Under the Breach team, known for their cyber crime research, published their conversations with a hacker who claimed to have captured information from Ledger and Trezor, one of the leading hardware wallets.
After Shopify Accident
According to the researchers, hackers, by posting in a forum; reported that many crypto-based products have accessed the database. These products include Trezor, Ledger and KeepKey hardware wallets, as well as the Bitso payment provider and Ethereum.org forum.
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
— Under the Breach (@underthebreach) May 24, 2020
Hacker also claimed that an investor from the Bank To The Future platform was obtaining a SQL dump. According to the interview with this mysterious hacker, the attacker accessed sensitive databases through a critical flaw in the data storage infrastructure of Shopify.
The hacker mentioned that the only problem was the money. Indicating his message that “ONLY LOADED MONEY CAN GIVE MONEY”, the hacker was also very selective about customers:
“Don’t offer me little money, just come if you have a lot of money.”
Not That Bad
While demonstrating how it leaked into the hacker databases, some of the alleged ‘victims’ denied that their customers’ data was leaked.
Ledger team was the first to explain that hackers were bluffing:
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020
The latest hardware crypto wallet manufacturers have started their own research and announced that hacker’s files for sale do not match the actual Ledger database.
Trezor’s e-commerce team has also launched an investigation and their representatives have announced that they are not using Shopify.