Crypto Wallet Maker Ledger Confirms Data Breach on Global-e Platform – Decrypt

Crypto wallet maker Ledger confirmed that its Global-e e-commerce partner has suffered a data breach, but cautioned users that its own hardware and software wallets remain secure.

Ledger, which is based in Paris, has been making and selling crypto wallets for 12 years. The company has sold more than 7.5 million devices, and estimates that its hardware and software are being used to custody approximately 20% of the world’s crypto assets.

“This incident consisted of unauthorized access to order data in Global-e information systems. Some of the data accessed as part of this incident pertained to customers who made a purchase on Ledger.com using Global-e as a merchant of record,” a Ledger spokesperson told Decrypt in an emailed statement.

Global-e is a global e-commerce and payment platform that helps brands sell their products internationally. It’s headquartered in Israel and trades on the Nasdaq under the GLBE ticker. It’s used by hundreds of other retailers, including Victoria’s Secret, Adidas, Alo Yoga, and Marc Jacobs.

The statement added that because Ledger products are self-custodial, Global-e does not have access to customer information like 24-word security phrases, crypto balances, or any other private info related to digital assets. “Importantly, no payment information was involved,” the company added.

Ledger also said in a statement sent to its users that it has retained “independent forensic experts to conduct an investigation into the incident.”

This is the latest in a string of security-related alerts connected to third-party systems linked to Ledger and its devices, which include the Stax and Nano hardware wallets.

In December 2023, the company reported unauthorized access and malicious code in its Ledger connect Kit. The company warned customers at the time to “stop using dapps,” and explained that the exploit happened because a former employee fell victim to a phishing scam.