Ledger cold wallet scandal! Partner leaks user data, repeating the history of 2020

Ledger cold wallet third-party payment provider Global-e hacked, user data leaked. ZachXBT revealed, Ledger confirmed but emphasized the safety of funds and private keys. In 2020, a leak exposed 270,000 users’ personal information, leading to phishing attacks and lawsuits. Security experts warn to be alert to any suspicious messages requesting seed phrases or authorizations.

Who is Global-e? Why has it become a security breach point

(Source: Global-e)

Blockchain investigator ZachXBT disclosed on January 5th that Ledger’s third-party payment processing partner Global-e experienced a data breach, resulting in unauthorized access to some users’ personal information. Ledger has long been a leader in hardware wallets, allowing users to store cryptocurrency private keys offline, positioning itself as a safer asset custody solution than hot wallets or centralized exchanges. As a result, it has a large retail and institutional user base worldwide, and any security concerns attract significant attention from the crypto community.

In response to public concerns, Ledger officially confirmed to the media that they received notice from their partner Global-e that order data within their system had been accessed illegally. Global-e acts as the Merchant of Record handling cross-border transactions for Ledger’s official website, and its cloud database contains some customer information from Ledger’s online store.

Ledger spokesperson emphasized that this security incident only involved external e-commerce partner systems, and Ledger’s own platform, hardware, or software systems were not compromised, remaining secure. Since Ledger products are self-custodial, Global-e cannot access users’ most critical 24-word seed phrases, blockchain balances, or any confidential digital asset information. The incident also did not involve any credit card data leaks.

While this explanation is technically valid, it overlooks larger risks. The leaked names, emails, and phone numbers, though not directly enabling theft, provide a perfect target list for targeted scams. Scammers knowing these individuals hold Ledger cold wallets implies they possess significant crypto assets, making them high-value attack targets.

Three Major Weaknesses in Supply Chain Security

Third-party payment providers: Partners like Global-e handling cross-border transactions hold order data and become hacking targets

Logistics providers: Leaked delivery addresses could lead to physical robberies; in 2020, a user was threatened due to such leaks

Customer service systems: Poorly managed outsourced customer support can be social engineered to obtain user data

The Painful Lesson of 270,000 Users Leaked in 2020

Ledger’s data leak incident caused by a partner has reignited public scrutiny of Ledger’s past controversies. Looking back at 2020, Ledger experienced a serious data breach when hackers successfully infiltrated marketing and e-commerce databases related to the company, exposing personal information of over 270,000 users on the hacker forum RaidForums.

The leaked data was quite detailed, including user names, email addresses, phone numbers, and even some residential addresses, causing widespread user concern and dissatisfaction. Many victims received大量 phishing emails and harassment. Although Ledger offered a Bitcoin bounty to find the attacker, they still faced class-action lawsuits, with plaintiffs accusing Ledger and their e-commerce partner Shopify of inadequate data protection measures, putting users at risk.

After the 2020 breach, many users received phishing emails impersonating Ledger, claiming they needed to “update firmware” or “verify accounts,” tricking users into revealing their 24-word seed phrases. Some lost tens or hundreds of thousands of dollars worth of crypto assets. In extreme cases, users’ addresses were leaked, leading to physical threats and forced surrender of cold wallets.

While it’s unclear whether this Global-e incident will reach the scale of the 2020 breach, it will undoubtedly renew market scrutiny on how crypto companies and their third-party service providers handle user data. For hardware wallet companies that prioritize security as a core competitive advantage, any data leak can undermine user confidence.

Practical Defense Against Targeted Phishing Scams

Security experts warn that while users’ Ledger wallet funds are safe, leaked names and contact info can be used for targeted social engineering scams. Users should be highly vigilant about any suspicious messages requesting seed phrases or authorizations. Supply chain security remains a concern, and Ledger users should stay alert to phishing attempts.

Targeted phishing is highly personalized. Scammers use your real name, purchase history, and contact details to impersonate Ledger support, claiming your wallet has security issues requiring “urgent action.” This highly customized scam is far more convincing than mass spam emails.

Ledger will never proactively ask users for seed phrases or private keys. Any email, SMS, or call claiming to be from Ledger requesting sensitive info is 100% a scam. The correct approach is to dismiss suspicious messages, log into the official Ledger website for verification, or contact official support channels directly.

For users with confirmed data leaks, it is recommended to immediately change related email passwords, enable two-factor authentication, and remain suspicious of any Ledger-related contact for the coming months. If suspicious messages are received, take screenshots and report to Ledger or ZachXBT.