How to stay safe after the Ledger leak: experts urge privacy first

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email How to stay safe after the Ledger leak: experts urge privacy first Security researchers spoke to CoinDesk about how users can protect themselves after Monday’s breach. By Margaux Nijkerk | Edited by Cheyenne Ligon Jan 6, 2026, 7:41 p.m. Make us preferred on Google What to know : Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed Monday that a trove of customer data was exposed in a breach linked to its third-party payment processor, Global-e, sending fresh waves of concern through the crypto community. While Ledger says private keys, wallet funds and payment information were not accessed, the incident exposed the names and contact details of users who purchased devices through its online store, reigniting long-standing fears about recurring data leaks and the real-world risks they can create. Security researchers warn that similar campaigns following past Ledger leaks have led to wallet takeovers, financial losses and, in some cases, concerns about physical targeting in so-called “wrench attacks.” Ledger, the maker of one of the most popular hardware wallets in crypto, confirmed Monday that a trove of customer data was exposed in a breach linked to its third-party payment processor, Global-e, sending fresh waves of concern through the crypto community. While Ledger says private keys, wallet funds and payment information were not accessed, the incident exposed the names and contact details of users who purchased devices through its online store, reigniting long-standing fears about recurring data leaks and the real-world risks they can create. STORY CONTINUES BELOW Don't miss another story. Subscribe to the The Protocol Newsletter today . See all newsletters Sign me up By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy . Within hours of the disclosure, users began reporting a surge in phishing emails and scam attempts. Fraudsters posing as Ledger or Global-e support appeared to be exploiting the leaked data to pressure recipients into handing over sensitive information. This isn’t the first data breach that Ledger has experienced. In 2020, the platform was victim to another large-scale breach affecting nearly 300,000 users. In 2021, scammers sent fake Ledger hardware wallets to users following those phishing attempts. Security researchers warn that similar campaigns following past Ledger leaks have led to wallet takeovers, financial losses and, in some cases, concerns about physical targeting in so-called “wrench attacks.” Ledger’s latest data leak raises urgent questions about who is most at risk, and what users can realistically do to protect themselves. Who is at risk? Security experts say risk extends beyond just those whose data was exposed. Anyone known to own a hardware wallet can become a target for phishing or social engineering, regardless of whether their information appears in a leaked database. “If you are part of the leak the risk is even higher because it makes you an official dated target,” said Ouriel Ohayon, CEO of Zengo Wallet and an expert in wallet security, to CoinDesk. Certain types of leaked data significantly increase a person’s threat risk Alexander Urbelis, the Chief Information Security Officer of ENS $ 10.85 , and a cybersecurity expert said physical address information is particularly sensitive. A “home address in a breached data set that could be tied to a hardware wallet,” he said, “heightens the risk profile for those persons.” What does the Ledger-targeted phishing attack look like right now? Users have reported receiving unsolicited emails claiming to be from Ledger support, even when they do not own a Ledger wallet. Experts say attackers often rely less on technical exploits and more on psychological pressure. “The best phishing scams are confidence plays: they weaponize trust and time pressure, not necessarily code,” Urbelis said. “They start by flattering your trust by using your real name and real order details and then pivot to fear and urgency with a ‘security alert’ or ‘replacement device’ that demands you act right now.” These messages, he added, increasingly arrive “by SMS or as convincing unsolicited ‘support’ calls,” not just email. What can be done to protect yourself? Experts emphasize that no legitimate company will ever ask for a recovery phrase — and that unsolicited contact is itself a warning sign. “Obviously, never share your seed phrase with anyone. Ever,” said Ohayon of Zengo. He added that users should always verify the actual sender of an email and avoid responding to "unsolicited DMs, or customer support messaging arriving ‘off channels’ (emails, messaging apps or even paper letters).” Do you have to move funds or change wallets? Both experts cautioned against panic-driven onchain activity. Moving funds does not necessarily reduce risk and may introduce new dangers if users act hastily. “Once you are identified as a wallet owner, it does not matter where the crypto is stored. You, and not the wallet itself, are targeted,” Ohayon said. He added that moving funds can be counterproductive because “moving funds would be public and the hackers would also follow the trail.” Urbelis echoed that advice, warning that rushing to move assets can expose users to well-timed phishing attempts. “I wouldn't advise rushing to move funds because that is how one could fall victim to a well-timed phishing attack,” he said. “Offchain leaks like this present phishing risks, so users should act with enhanced caution when handling emails, SMS messages, responding to voicemails, calls, etc., for the foreseeable future.” He added that onchain action should be reserved for clear signs of compromise: “If a user audits an account and sees unusual activity, it's time to act onchain.” Protecting your privacy is key Experts say privacy remains the strongest long-term defense. Ohayon urged users to limit how much they reveal about themselves, both online and offline. “Protect their privacy at all costs. Don’t be public about what you own or do,” he said. “Hackers look for public signals about your potential wealth or crypto wealth.” Urbelis framed the threat as one that ultimately relies on human error. “Our brains are our best bulwark against fraud: slow down, question the story, and confirm the source before clicking or connecting,” he said. “Only after that comes the cardinal rule of crypto safety: never, under any circumstances, share your recovery phrase.” Read more: Crypto wallet firm Ledger faces customer data breach through payment processor Global-e Ledger Privacy Data More For You KuCoin Hits Record Market Share as 2025 Volumes Outpace Crypto Market By CoinDesk Research Dec 22, 2025 Commissioned by KuCoin KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market. What to know : KuCoin recorded over $1.25 trillion in total trading volume in 2025 , equivalent to an average of roughly $114 billion per month , marking its strongest year on record. This performance translated into an all-time high share of centralised exchange volume , as KuCoin’s activity expanded faster than aggregate CEX volumes , which slowed during periods of lower market volatility. Spot and derivatives volumes were evenly split , each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line. Altcoins accounted for the majority of trading activity , reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover. Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity , indicating structurally higher user engagement rather than short-lived volume spikes. View Full Report More For You Starknet back online after four-hour outage, warns some transactions may be affected By Margaux Nijkerk , AI Boost | Edited by Cheyenne Ligon Jan 5, 2026 Downtime can have knock-on effects across decentralized finance and other onchain applications. What to know : Starknet has been fully restored following a four hour outage earlier on Monday, adding that some transactions submitted during a narrow window may not have been processed correctly. Downtime can have knock-on effects across decentralized finance and other onchain applications, including stalled swaps, delayed withdrawals and difficulty updating positions. Read full story Latest Crypto News U.S. Senate back to crypto talks as industry's make-or-break bill faces time crunch 36 minutes ago Polkadot's DOT declines in U.S. afternoon selloff 1 hour ago Why crypto’s new token issuances are falling flat and what comes next 1 hour ago Riot Platforms sold $200 million of bitcoin in 2025's last two months 2 hours ago Crypto prices retreat in return to downward U.S. trading day action 2 hours ago Don’t hold your breath for Venezuela’s bitcoin 2 hours ago Top Stories Crypto prices retreat in return to downward U.S. trading day action 2 hours ago U.S. Senate back to crypto talks as industry's make-or-break bill faces time crunch 36 minutes ago This metric suggests bitcoin's late November plunge was the bottom and major upside lies ahead 4 hours ago Morgan Stanley files for bitcoin and solana ETFs, deepening crypto push 8 hours ago Ethereum’s staking queues have cleared and that changes the ETH trade 4 hours ago Buck launches bitcoin-linked ‘savings coin’ tied to Michael Saylor’s Strategy 4 hours ago In this article ENS ENS $ 10.85 ◢ 0.41 %