolicited contact is itself a warning sign.
“Obviously, never share your seed phrase with anyone. Ever,” said Ohayon of Zengo. He added that users should always verify the real sender of an email and avoid responding to “unsolicited DMs or customer support messages that arrive ‘off-channel’ (emails, messaging apps, or even paper letters).
Do you need to move funds or change wallets?
Both experts warned against panic-driven onchain activity. Moving funds does not necessarily reduce risks and can introduce new dangers if users act hastily.
“Once you are identified as the wallet owner, it doesn’t matter where the crypto is stored. You, not the wallet itself, are targeted,” Ohayon said. He added that moving funds can be counterproductive because “the transfer of funds would be public and hackers would also follow the trail.”
Urbelis echoed this advice, warning that rushing to move assets can expose users to well-timed phishing attempts.
“I wouldn’t advise rushing to move funds, because that’s how you could fall victim to a well-timed phishing attack,” he said. “Off-chain leaks like this pose phishing risks, so users should act with greater caution when dealing with emails, SMS messages, responding to voicemails, calls, etc., for the foreseeable future.”
He added that chain action should be reserved for clear signs of compromise: “If a user audits an account and sees unusual activity, it is time for chain action.”
Protecting your privacy is essential
Experts say privacy remains the strongest defense in the long term. Ohayon urged users to limit what they reveal about themselves, both online and offline.
“Protect their privacy at all costs. Do not publicly disclose what you own or do,” he said. “Hackers are looking for public signals about your potential wealth or crypto wealth.”
Urbelis presented the threat as one that ultimately relies on human error.
“Our brain is our best defense against fraud: slow down, question the story and confirm the source before clicking or logging in,” he said. “Only after this comes the cardinal rule of cryptocurrency security: never, under any circumstances, share your recovery phrase.
Read more: Crypto wallet company Ledger faces customer data breach via payment processor Global-e
