6th January 2025 – A fresh data breach has affected Ledger customers, but not the wallets themselves.

Ledger confirmed that its third-party e-commerce partner, Global-e, experienced unauthorized access to order data. This breach involved customer names and contact details, but no crypto assets or sensitive wallet information were compromised.

Key Takeaways

Ledger confirmed a data breach involving its e-commerce partner, Global-e, which impacted some customer information.
The breach did not affect Ledger’s wallets, seed phrases, crypto balances, or payment data.
Only customer names and contact details tied to purchases on Ledger.com were exposed.
This incident follows previous breaches tied to third-party platforms, including a major 2020 leak.
Global-e is a major retail platform also used by brands like Adidas and Victoria’s Secret.

What Happened?

Global-e, the e-commerce platform Ledger uses to process international orders, suffered a security incident. On January 5, Ledger sent out alerts confirming that some order-related customer data was exposed. This included names, emails, and contact info.

However, no payment information, seed phrases, or crypto balances were accessed. Ledger emphasized that its self-custodial hardware products ensure user assets stay secure, even if a vendor’s system is breached.

“Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” Ledger stated.

Forensic Investigation Underway

Ledger has hired independent forensic experts to examine the breach. This move follows their long-standing focus on transparency and user protection. In its statement to users, Ledger explained that the investigation aims to fully assess the scope of the breach and prevent further issues.

A Pattern of Third-Party Breaches

This isn’t Ledger’s first encounter with third-party issues. In December 2023, malicious code was injected into Ledger Connect Kit after a former employee fell victim to phishing. At the time, Ledger advised users to stop using dapps until the vulnerability was resolved.

The company’s most high-profile incident occurred in 2020, when attackers leaked the personal data of over 270,000 customers. That breach exposed names, emails, phone numbers, and even home addresses. It later led to phishing attempts, a bitcoin bounty hunt, and a class-action lawsuit against both Ledger and Shopify.

What Is Global-e?

Global-e is a Nasdaq-listed global retail and payment platform based in Israel. It powers e-commerce services for brands like Victoria’s Secret, Adidas, and Marc Jacobs. Ledger uses it for international transactions on its main online store.

The fact that Global-e serves hundreds of companies raises additional questions about the broader impact of the breach across other merchants.

Crypto Data Breaches Since 2024

      Major Crypto Breaches & Data Exposures (2024+)
    
Incident
Description
Impact
WazirX Hack (2024)
Attackers compromised exchange wallets
~$235M in crypto stolen
DMM Bitcoin Breach (2024)
Private key exposure enabled unauthorized transfers
~4,500 BTC lost (≈$300M)
Bitcoin Depot Data Leak (2024)
Customer records from ATM system exposed
Tens of thousands of users’ personal data leaked
Exchange Exploits Wave (2024)
Multiple CEX/DeFi platforms targeted through exploits
Dozens of incidents; losses exceeding tens of millions
Bybit Heist (2025)
Massive compromise of exchange wallet infrastructure
≈$1.4B in assets stolen
Coinbase-Related Data Exposure (2025)
Employee/contractor data mishandling led to leak
Personal information of thousands of users exposed
Sector-Wide Breaches (2025)
Consolidated attacks against fewer but larger targets
Multi-billion dollar total losses across platforms

Why It Matters

Ledger’s hardware and software remain untouched, but the incident still raises trust concerns. As hardware wallets continue to position themselves as the gold standard in crypto security, how they manage third-party integrations will come under more scrutiny.

While no crypto was stolen, the repeated involvement of external vendors in data leaks highlights an ongoing vulnerability even for self-custodial tools.

Ledger says it remains committed to transparency and user protection, but as past incidents show, user data, not just crypto, is often the real target.

Frequently Asked Questions

What information leaked in the Global-e breach?

The breach exposed customer names and contact details from Ledger.com purchases. Fortunately, it did not include crypto data or payment details.

Are Ledger wallets still secure?

Yes. Ledger continues to secure its hardware and software wallets. Since the products are self-custodial, Global-e never handled seed phrases or wallet balances.

How exactly did Global-e connect to Ledger?

Global-e managed international order processing for Ledger.com. During this role, it stored some customer data, which attackers accessed during the breach.

Has Ledger experienced similar issues before?

Yes. In 2020, attackers leaked the personal data of over 270,000 Ledger users. That breach triggered public backlash, phishing campaigns, and legal challenges.

What did Ledger do after this breach?

Ledger immediately launched an investigation with independent forensic experts. It also notified customers and reassured them that wallets and payment data stayed protected.

Should I reset my seed phrase just in case?

No. Your seed phrase remains safe, since Global-e had no access to wallet secrets. Still, stay cautious — monitor emails and avoid suspicious links or messages.

Join Our Telegram Community

NEWS

OPINION/RESEARCH

FEATURES

ABOUT US