A new data leak has affected Ledger users via its service provider Global-e. Sensitive personal information has been compromised, exposing some customers to increased risks. In a context of violence targeting cryptocurrency holders, here are the steps you can take to protect yourself.
Ledger users victims of a data leak
Ledger, the well-known French manufacturer of physical cryptocurrency wallets, has once again fallen victim to a data leak that poses risks to its customers.
The breach did not originate directly from Ledger, but from one of its service providers, Global-e, which is responsible for payments and international logistics.
Confirmed by on-chain investigator ZachXBT and by emails sent by Global-e, the compromise of the service provider’s systems is believed to have exposed the personal data of many customers, although the exact number of people affected is not yet known.
The compromised information includes names, email addresses, phone numbers, and physical delivery addresses.
Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).
Earlier today customers received the email below. pic.twitter.com/RKVbv6BTGO
— ZachXBT (@zachxbt) January 5, 2026
This data is particularly sensitive in the current context, marked in France by an increase in kidnappings and ransom demands in cryptocurrencies. In recent years, several cases of physical violence targeting cryptocurrency holders, including home invasions, have been reported, with around 20 cases in 2025 alone. This type of leak therefore exposes users to risks far more serious than simple phishing or online scams, making them potentially vulnerable to targeted physical attacks.
This incident serves as yet another reminder of the crucial importance of confidentiality, at a time when authorities and regulators are imposing increasing data collection obligations on companies in the sector through KYC (Know Your Customer) procedures, particularly since the DAC8 directive came into force at the beginning of this year.
However, these measures, which are supposed to combat money laundering and terrorist financing, are struggling to prove their effectiveness: it is estimated that financial institutions spend an average of $200 for every dollar seized. Meanwhile, these obligations increase the vulnerability of users by exposing their personal data on the internet.
Here’s how to respond if you are a Ledger customer
Ledger holders should exercise maximum vigilance in the coming weeks and months; it is imperative to be extremely cautious.
Here are some best practices to adopt:
- Do not respond to any suspicious messages, calls, or emails referring to your cryptocurrencies.
- Never share sensitive information, especially your private keys or recovery phrase (seed).
- Once your wallet has been created, your recovery phrase must not be disclosed anywhere.
- Immediately report any attempts at identity theft or unusual contact to the relevant authorities.
It is essential to understand that no one needs access to your cryptocurrencies to “help” you. Only you should have access to your funds.
One of the basic reflexes is to avoid mentioning your cryptocurrency holdings, even to those close to you. Not because you don’t trust them, but because information shared innocently can easily circulate and fall into the wrong hands.
If someone contacts you claiming to work for Ledger or any other entity related to your wallets, do not respond. This is most likely an attempt at fraud. In this case, immediately cut off contact, do not provide any information, and notify law enforcement if necessary.
