- Cyber security firm Under The Breach today released a hacker’s claims that hardware wallet users’ data was for sale.
- The hacker claims that names, addresses, phone numbers and emails from Trezor, Ledger and ShapeShift’s Keepkey are for sale.
- Trezor and Ledger have said they are investigating the breach.
A hacker reportedly sells stolen data from three popular hardware wallets, prompting an investigation by at least two of the allegedly involved companies.
The hacker claims to have stolen data from Trezor, Ledger and Shapeshift, KeepKey’s wallets. The charges were republished on Twitter today by cybersecurity firm Under The Breach.
Under The Breach added that the data was stolen as a result of an exploitation of e-commerce website Shopify. It posted screenshots in which the hacker advertised that the names, addresses, phone numbers and emails of the hardware wallet users were for sale. Passwords were not included.
“Only a lot of money” would be accepted for the data, the hacker said, according to another screenshot published by Under The Breach. The hacker was responsible for hacking the Ethereum forum back in 2016.
Screenshots published by Under The Breach show that the hacker claims to have the full SQL database for investment platform BnkToTheFuture. Under the break said it contacted BnkToTheFuture, but “could not get them to take it seriously.”
But two of the other companies took the allegations seriously.
Trezor said on Twitter that it didn’t use Shopify, making a Shopify-related hack impossible. “We are investigating the situation anyway,” the company said. “We also routinely removed old customer data from the database to minimize the potential impact.”
Ledger also has one pronunciation by saying that it “takes the matter seriously”.
ShapeShift, the company that owns KeepKey, had not commented on the allegations at the time of this article’s publication. ShapeShift did not respond to questions from Decrypt per press, but we will update this story with comments.