Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts
A recent breach involving Ledger’s e-commerce partner Global-e has led to customer data being accessed and misused in phishing campaigns, the company confirmed. While no passwords, payment details, or crypto recovery phrases were leaked, exposed records included names, contact information, and order histories, including product and pricing details.
Ledger disclosed the breach shortly after Global-e began notifying affected users on January 5. However, cybercriminals wasted no time, launching phishing attacks that impersonate both companies. Some of these messages are designed to trick recipients into handing over sensitive wallet information, often using fake security alerts, malicious QR codes, or offers of replacement devices as bait.
According to Ledger’s security advisory, if you’ve been impacted, you’ll receive an email alert from no-reply@global-e.com, not from any other address.
Will Baxter, Field CISO at Team Cymru, emphasized the speed of the attacks. “It didn’t take long for threat actors to move from data theft to phishing. That kind of speed shows why it’s not enough to wait for user reports. Security teams need to watch for fake domains, spoofed brands, and new infrastructure built to trick users and do it the moment a breach happens.”