Hackers hit prominent crypto hardware wallet provider Ledger through a third-party payment processor, Global-e, making off with user information.
Top on-chain security investigator ZachXBT alerted the crypto community to this unnoticed activity in a Monday tweet. He pointed to an email received from Ledger customers earlier today as evidence of a security breach.
Sensitive Information Leaked in New Ledger Attack
The email states that Global-e, a third-party payment processor for Ledger, was the target of the bad actors’ attack. The payment firm disclosed that it had identified unusual activity on a section of its network.
The attack targeted the company’s cloud storage systems, compromising sensitive information, including Ledger customers’ personal details. Global-e noted that it quickly swung into action when it discovered the attack and contained it from further escalation.
While it claimed to have secured its cloud system, it highlighted that it has some spoils from the attack. After engaging external forensic experts to conduct a detailed investigation, they determined that some users’ personal data, including names and contact information, was accessed by these bad actors.
Ledger Social Outlets Remain Mute
Meanwhile, specific details of the hack, such as the number of users affected, remain undisclosed. At the time of writing, Ledger has yet to release a public statement on the attack on any of its social media handles. It also bears emphasizing that Global-e, not Ledger, sent the emails to customers.
However, an email response from Ledger confirmed that the breach happened at Global-e, as it was its data controller. Hence, it was not a breach on Ledger’s platform but on one of its third-party systems.
Furthermore, details revealed in this attack included customer information for those who purchased assets on Ledger’s website via Global-e. Ledger further highlighted that the hackers did not access any client payment details.
Familiar Issue for Ledger
Remarkably, Ledger has faced similar situations in the past, with hackers repeatedly attacking its systems. For context, 270,000 customers were left exposed in a 2020 breach involving Ledger via its e-commerce partner, Shopify.
In 2023, exploiters targeted its platform directly, which affected several connected decentralized finance (DeFi) applications. The hackers gained access through a compromised employee who uploaded a malicious version of the Ledger Connect Kit, resulting in roughly $484,000 in losses.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
TRON 
Lido Staked Ether 
Dogecoin 