Hacker Allegedly Sell Stolen User Data of Ledger, Trezor and KeepKey

Cybersecurity firm Under The Breach today published a hacker’s claims that hardware wallet users’ data was for sale. Trezor and Ledger have said they are investigating the breach.

May 24 2020 | AtoZ Markets – A hacker is reportedly selling stolen data from three popular hardware wallets—prompting an investigation by at least two of the companies allegedly involved.

Hacker reportedly compromised Ledger and Trezor user data

The hacker claims to have stolen data from Trezor, Ledger and Shapeshift’s wallet, KeepKey. The allegations were republished on Twitter today by cybersecurity firm Under The Breach.

Under The Breach explained that the data was stolen through exploiting a vulnerability to the popular e-commerce website platform Shopify. The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts.

Read: Kraken Labs Reveals How To Hack Trezor Wallet

Moreover, the hacker specifies he is only interested in premium bids, stating: “Don’t offer me low dolar, only big money allowed.” The hacker was responsible for hacking the Ethereum forum back in 2016.

Read: Hackers Steal Ethereum from DeFi Lending Protocol bZx

Trezor and Ledger are investigating the breach

Screenshots published by Under The Breach show that the hacker claims to have the full SQL database for investment platform BnkToTheFuture. Under The Breach said it contacted BnkToTheFuture but “couldn't get them to take it seriously.”

But two of the other companies did take the allegations seriously. Trezor said on Twitter that it didn’t use Shopify—making a Shopify-related hack impossible.

“We are nonetheless investigating the situation,” the company said. “We've been also routinely purging old customer records from the database to minimize the possible impact.”

Ledger also put out a statement saying it is “taking the matter seriously.”

Read: Researcher Shows How to Hack Nano Ledger

At the time of writing, ShapeShift, the company that owns KeepKey, is yet to comment on the allegations. ShapeShift did not respond to questions from AtoZ Markets by press time but we will update this story with responses.

What do you think of the fact that the hacker has stolen the information of more than 80,000 users? Don’t hesitate to let us know in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *