Hackers access private data of wallet customers on database
/ of 30 sources
Hardware wallet providers — Trezor and Ledger — have said their security teams are investigating claims that a hacker has stolen information from their databases, and is now selling customer data online.
The breach also affects users of KeepKey, another popular crypto hardware wallet by cryptocurrency platform, Shapeshift.
According to Under The Breach the hacker had also breached the “full SQL database of famous investing site BankToTheFuture.”
The cybersecurity firm posted screenshots that purportedly show adverts the hacker had published for sale of the data. The data includes users’ email addresses, names, phone numbers and addresses. The advertisements do not include users’ passwords.
Under The Breach claims that the hacker “obtained” the personal details via an exploit at e-commerce platform Shopify.
According to Under The Breach, BankToTheFuture did not take the claims seriously. By the time of going to press, ShapeShift had also not released any statement about the alleged hack and subsequent sale of its users’ data.
Trezor and Ledger nonetheless did take the allegation seriously and posted responses on Twitter.
Trezor noted that it had taken the “rumors” seriously although it maintains the platform “does not use Shopify.” In this case its view is that accessing Trezor users’ data via an exploit of its Shopify e-shop was highly impossible.
The company however revealed it was investigating the matter.
“We’ve been also routinely purging old customer records from the database to minimize the possible impact,” Ledger added in the tweet.
Ledger posted that it had taken the matter seriously and continues to investigate. However, the company had compared “screenshots shared on social media” with its database, and “it doesn’t match.”
The alleged compromise on Ledger and Trezor is by the same hacker who breached the Ethereum forum in 2016. Screenshots from Under The Breach shared on Twitter have the hacker claiming the authenticity of the data. They will also only accept “big money” in exchange for the data.
Shopify has reportedly said no such compromise occurred. According to Candice So, a communications manager at the e-commerce giant, there has been no evidence to suggest a breach took place.
“We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s systems,” So told crypto publication Decrypt.
Neither Ledger or Trezor have released statements regarding their respective investigations.
Chainalysis expands Series B round, raising US$13M
Chainalysis was founded in New York in 2014 by Michael Gronager and Jonathan Levin. Gronager serves as the CEO while Levin serves as the CSO of the...
Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
The global deployment of spy and stalking applications has surged by as much as 51% since the world’s governments introduced the lockdown in March,...
BitClub Co-Creator Pleads Guilty to $722 Million Ponzi Scheme
The co-creator of the massive crypto Ponzi scheme BitClub has pled guilty for his role in the scam which defrauded investors of at least $722 million...