Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed on Monday that a mass of customer data was exposed in a breach linked to its third-party payment processor, Global-e, sending new waves of concern through the crypto community.
While Ledger says private keys, wallet funds and payment information were not accessed, the incident revealed the names and contact information of users who purchased devices through its online store, rekindling long-standing fears of recurring data leaks and the real-world risks they can create.
Within hours of its publication, users began reporting an increase in phishing emails and scam attempts. Scammers posing as Ledger or Global-e support appeared to be exploiting the leaked data to pressure recipients into handing over sensitive information.
This is not the first data breach Ledger has experienced. In 2020, the platform was the victim of another major breach affecting nearly 300,000 users. In 2021, fraudsters sent fake Ledger hardware wallets to users following these phishing attempts.
Security researchers warn that similar campaigns following previous Ledger leaks have led to wallet takeovers, financial losses and, in some cases, concerns about physical targeting in so-called “key attacks.”
Ledger’s latest data breach raises pressing questions about who is most at risk and what users can realistically do to protect themselves.
Who is at risk?
Security experts say the risk extends beyond just those whose data was exposed. Anyone known to have a hardware wallet can become a target for phishing or social engineering, regardless of whether their information appears in a leaked database.
“If you’re part of the leak, the risk is even higher because it makes you an officially dated target,” Ouriel Ohayon, CEO of Zengo Wallet and an expert on wallet security, told CoinDesk.
Certain types of leaked data significantly increase a person’s threat risk Alexander Urbelis, Chief Information Security Officer for and a cybersecurity expert said that physical address information is particularly sensitive. A “home address in a breached data set that could be tied to a hardware wallet,” he said, “raises the risk profile for these individuals.”
What does the Ledger-targeted phishing attack look like right now?
Users have reported receiving unsolicited emails claiming to be from Ledger support, even when they do not own a Ledger wallet. Experts say attackers often rely less on technical exploits and more on psychological pressure.
“The best phishing scams are trust plays: they weaponize trust and time pressure, not necessarily code,” Urbelis said. “They start by flattering your confidence by using your real name and real order details, then turn to fear and urgency with a ‘security alert’ or ‘replacement device’ that requires you to act now.”
Those messages, he added, are increasingly arriving “via SMS or as persuasive unsolicited ‘support’ calls,” not just email.
What can you do to protect yourself?
Experts stress that no legitimate company will ever ask for a recovery phrase — and that unsolicited contact itself is a warning sign.
“Of course you must never share your seed set with anyone. Ever,” said Ohayon of Zengo. He added that users should always verify the actual sender of an email and avoid responding to “unsolicited DMs or customer support messages that arrive ‘from channels’ (emails, messaging apps or even paper letters).”
Do you need to move money or switch wallets?
Both experts warned against panic-driven onchain activity. Moving funds does not necessarily reduce risk and may introduce new dangers if users act quickly.
“Once you’re identified as a wallet owner, it doesn’t matter where the crypto is stored. You, and not the wallet itself, is targeted,” Ohayon said. He added that moving funds could be counterproductive because “moving funds would be public and the hackers would also follow the trail.”
Urbelis echoed this advice, warning that rushing to move assets could expose users to well-timed phishing attempts.
“I wouldn’t recommend rushing to move money because that’s how you can fall victim to a well-timed phishing attack,” he said. “Offchain leaks like this pose phishing risks, so users should act with increased caution when handling emails, text messages, answering voicemails, calls, etc. for the foreseeable future.”
He added that onchain action should be reserved for clear signs of compromise: “If a user audits an account and sees unusual activity, it’s time to act onchain.”
Protecting your privacy is key
Experts say privacy remains the strongest long-term defense. Ohayon encouraged users to limit how much they reveal about themselves, both online and offline.
“Protect their privacy at all costs. Don’t be public about what you own or do,” he said. “Hackers are looking for public signals about your potential wealth or crypto-wealth.”
Urbelis framed the threat as one that ultimately relies on human error.
“Our brains are our best bulwark against fraud: slow down, ask the story, and verify the source before you click or connect,” he said. “Only after that comes the cardinal rule of crypto security: Never, under any circumstances, share your recovery phrase.”
Read more: Crypto wallet company Ledger faces customer data breach through payment processor Global-e
