Crypto wallet Ledger faced a major customer data breach through its payment processor Global-e.
Ledger, the popular hardware crypto wallet provider, suffered a major security breach on Jan. 5. The incident involved its third-party crypto payment service provider Global-e. This is yet another major security incident in the first five days of 2026, after nearly $107,000 were drained from crypto wallets last week.
Crypto Wallet Ledger’s Customer Data Compromised
Blockchain investigator ZachXBT recently reported that Ledger’s customer personal data has been compromised via Global-e, the company’s third-party payment processor.
According to blockchain investigator ZachXBT, emails sent to impacted users indicate that personal information, including names and contact details, was accessed without authorization.
https://twitter.com/zachxbt/status/2008139053544194545
Ledger reportedly confirmed that it detected unusual activity within a segment of its cloud infrastructure connected to Global-e. The crypto wallet service provider noted that it has taken immediate measures to contain the incident. Besides, the company is also working with forensic experts over this matter.
The incident has intensified broader concerns around crypto security. It happens within days of Trust Wallet users reporting unauthorized fund outflows and only hours after attackers targeted MetaMask users.
Moreover, it is also not the first time that the crypto wallet Ledger is facing such an incident. In 2020, a data breach involving its e-commerce partner Shopify exposed the personal information of around 270,000 customers.
More recently, in 2023, Ledger suffered a separate hack that resulted in losses of nearly $500,000 and impacted multiple decentralized finance applications.
Ledger Responds, Private Keys Are Safe
Ledger said there is no evidence that wallet funds or private keys were compromised in the incident. The company added that customers’ payment information was not affected and confirmed it is working with Global-e to notify impacted users and provide relevant details.
In a statement, Ledger emphasized that the security breach occurred within Global-e’s systems, not Ledger’s core infrastructure.
“This was not a breach of Ledger’s platform, hardware or software systems, which remain secure. For the avoidance of doubt, as the Ledger product is self-custodial, Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” it said.
next