Ledger Users Hit by Phishing Scam After Global-e Data Breach Exposes Order Information

Ledger users are being targeted by a new phishing campaign following a data breach at Global-e, a third-party e-commerce provider used by the hardware wallet company. Attackers are using stolen order information to send personalized scam emails that impersonate Ledger and promote false claims of a merger with rival wallet maker Trezor.

Attackers Exploit Global-e Breach to Target Ledger Wallet Users

Ledger confirmed earlier this week that Global-e experienced a security incident affecting customer data. The exposed information reportedly included names, email addresses, phone numbers, and order details. Shortly after the disclosure, users began reporting phishing emails designed to appear legitimate. Screenshots of the messages have since circulated on X.

The scam emails instruct recipients to secure their assets in response to the alleged merger. Links in the messages lead to fake websites that closely resemble official Ledger pages and prompt users to enter their 24-word recovery phrase. Submitting this information gives attackers full control over the affected wallets.

The phishing emails appear to rely on leaked order data, making them more difficult to identify. References to specific products or purchase dates increase the credibility of the messages.

The phishing campaign shows several consistent patterns:

• False claims of a Ledger–Trezor merger.
• Use of real customer contact details.
• Requests to migrate wallets through external links.
• Fake websites mimicking official branding.
• Demands for 24-word recovery phrases.

Global-e said it has launched an internal investigation and is working with cybersecurity firms to assess the breach. The company stated that no financial data was exposed and that the incident was limited to customer contact and order information. The number of affected users has not been disclosed.

Ledger has reported the incident to data protection authorities and is cooperating with law enforcement. The company also reminded users that it never asks for recovery phrases or private keys.

Crypto Phishing Losses Fall Despite High-Profile Security Incidents

The incident follows several past security issues involving Ledger. In 2020, a major data breach exposed personal information belonging to hundreds of thousands of users, including email addresses, phone numbers, and home addresses. Many affected customers later reported phishing attempts and threats.

That same year, investigations revealed that a former Shopify employee had leaked data linked to about 20,000 Ledger customers. Another breach later led to the publication of information from nearly 292,000 users online.

More recently, Ledger users were impacted by a wallet-draining attack after malicious code was added to a shared connection library used by multiple decentralized applications. The incident led to the theft of roughly $600,000 in cryptocurrency.

Despite these events, industry data shows a decline in crypto-related phishing losses. Scams resulted in $83.85 million in losses in 2025, down 83% from the previous year. Losses tended to increase during periods of strong market activity, with the largest single attack reaching $6.5 million in September, driven by permit signature abuse.