Ledger Hit by Another Data Breach — Customer Names and Contact Details Exposed

Ledger, a {hardware} pockets producer, which has traditionally been recognized by the status of retaining crypto belongings offline, has suffered one other information publicity incident and has introduced again previous worries relating to the privateness of shoppers and third-party danger within the business.

On January 5, 2026, blockchain researcher ZachXBT revealed that the non-public data of Ledger clients was accessed in a hack on Global-e, a fee processor that the corporate makes use of.

Community alert: Ledger had one other information breach by way of fee processor Global-e leaking the non-public information of shoppers (title & different contact data).

Earlier right this moment clients acquired the e-mail under. pic.twitter.com/RKVbv6BTGO

— ZachXBT (@zachxbt) January 5, 2026

Ledger Breach Raises Phishing Concerns Despite No Wallet Impact

ZachXBT reported that victimized clients had been despatched an e-mail informing them that Global-e had seen suspicious exercise in some a part of its cloud surroundings.

The fee firm claimed that it was quick sufficient to lock down and take management of its methods after it detected the issue and contracted exterior forensic investigators.

No indication was on condition that there was an publicity of fee card particulars, passwords, restoration phrases, and pockets non-public keys.

so Ledger’s fee processor Global-e obtained breached and title & contact data had been leaked (not one of the fee data fortuitously but it surely would not make it higher). This is all fucking insane – the whole lot you do on-line shall be fucking leaked in the future, so do not use your actual… pic.twitter.com/95QVR7zlO5

— sudo rm -rf –no-preserve-root / (@pcaversaccio) January 5, 2026

Ledger acknowledged within the e-mail that the intrusion was on the stage of a third-party accomplice and not within the basic safety of its {hardware} wallets.

While funds stay secure, safety researchers and neighborhood members warned that the publicity considerably will increase the danger of focused phishing and social engineering assaults, notably given Ledger’s historical past.

This newest incident comes at a delicate time for crypto safety. It follows days after Trust Wallet users suffered unauthorized fund outflows linked to a compromised browser extension and days after attackers targeted MetaMask users in coordinated wallet-draining attempts.

Multiple Trust Wallet customers skilled unauthorized fund outflows on Thursday resulting from a brand new browser extension theft. Losses are estimated to surpass $6 million.#TrustWallet #CryptoTheft #TrustWalletThefthttps://t.co/mchzwWAHK3

— Cryptonews.com (@cryptonews) December 26, 2025

Although unrelated technically, the clustering of incidents has heightened person anxiousness throughout the ecosystem.

Ledger’s title carries specific weight in information breach discussions because of the extreme fallout from its 2020 e-commerce and advertising and marketing database leak.

That breach exposed roughly 1.1 million e-mail addresses and detailed private data, together with residence addresses and cellphone numbers, for about 292,000 clients.

The information was later dumped publicly, resulting in years of persistent phishing campaigns, extortion makes an attempt, and even reviews of bodily threats in opposition to recognized crypto holders.

Repeated Data Leaks Expose Long-Term Risks for Ledger Users

The firm has additionally confronted different safety challenges, as in December 2023, attackers compromised Ledger’s Connect Kit JavaScript library by way of a supply-chain exploit, draining practically $500,000 from customers who interacted with affected decentralized functions throughout a brief window.

Security consultants word that whereas the {hardware} wallets themselves stay uncompromised, repeated leaks of buyer information create long-term dangers that stretch past rapid monetary loss.

Exposed private data is commonly reused in extremely convincing phishing campaigns, together with faux emails, messages, and even bodily letters.

In April 2025, Ledger users received professionally designed mail telling them to scan QR codes and enter their 24-word restoration phrases, which was a rip-off that the corporate confirmed to be faux.

Owners of @Ledger {hardware} wallets have reported receiving faux letters designed to trick them into revealing their pockets seed phrases.#Ledger #Scamhttps://t.co/s0jxsJxckm

— Cryptonews.com (@cryptonews) April 30, 2025

Some neighborhood members traced these efforts again to information obtained throughout earlier breaches, exhibiting how lengthy such incidents can echo.

The Ledger hack additionally confirms a bigger sample within the business, as in December 2025, crypto tax software maker Koinly alerted users that their email addresses and primary profile data may need been leaked in a hack on analytics agency Mixpanel.

@KoinlyOfficial warns a third-party breach might have uncovered person emails however stresses that no pockets, transaction, tax, or portfolio information was shared with Mixpanel.#CryptoSecurity #CryptoTax #Koinlyhttps://t.co/ASDxMchfyg

— Cryptonews.com (@cryptonews) December 23, 2025

Supply chain vulnerabilities are talked about by investigators and regulators as one of many least safe hyperlinks in crypto safety, as attackers concentrate on distributors who’ve entry to person information, not core methods.

The attackers are dynamic and evolving regardless of the reported reduction of phishing-related losses by 83% in 2025.

Security corporations have famous that the variety of losses peaks throughout occasions of high exercise available in the market, and low-activity markets have decrease incidences.

The publish Ledger Hit by Another Data Breach — Customer Names and Contact Details Exposed appeared first on Cryptonews.