Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed Monday that a trove of customer data was exposed in a breach linked to its third-party e-commerce partner, Global-e, sending fresh waves of concern through the crypto community.

While Ledger says private keys, wallet funds and payment information were not accessed, the incident exposed the names and contact details of users who purchased devices through its online store, reigniting long-standing fears about recurring data leaks and the real-world risks they can create.

Within hours of the disclosure, users began reporting a surge in phishing emails and scam attempts. Fraudsters posing as Ledger or Global-e support appeared to be exploiting the leaked data to pressure recipients into handing over sensitive information.

This isn’t the first data breach that Ledger has experienced. In 2020, the platform was victim to another large-scale breach affecting nearly 300,000 users. In 2021, scammers sent fake Ledger hardware wallets to users following those phishing attempts.

Security researchers warn that similar campaigns following past Ledger leaks have led to wallet takeovers, financial losses and, in some cases, concerns about physical targeting in so-called “wrench attacks.”

Ledger’s latest data leak raises urgent questions about who is most at risk, and what users can realistically do to protect themselves.

Who is at risk?

Security experts say risk extends beyond just those whose data was exposed. Anyone known to own a hardware wallet can become a target for phishing or social engineering, regardless of whether their information appears in a leaked database.

“If you are part of the leak the risk is even higher because it makes you an official dated target,” said Ouriel Ohayon, CEO of Zengo Wallet and an expert in wallet security, to CoinDesk.

Certain types of leaked data significantly increase a person’s threat risk Alexander Urbelis, the Chief Information Security Officer of ENS$10.85, and a cybersecurity expert said physical address information is particularly sensitive. A “home address in a breached data set that could be tied to a hardware wallet,” he said, “heightens the risk profile for those persons.”

What does the Ledger-targeted phishing attack look like right now?

Users have reported receiving unsolicited emails claiming to be from Ledger support, even when they do not own a Ledger wallet. Experts say attackers often rely less on technical exploits and more on psychological pressure.

“The best phishing scams are confidence plays: they weaponize trust and time pressure, not necessarily code,” Urbelis said. “They start by flattering your trust by using your real name and real order details and then pivot to fear and urgency with a ‘security alert’ or ‘replacement device’ that demands you act right now.”

These messages, he added, increasingly arrive “by SMS or as convincing unsolicited ‘support’ calls,” not just email.

What can be done to protect yourself?

Experts emphasize that no legitimate company will ever ask for a recovery phrase — and that unsolicited contact is itself a warning sign.

“Obviously, never share your seed phrase with anyone. Ever,” said Ohayon of Zengo. He added that users should always verify the actual sender of an email and avoid responding to "unsolicited DMs, or customer support messaging arriving ‘off channels’ (emails, messaging apps or even paper letters).”

Do you have to move funds or change wallets?

Both experts cautioned against panic-driven onchain activity. Moving funds does not necessarily reduce risk and may introduce new dangers if users act hastily.

“Once you are identified as a wallet owner, it does not matter where the crypto is stored. You, and not the wallet itself, are targeted,” Ohayon said. He added that moving funds can be counterproductive because “moving funds would be public and the hackers would also follow the trail.”

Urbelis echoed that advice, warning that rushing to move assets can expose users to well-timed phishing attempts.

“I wouldn't advise rushing to move funds because that is how one could fall victim to a well-timed phishing attack,” he said. “Offchain leaks like this present phishing risks, so users should act with enhanced caution when handling emails, SMS messages, responding to voicemails, calls, etc., for the foreseeable future.”

He added that onchain action should be reserved for clear signs of compromise: “If a user audits an account and sees unusual activity, it's time to act onchain.”

Protecting your privacy is key

Experts say privacy remains the strongest long-term defense. Ohayon urged users to limit how much they reveal about themselves, both online and offline.

“Protect their privacy at all costs. Don’t be public about what you own or do,” he said. “Hackers look for public signals about your potential wealth or crypto wealth.”

Urbelis framed the threat as one that ultimately relies on human error.

“Our brains are our best bulwark against fraud: slow down, question the story, and confirm the source before clicking or connecting,” he said. “Only after that comes the cardinal rule of crypto safety: never, under any circumstances, share your recovery phrase.”

Read more: Crypto wallet firm Ledger faces customer data breach through payment processor Global-e