A hacker is reportedly selling stolen data from three popular hardware walletsâprompting an investigation by at least two of the companies allegedly involved.Â
The hacker claims to have stolen data from Trezor, Ledger and Shapeshiftâs wallet, KeepKey. The allegations were republished on Twitter today by cybersecurity firm Under The Breach.Â
The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger.
Both of which obtained from a @Shopify exploit. (suggesting there are many more underground leaks).
â Under the Breach (@underthebreach) May 24, 2020
AD
AD
Under The Breach added that the data was stolen due to an exploit of e-commerce website Shopify. It posted screenshots in which the hacker advertised that the names, addresses, phone numbers and emails of the hardware wallet users were for sale. Passwords were not included.Â
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We've been also routinely purging old customer records from the database to minimize the possible impact.
Sounds grim. But Candice So, a communications manager at Shopify, told Decrypt: "We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopifyâs systems."
The hacker, who was responsible for hacking the Ethereum forum back in 2016, maintains the veracity of their claims. âOnly big moneyâ would be accepted for the data, the hacker said, according to another screenshot published by Under The Breach.Â
Screenshots published by Under The Breachshow that the hacker also claims to have the full SQL database for investment platform BnkToTheFuture. Under The Breach said it contacted BnkToTheFuture but âcouldn't get them to take it seriously.â
AD
AD
But two of the other companies did take the allegations seriously.Â
Trezor said on Twitter that it didnât use Shopifyâmaking a Shopify-related hack impossible. âWe are nonetheless investigating the situation,â the company said. âWe've been also routinely purging old customer records from the database to minimize the possible impact.â
Ledger also put out a statement saying it is âtaking the matter seriously.âÂ
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesnât match our real db. We continue investigations and are taking the matter seriously.
ShapeShift, the company that owns KeepKey, had not commented on the allegations by the time this article was published. ShapeShift did not respond to questions from Decrypt by press time but we will update this story with responses.
Editor's note: This article was updated with comments from Candice So, communications manager at Shopify.
Stay on top of crypto news, get daily updates in your inbox.