Trezor (SatoshiLabs s.r.o) and Ledger SAS, two cryptocurrency wallet providers, have denied reports that they were recently hacked.
Previous reports asserted that the private information of their customers were already being put up for sale on the dark web.
The hacking claim came from Under The Breach, a data breach monitoring and prevention service. The company claimed on Sunday that data from both companies was obtained through an exploit of Shopify. Aside from this, the hacker also claims to have stolen data from BnkToTheFuture, an online investment firm, as well as KeepKey, a hardware wallet provider.
While there have been cases of individual Shopify users being hacked, it has never been verified that Shopify itself has fallen victim.
The stolen databases reportedly have the customer information (including the names, addresses, cell phone numbers and email addresses) of over 80,000 users. However, it does not include wallet keys or any other information needed to provide access to the users’ cryptocurrency holdings.
The hacker that is making the offer for these databases is allegedly the same hacker (or group of hackers) behind the breach of the Ethereum Forum in 2016.
“There are rumors spreading that our eshop database has been hacked through a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.” Trezor tweeted.
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We've been also routinely purging old customer records from the database to minimize the possible impact.
— Trezor (@Trezor) May 24, 2020
Ledger also took to Twitter to clarify their side of the story, stating that their e-commerce team had not yet found any discrepancies in the “hacked” database.
“Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db [database], and so far it doesn’t match our real db [database]. We continue investigations and are taking the matter seriously.”
Shopify joined the two companies in affirming that there was no cause for worry, as they had investigated the claims and “found no evidence to substantiate them and no evidence of any compromise of Shopify’s systems.”
Under The Breach has reported reliably on several news hacking stories in the past. There is currently no reason to believe that its report of the hack was made with malicious intent, since it simply gave details that were already provided by a hacker on the dark web.
“At this point, there is absolutely no evidence that the hacker behind the alleged @Trezor and @Ledger leaks is telling the truth, and the samples which he did share did not match these companies internal investigations. I will follow this closely and update if anything changes!” they clarified in a tweet.
https://twitter.com/underthebreach/status/1264893076146982912?s=20