Under the Breach team, known for their cybercrime investigation, they published their conversations with a hacker who claimed to have collected information from Ledger and Trezor, one of the leading hardware wallets.
After a Shopify accident
According to the researchers, hackers would post on a forum; reported that many crypto-based products have opened the database. These products include Trezor, Ledger and KeepKey hardware wallets, as well as the Bitso payment provider and the Ethereum.org forum.
Both obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
– Under the Breach (@underthebreach) May 24, 2020
Hacker also claimed that an investor of the Bank To The Future platform was given an SQL dump. According to the interview with this mysterious hacker, the attacker was able to access sensitive databases through a critical flaw in Shopify’s data storage infrastructure.
The hacker said the only problem was the money. The hacker pointed to his message that “CAN ONLY GIVE MONEY”, and was also very selective about customers:
“Offer me little money, just come if you have a lot of money.”
Not so bad
While showing how it leaked into the hacker databases, some of the alleged “victims” denied that their customers’ data had been leaked.
Ledger team was the first to explain that hackers were bluffing:
Rumors are pretending that our Shopify database has been hacked by a Shopify exploit. Our ecommerce team is currently checking these claims by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue to investigate and take the matter seriously.
– Ledger (@Ledger) May 24, 2020
The latest hardware crypto wallet manufacturers have started their own research and announced that hacker files put up for sale don’t match the actual Ledger database.
Trezor’s e-commerce team has also launched an investigation, and their representatives announced that they are not using Shopify.