A Round Up of Security Incidents Surrounding Ledger Hardware Wallets

Key Insights:

• Last year, security in the crypto space moved from attackers trying to crack hardware to exploiting third-party payment processors.
• A major data leak at Global-e exposed names and addresses of Ledger customers and likely increased the risk of targeted physical attacks.
• Malicious actors mostly used “wrench attacks” and scam emails to trick users into revealing their 24-word recovery phrases.

The cryptocurrency world faced a tough reality check as last year came to a close.

While hardware wallets are the gold standard for asset protection, the ecosystem around them is under fire at all times. 

Throughout the last year, a series of security incidents involving Ledger wallets proved that digital coins are only as safe as the data their owners leave behind. 

Malicious actors moved away from trying to “hack” the devices themselves and instead targeted the companies that process orders or emails users use for support. 

The Global-e Data Breach

The biggest hit to user privacy with Ledger wallets arrived this year through a vendor called Global-e. 

This company acts as the “Merchant of Record” for international sales on the official Ledger store. On January 5, news broke that Global-e’s cloud systems had been compromised. 

This hack exposed the names, postal addresses and phone numbers of thousands of customers. Fortunately, no private keys or recovery phrases were touched. 

The hardware itself continues to be technically secure, but the “doxxing” of users has created a new wave of fear.

Security researchers like ZachXBT have warned that leaking physical addresses is a nightmare for high-value holders. When a criminal knows exactly where a wealthy investor lives, the threat moves from the digital world to the physical one, and this is often known as a “wrench attack.” 

Early last year, Ledger co-founder David Balland himself was targeted in a violent kidnapping and extortion attempt in France.

The Rise Of Phishing Scams

Attackers became more creative with their social engineering tactics, especially in 2025. 

Since they could not break the “Secure Element” chip inside the wallet, they focused on tricking the human using it. One common method involved the Ledger Recover service. 

This is an optional tool meant to help people recover lost seed phrases. However, scammers used this as a hook. They sent fake emails claiming there was a problem with the user’s “identity verification.” 

These emails look official and urge users to enter their 24-word mnemonic recovery phrases into a fake portal.

Supply Chain Vulnerabilities

The “Connect Kit” exploit from 2023 continues to haunt users. Attackers have increasingly been using the data from that initial breach to launch more phishing waves. 

So far, they have targeted people who had previously used dApps like SushiSwap or Revoke.cash. Instead of simple draining scripts, they have now moved to “approval-based” attacks. 

These scams trick users into signing a transaction that gives a scam contract unlimited access to a specific token.

Because these attacks look like normal interactions with a DeFi protocol, many users fall for them. 

In fact, last year’s Ledger security report shows that over $84 million was lost around the world, to crypto phishing.

A huge portion of these victims were reportedly even targeted because their contact info had been leaked over the last few years. 

Once a user’s email ends up on a “sucker list,” they end up being targeted by scammers for years to come.

The post A Round Up of Security Incidents Surrounding Ledger Hardware Wallets appeared first on Live Bitcoin News.