Ledger third-party payment provider Global-e experiences data breach, official response: "Wallet itself is secure"

Ledger, the cold wallet brand, has once again experienced a data breach scandal, but the cause was due to the third-party payment service provider Global-e being hacked. The official response stated that only names and contact information were leaked, with no payment information or private keys involved, and the wallet itself remains secure. This incident highlights the vulnerability of the cryptocurrency industry’s reliance on third-party services and raises the risk of related phishing attacks.

Third-party payment partner affected by hacking incident at Ledger, security concerns arise

On-chain detective ZachXBT posted last night that Ledger experienced another data leak due to its payment processing partner Global-e being hacked.

Global-e informed users via email that its cloud system was compromised, resulting in exposure of some Ledger users’ personal information. The affected time frame, scope, and number of victims were not disclosed, but it was confirmed that multiple partner brands were impacted, not just Ledger.

What user data was leaked? Names and contact information, seed phrases and assets unaffected

Global-e emphasized that the hackers only obtained basic personal data, including names and contact details, and no credit card, bank account, or password information was leaked: “Our system does not store sensitive data such as birthdays or government-issued IDs, so highly private information was not involved.”

Meanwhile, Ledger also responded, stating that this incident did not stem from vulnerabilities in Ledger’s platform, hardware, or software systems, and the wallet remains secure:

As Ledger wallets are self-custody products, neither we nor Global-e have access to users’ private keys, seed phrases, or on-chain assets.

Ledger data breach is not the first, security shadows linger

Although this incident was not caused by Ledger itself, external perceptions inevitably link it to the company’s past security crises.

In 2020, Ledger experienced a data breach involving its e-commerce partner Shopify, exposing personal information of 270,000 users. In 2023, Ledger Connect Kit was targeted by a supply chain attack, resulting in nearly $500,000 in asset losses.

Multiple incidents have cast a shadow over Ledger’s brand image regarding security risks, and the latest Global-e intrusion serves as a reminder that even if the wallet itself is secure, the ecosystem of partners can still be an attack entry point.

(Ledger considers going public in the US in 2026, CEO: Capital hotspots have shifted to the US)

Rising risks of phishing and social engineering attacks, users need to stay vigilant

Following the data leak, the most immediate risks are phishing and social engineering scams. Attackers can use leaked names, emails, or order records to impersonate Ledger customer service, sending seemingly authentic verification, update, or maintenance notifications to trick users into revealing seed phrases or downloading malicious software.

(2025 Blockchain Security and Anti-Money Laundering Annual Report: Total Losses Surge 46%, AI and Social Engineering Become Mainstream Threats)

Ledger urges all users to remain vigilant, emphasizing that the team will never ask for seed phrases or private keys. The company also stated that it is working with Global-e to send individual notifications to affected users and provide subsequent prevention guidelines.

This article about Ledger’s third-party payment provider Global-e data breach and the official response “wallet remains secure” was first published on Chain News ABMedia.