365Crypto
Ledger wallets stayed secure, but trouble still found a way in.
A breach at a third-party checkout provider exposed order data tied to Ledger purchases.
That leak gave scammers enough detail to launch convincing phishing attacks.
What Actually Happened
In January 2026, Ledger warned users about an incident involving Global-e.
Global-e handles checkout and shipping for some Ledger orders.
Attackers accessed customer order data stored in Global-e systems.
What Was Exposed and What Was Not
The leaked data included names, contact details, and order information.
That means product type, pricing, and shipping context were visible.
Ledger confirmed private keys, recovery phrases, and balances stayed safe¹.
Why This Made Phishing Stronger
Scammers did not need wallet access to cause harm.
Real order details made fake messages feel personal and urgent.
Messages often claimed delivery issues or security checks to trigger panic.
How Ledger-Style Scams Usually Work
Phishing messages push users toward fast action.
They ask for a 24-word recovery phrase or link to fake support pages.
Ledger never asks for recovery phrases, ever².
The safest move is simple.
Treat all inbound support messages as untrusted until verified through official channels.
¹Private keys: secret codes that control access to crypto funds.
²Recovery phrase: a 24-word backup that restores a wallet if the device is lost.
