Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas has no commercial relationship with any mentioned entity unless otherwise stated.
📬 Get the biggest crypto stories in the Philippines and Southeast Asia every week — subscribe to the BitPinas Newsletter.
Cryptocurrency hardware wallet manufacturer Ledger is facing scrutiny after a security incident involving its third-party payment processor, Global-e, exposed customer contact details.
Following the breach, reports have emerged of targeted phishing campaigns aiming to compromise user funds.
Key Details
- According to an email notification sent to customers, Global-e, which handles payments for Ledger’s e-commerce platform, identified “unusual activity” within its cloud network.
- Forensic investigations determined that an unauthorized party improperly accessed personal data, including names and contact information.
The email stated that Global-e took immediate action to contain the incident. Ledger emphasized that the breach was limited to the third-party processor and that no payment information or cryptocurrency wallet data was compromised.
Phishing Campaign Commences
Following the exposure of contact details, users began receiving fraudulent emails designed to steal credentials.
Crypto media outlet TFTC reported a specific phishing template claiming that Ledger had finalized a “merger agreement” with rival wallet manufacturer Trezor. The fraudulent email instructs users to migrate to a “unified Trezor interface” to maintain access to their assets.
Security experts warn that such links typically direct users to malicious websites that request the user’s “recovery phrase.”
The incident has drawn criticism from the crypto community regarding data privacy practices.
- On-chain analyst ZachXBT issued a community alert regarding the leak, confirming that the breach originated from the payment processor rather than Ledger’s internal systems.
- Meanwhile, community member Roine Virta listed this incident alongside previous security challenges faced by the company, including the prior “Ledger Connect Kit” supply chain attack and previous data leaks.
Safety Reminders
Ledger has not announced any merger with Trezor. Security best practices dictate that users should never enter their 24-word recovery phrase on any website or browser interface, regardless of the email source. (Read More: 6 Essential Security Tips for Protecting Your Crypto Assets)
Also Watch: Crypto Wallets: Your Guide to Secure and Smart Storage
This article is published on BitPinas: Ledger Users Targeted by Phishing Scams Following Global-e Data Breach
What else is happening in Crypto Philippines and beyond?
