Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed on Monday that a large amount of customer data was exposed in a breach linked to its third-party payment processor, Global-e, sparking new waves of concern in the crypto community.
While Ledger says no private keys, wallet funds and payment information were accessed, the incident exposed the names and contact details of users who purchased devices through its online store, reigniting long-standing fears about recurring data leaks and the real-world risks they can create.
Within hours of the disclosure, users began reporting an increase in phishing emails and scam attempts. Scammers posing as Ledger or Global-e appeared to be exploiting leaked data to pressure recipients into handing over sensitive information.
This is not the first data breach that Ledger has suffered. In 2020, the platform was the victim of another large-scale breach that affected almost 300,000 users. In 2021, scammers sent fake Ledger hardware wallets to users following those phishing attempts.
Security researchers warn that similar campaigns following previous Ledger breaches have led to wallet takeovers, financial losses and, in some cases, concerns about physical targets in so-called “spanner attacks.”
The latest Ledger data breach raises urgent questions about who is most at risk and what users can realistically do to protect themselves.
Who is at risk?
Security experts say the risk extends beyond those whose data was exposed. Anyone who owns a hardware wallet can become a target for phishing or social engineering, regardless of whether their information appears in a leaked database.
“If you are part of the breach, the risk is even greater because it makes you an official dated target,” Ouriel Ohayon, CEO of Zengo Wallet and wallet security expert, told CoinDesk.
Certain types of leaked data significantly increase a person’s threat risk Alexander Urbelis, chief information security officer at and one cybersecurity expert said physical address information is particularly sensitive. A “particular address in a breached data set that could be linked to a hardware wallet,” he said, “increases the risk profile for those individuals.”
What is the phishing attack targeting Ledger like right now?
Users have reported receiving unsolicited emails claiming to be from Ledger support, even when they do not own a Ledger wallet. Experts say attackers often rely less on technical feats and more on psychological pressure.
“The best phishing scams are trust games: they use trust and time pressure as weapons, not necessarily code,” Urbelis said. “They start by flattering your trust using your real name and real order details and then move on to fear and urgency with a ‘security alert’ or ‘replacement device’ demanding that you act now.”
These messages, he added, increasingly arrive “by SMS or as convincing unsolicited ‘support’ calls,” not just by email.
What can you do to protect yourself?
Experts emphasize that no legitimate company will ever ask for a recovery phrase, and that unsolicited contact is itself a warning sign.
“Obviously, never share your opening line with anyone. Ever,” said Zengo’s Ohayon. It added that users should always verify the actual sender of an email and avoid responding to “unsolicited DMs or customer service messages that arrive ‘out of channels’ (emails, messaging apps, or even paper letters).”
Do you have to move funds or change wallets?
Both experts warned against panic-driven chain activity. Moving funds does not necessarily reduce risk and can introduce new dangers if users act hastily.
“Once identified as the owner of a wallet, it doesn’t matter where the crypto is stored. The target is you, and not the wallet itself,” Ohayon said. He added that moving funds can be counterproductive because “the movement of funds would be public and hackers would also follow the trail.”
Urbelis echoed that advice, warning that rushing to move assets can expose users to well-timed phishing attempts.
“I wouldn’t recommend rushing to move funds because that’s how you could fall victim to a phishing attack at the right time,” he said. “Off-chain breaches like this present phishing risks, so users should exercise greater caution when handling emails, SMS messages, responding to voice messages, calls, etc., for the foreseeable future.”
He added that chain action should be reserved for clear signs of compromise: “If a user audits an account and sees unusual activity, it’s time to take chain action.”
Protecting your privacy is key
Experts say privacy remains the strongest long-term defense. Ohayon urged users to limit what they reveal about themselves, both online and offline.
“Protect your privacy at all costs. Do not make public what you own or do,” he said. “Hackers look for public signs about your potential wealth or your crypto wealth.”
Urbelis framed the threat as one that is ultimately based on human error.
“Our brains are our best bulwark against fraud: slow down, question the story and confirm the source before clicking or connecting,” he said. “Only after that comes the fundamental rule of crypto security: never, under any circumstances, share your recovery phrase.”
Read more: Crypto wallet company Ledger faces customer data breach via payment processor Global-e
