- Trezor and Ledger have launched investigations after recent rumors of a hacker breaching their databases.
- The hacker allegedly made multiple breaches through a Shopify exploit.
- Shopify denied the exploit's existence, and other firms seemingly ignored the rumors.
Two largest hardware cryptocurrency wallet providers, Ledger and Trezor, are currently in the middle of an investigation of recent claims, that their databases were hacked. According to the claims, a hacker allegedly managed to break into their database and steal data belonging to their users. This data is now, supposedly, on sale.
Under The Breach shares screenshots of ads for the data sale
The claims also say that these two are not the only ones, as the breach also affected users of another popular hardware wallet, KeepKey. KeepKey is a wallet launched by a crypto platform, Shapeshift.
Even that is not it, as Under The Breach reported that the hacker gained access to a major investing platform, BankToTheFuture.
The company shared screenshots of ads that the hacker created to spread the word of the data sale. From what is known, the data seemingly includes the names and addresses of users, as well as their phone numbers and emails. According to the ad screenshots, the hacker does not offer passwords.
According to Under The Breach, the hacker seems to have obtained the stolen data via Shopify exploit. It also said that BankToTheFuture did not take these claims seriously. Meanwhile, ShapeShift also failed to release any official statement about the alleged hack at the time of writing.
Trezor and Ledger are the only ones who started investigating
So far, only Trezor and Ledger made a move, proving that they are taking the claims seriously. Both posted their responses on Twitter, with Trezor claiming that its eshop doesn’t use Shopify, but the company is investigating the rumors regardless of that fact.
Ledger posted a similar announcement, stating that the firm routinely purged old customer records from its database, The purpose of this was to reduce the impact of a possible breach. The company also claims to be taking the matter very seriously, and that an investigation is on-going. However, it already reported that the information shared via the screenshots does not seem to match its database.
As for the hacker, it appears that this is the same attacker who breached the Ethereum forum four years ago, in 2016. The hacker is claiming that the data is authentic and that they are after big money for this information. Shopify also released a statement in regard to the rumours of a breach, stating that there was no such compromise.