A hacker has allegedly compromised the databases of Ledger, Trezor, Keepkey and Shapeshift hard wallets in a Shopify exploit. These storages are considered to be among the safest within the crypto space hence raising an alarm for stakeholders. However, Trezor and Ledger have since confirmed that no such data breach occurred in their ecosystems.
First reported by Cybersec firm, Under The Breach, the hacker has been linked to breaching the Ethereum.org forum back in 2016. According to information gathered, this hacker is now out to sell the personal data that was compromised and has invited bids noting that only big money will be accepted.
The ‘Rumored' Hack
This hacker claims to have acquired sensitive data of over 27,100 Trezor users, 415,000 Ledger users and 14,000 Keepkey clients. Based on the tweet alert by Under The Breach, information posted for sale includes emails, phone numbers, addresses and names. Notably, passwords were not mentioned within the compromised data sets.
“The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger. Both of which obtained from a @Shopify exploit. (suggesting there are many more underground leaks). The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture.”
Under The Breach goes on to highlight that the compromised information was obtained from 18 crypto exchanges and forums as well as two crypto tax platforms. Some of the exchanges that appeared in the list are Mexico's ‘Bitso' and Korea's ‘Korbit'.
Trezor and Ledger Dismiss the ‘Hack'
Following the alarm, the mentioned firms have responded to the hacker's allegations. Interestingly, there seems to be a consensus that none of the platforms has indeed been compromised. Trezor which took to twitter has said that it does use Shopify which makes the claims absurd. They, however, added that the situation is being reviewed nonetheless,
“There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation.”
Ledger on the other hand says that the ‘hacked' database does not match its real platform. It also said that they are also looking into the matter regardless,
“Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.”