Personal information for users of popular crypto hardware wallets, Trezor and Ledger, as well as, investment platform, BankToTheFuture, have reportedly been stolen by the same person(s) behind the infamous Ethereum forum hack in late 2016.
According to a Sunday update from data breach service, Under The Breach, the hacker had acquired these personal data via an exploit on popular eCommerce solution, Shopify. At the same time, there may as well be many other underground breaches associated with the latest development.
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
— Under the Breach (@underthebreach) May 24, 2020
The hacker reportedly has access to personal information such as name, full address, phone number, and email for 41488 Ledger users, 4000 KeepKey users and over 27,000 Trezor users, while at the same time boasting an entire SQL database for BankToTheFuture.
Other allegedly affected cryptocurrency-related companies include Bitbond (27k+ users), Bitso (7k+ users), Coinigy (520 users).
For the basics, cybercriminals notably can use such information to carry out phishing attacks and other kinds of malicious attempts to steal funds or credit card information from cryptocurrency holders.
Trezor and Ledger Denies Data Breach
Following the release of the information, both Ledger and Trezor have published an update in denial of the data breach, albeit revealing that their respective teams are still investigating the situation.
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.
— Trezor (@Trezor) May 24, 2020
Ledger uses Shopify for its eCommerce sales, and although Trezor doesn’t, any of its large resellers using the eCommerce solution may as well leave users to the possibility of data theft.
In a similar recent development, Coinfomania reported an email address leak that affected traders on popular cryptocurrency derivatives exchange, BitMEX.