A new data breach is affecting Ledger users through its service provider, Global-e. Sensitive personal information has been compromised, exposing some customers to increased risks. Against the backdrop of violence targeting cryptocurrency holders, here are the steps you should take to protect yourself.
Ledger users affected by a data breach
Ledger, the well-known French manufacturer of hardware cryptocurrency wallets, has once again been the victim of a data breach that poses risks to its customers.
The breach did not originate directly from Ledger, but from one of its service providers, Global-e, which handles payments and international logistics.
Confirmed by on-chain investigator ZachXBT and via emails sent by Global-e, the compromise of the service provider’s systems appears to have exposed the personal data of many customers, though the exact number of people affected is not yet known.
The compromised information includes names, email addresses, phone numbers, and physical shipping addresses.
Community alert: Ledger experienced another data breach via payment processor Global-e, resulting in the leak of customers’ personal data (name and other contact information).
Earlier today, customers received the email below. pic.twitter.com/RKVbv6BTGO
— ZachXBT (@zachxbt) January 5, 2026
This data is particularly sensitive in the current context, marked in France by a surge in kidnappings and ransom demands involving cryptocurrencies. In recent years, several cases of physical violence targeting crypto holders—including home jackings—have been reported, with about twenty such incidents in 2025 alone.
This type of data breach therefore exposes users to risks far more serious than simple phishing or online scams, potentially making them vulnerable to targeted physical attacks.
This incident serves as yet another reminder of the crucial importance of privacy, at a time when authorities and regulators are imposing increasing data collection obligations on companies in the sector through KYC (Know Your Customer) procedures, particularly since the DAC8 directive came into effect earlier this year.
These measures, intended to combat money laundering and terrorist financing, have struggled to prove their effectiveness: it is estimated that financial institutions spend an average of 200 euros for every euro seized. Meanwhile, these requirements increase users’ vulnerability by exposing their personal data online.
Here’s what to do if you’re a Ledger customer
Ledger owners should exercise extreme caution; in the coming weeks and months, it is imperative to be very careful.
Here are the best practices to follow:
- Do not respond to any suspicious messages, calls, or emails regarding your cryptocurrencies;
- Never share sensitive information, especially your private keys or recovery phrase (seed);
- Once your wallet is created, your recovery phrase must never be disclosed—under any circumstances;
- Immediately report any attempted identity theft or unusual contact to the appropriate authorities.
It is essential to understand that no one needs access to your cryptocurrencies to “help” you. Only you should have access to your funds.
One of the basic precautions is to avoid discussing your cryptocurrency holdings, even with those closest to you. Not because you distrust them, but because information shared innocently can easily spread and fall into the wrong hands.
If someone contacts you claiming to work for Ledger or any other entity related to your wallets, do not respond. This is most likely a scam. In this case, cut off contact immediately, do not provide any information, and notify law enforcement if necessary.
