Ledger Customers Targeted by Phishing Campaign Following Global-e Data Breach

Cybercriminals are reportedly executing a targeted phishing scheme, leveraging a fabricated merger between cryptocurrency hardware wallet producers Ledger and Trezor. This comes on the heels of a recent data breach involving Ledger's third-party e-commerce partner, Global-e. On January 5, Ledger informed its customers via email about the data breach at Global-e, which exposed sensitive customer data, including names, email addresses, phone numbers, and order specifics. Shortly after this revelation, affected individuals began to receive phishing emails inaccurately announcing the merger of the two companies. These fraudulent communications, shared on X, claimed, "We are excited to announce that after extensive strategic discussions, Ledger and Trezor have successfully completed a merger agreement. This significant partnership combines two leaders in the industry with a unified goal of ensuring the highest level of security for the management of digital assets." The emails also encouraged recipients to "migrate" their wallets by entering their 24-word recovery phrases on a counterfeit website designed to look official. In response to the incident, Global-e has initiated an internal probe into the breach and is collaborating with cybersecurity specialists to evaluate its extent. While the specific number of affected users remains undisclosed, the company has stated that the breach was confined to contact and order information. Ledger has also informed the appropriate data protection agencies and is cooperating with law enforcement. This is not Ledger's first experience with data breaches; in 2020, the company faced scrutiny when hackers accessed its e-commerce and marketing databases, exposing personal data of hundreds of thousands of users. During that incident, customers reported phishing attempts and threats after their information was compromised, leading to public criticism for Ledger's slow response and inadequate security measures, resulting in a lawsuit against the company and Shopify. It was later revealed that a rogue Shopify employee leaked details of around 20,000 customers, followed by another attack that compromised data from approximately 292,000 customers. More recently, the firm experienced a security breach that led to the theft of around $600,000 in cryptocurrency due to a wallet drainer being introduced to a library used by various decentralized applications.