The hardware crypto wallets refute recent reports that hackers have access to their databases
This week has been full of reports that claimed that a few cryptocurrency wallet providers, including Trezor and Ledger SAS, had been hacked and that the stolen user data is being sold by the hacker on the dark web. The data breach monitoring and prevention service Under The Breach was the company that initially spotted this fraudulent activity after it was being sold online. The hacker in question claims to have stolen this data by exploiting a security vulnerability found in the popular e-commerce platform Shopify Inc. Both Trezor and Ledger SAS have come forward in response to the stories and have denied being hacked or that any data has been stolen.
Trezor said in a statement Sunday on Twitter that “there are rumors spreading that our e-shop database has been hacked through a Shopify exploit. Our e-shop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.”
Also Ledger had something to say regarding this matter stating that “rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db [database], and so far, it doesn’t match our real db. We continue investigations and are taking the matter seriously.”
The information obtained by this hacker includes names, addresses, phone numbers and email addresses for more than 80,000 combined users from these companies. However, it was clarified that none of this information contains wallet keys nor any other important data that could provide access to the user’s cryptocurrency holders.
Besides data from customers using these two hardware wallet services, the hacker also claims to have stolen data from online investment firm BnkToTheFuture and hardware wallet provider KeepKeys, among others. There are no official communications yet from Shopify itself about any known hacks, even though in the past some customers said they were hacked.