Ledger customers alerted to data leak at third-party e-commerce partner Global-e
Ledger customers have been alerted to a new data exposure involving personal information after a third-party e-commerce platform used by the company experienced a security incident, according to emails seen by The Block on Monday.The alert, which circulated widely on social media after being posted by blockchain investigator ZackXBT, said that Global-e — a retail online commerce and logistics provider used by Ledger for international transactions — had suffered a data exposure affecting customer information. The email said the compromised data included customer names and other contact details, though it did not specify the total number of affected users.Ledger is best known as a maker of hardware wallets, which are physical devices designed to store users’ cryptocurrency private keys offline. The company has positioned its products as a security-focused alternative to software wallets and centralized exchanges, serving both retail and institutional crypto users globally.Ledger confirmed it was notified of an incident at Global-e involving unauthorized access to order data in the e-commerce company's systems, which included some customer data related to purchases on Ledger.com, where Global-e served as the Merchant of Record.Notably, the wallet maker emphasized that there was no breach of its own platform, hardware, or software systems, which remain secure. “For the avoidance of doubt, as the Ledger product is self-custodial, Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” a spokesperson said. The company also clarified that no payment information was compromised.The incident has surfaced against the backdrop of Ledger’s long and contentious history with customer data leaks.In 2020, a database containing the personal information of more than 270,000 Ledger customers was published on hacking forum RaidForums after attackers accessed marketing and e-commerce data tied to the company. The leak exposed names, email addresses, phone numbers, and, in some cases, home addresses, triggering widespread concern and reports of phishing attempts and harassment.Ledger later offered a bitcoin bounty for information related to data attacks, but the fallout continued. A class-action lawsuit was subsequently filed against Ledger and e-commerce partner Shopify over the 2020 breach, arguing that inadequate data protections had put customers at risk.While it remains unclear whether the latest incident is comparable in scale to the 2020 breach, the episode is likely to renew scrutiny of how crypto firms and their third-party service providers handle customer data, particularly as hardware wallet companies market security as a core differentiator. Updated to include Ledger statement.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.