Share
On January 5, 2026, Ledger disclosed that some customer names and contact information were exposed due to unauthorized access to a cloud system operated by its third-party payment processor, Global-e; however the breach did not compromise Ledger’s hardware wallets, software, or private keys.
Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).
Earlier today customers received the email below. pic.twitter.com/RKVbv6BTGO
— ZachXBT (@zachxbt) January 5, 2026
Global-e, which handles order processing for multiple e-commerce brands including Ledger, detected unusual activity in its system and launched an investigation, though the company has not disclosed the number of affected Ledger customers, the exact timing of the incident, or the full scope of the exposed data. Ledger emphasized that no payment details, seed phrases, wallet balances, or private keys were involved, and the breach was confined to the external processor’s infrastructure.
This incident was directly related to Global-e and remains separate to the operations of any Ledger hardware device, software or platforms. For the avoidance of doubt, as the Ledger product is self-custodial, Global-e does not have access to your 24 words, blockchain balance, or…
— Ledger (@Ledger) January 5, 2026
The incident revives concerns about Ledger’s data security track record. In July 2020, Ledger experienced a data breach involving its e-commerce and marketing database, exposing the names, email addresses, and partial postal addresses of approximately 272,000 customers, as well as the names and email addresses of 9,500 additional users who had signed up for Ledger’s newsletter.
The incident did not compromise Ledger’s hardware wallets, private keys, seed phrases, or any financial data, and the company stated that no credit card information was stored in the affected database.
It happened again on December 14, 2023. Ledger detected unauthorized access to its Ledger Connect Kit library after a former employee’s compromised NPMJS account was exploited via phishing, leading to the upload of malicious versions.
These versions injected Angel Drainer malware into integrated DApps, tricking EVM users into signing transactions that drained assets like USDT to attacker-controlled wallets, though only a limited number of users were affected during the brief exposure window. Ledger’s core infrastructure, hardware wallets, software, repositories, and non-EVM assets remained secure.
The company identified the issue within 40 minutes, alerted WalletConnect, and disabled the rogue instance, though CDN caching prolonged availability up to five hours (with active draining under two hours). Ledger worked with WalletConnect and Tether to freeze stolen funds.
On X, reactions ranged from concern for the aftermath to predictions of doom. User @Katexbt thinks it’s a bigger issue than it looks, and that with LLMs to analyze huge datasets, the possibility of losing crypto assets to fraudsters is higher than before.
Ledger is cooked after this
it might be wise to pay someone to make yourself disappear from the internet (not kidding)
this is a bigger issue than people think
with LLMs its now trivial for ANYONE to analyze huge data sets
ledger breach in 2020 dataset
crossreferenced with… https://t.co/E9PFsV55eN pic.twitter.com/vLJtfc6gtH
— katexbt.hl (@katexbt) January 5, 2026
According to another user, Ignas Defi, it wasn’t just about whether or not crypto assets were stolen. With critical customer data lost in the hack, customers could be exposed to wrench physical attacks, which are becoming more commonplace by the day.
I received Ledger's email stating my name, postal address, email, and phone number got leaked.
I would be extremely worried right now.
Wrench physical attacks are getting more common and I believe if economy & world gets more unstable, these attacks will become serious issue… pic.twitter.com/4oDC6yIiUJ
— Ignas | DeFi (@DefiIgnas) January 5, 2026
In an expected twist, user Jameson Loop pointed out how other scammers were trying to use the incident to their advantage. Ledger advised affected customers to monitor for phishing attempts and update passwords as a precaution.
There are currently a variety of malicious emails being sent targeting Ledger users as a result of the latest data leak, but this one takes the cake! 😅 pic.twitter.com/2mwdDh3RPM
— Jameson Lopp (@lopp) January 5, 2026
The disclosure comes in the face of rising regulatory scrutiny of crypto custody providers, with the SEC and CFTC emphasizing third-party risk management in recent guidance.
Share
