The Vendor Vector
Hardware wallet manufacturer Ledger confirmed a data breach Monday originating from its third-party merchant of record, Global-e. The incident exposed personal details of customers who purchased devices directly through Ledger’s site, including names, emails, phone numbers, and physical addresses.
The Receipt: According to the official disclosure, Global-e detected unauthorized access to its cloud environment earlier this week. While Ledger’s hardware and the Ledger Live app remain uncompromised, the leak creates an immediate attack vector for social engineering.
Market reaction for Global-e (NASDAQ: GLBE) was muted, with the stock trading flat at $38.07, suggesting Wall Street views this as a contained operational hiccup rather than a systemic failure. For crypto natives, however, the threat is personal.
Phishing Campaigns Active
The data is already being weaponized. On-chain investigator ZachXBT noted that affected users began receiving phishing emails almost immediately. The most prominent campaign falsely claims a merger between Ledger and competitor Trezor to lure victims into entering their 24-word recovery phrases on clone sites.
“Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets.”, Ledger Support
Supply Chain Fatigue
This incident mirrors the 2020 Ledger e-commerce breach, where a marketing database leak led to months of SIM-swapping and physical threats against customers. While Ledger’s device security architecture (the Secure Element) holds firm, the recurring exposure of customer identity data through third-party vendors (Shopify in 2020, Global-e in 2026) highlights a persistent vulnerability in the hardware wallet supply chain.
Global-e has begun notifying affected users via [email protected]. Security researchers advise users to treat any communication asking for a seed phrase as hostile.
