Hacker Provides Details of HD Wallet Users
According to several screenshots posted on Twitter, the hacker offered to sell customer personal data from a wide range of financial service platforms. This includes Trezor and Ledger, KeepKey, Bank to the Future and LoanBase.
The image below shows the hacker claiming to have obtained the details by exploiting security holes on Shopify – the online business site.
The hacker also targeted users of the popular Ethereum forum, Ethereum.org. This reflected a similar attack on Ethereum.org in 2016 when the hacker successfully extracted personal information from 16,500 ETH forum users.
Trezor and Ledger refuse
However, Trezor’s official Twitter channel quickly released a statement that Trezor was not actually using Shopify, but that they would immediately start investigating.
Trezor’s official announcement declared“There are rumors that our eShop database has been hacked via a Shopify exploit. Our eShop does not use Shopify, but we are nevertheless investigating the situation. “
He added: “We have also systematically purged old customer records from the database to minimize the possible impact. “
Likewise, the Ledger team issued a similar message – noting that the details offered by the attacker do not match their database. In any event, they intend to investigate the complaints with the appropriate seriousness.
The corresponding ledger announcement declared:
“There are rumors that our Shopify database was hacked via a Shopify exploit. Our e-commerce team is currently verifying these allegations by analyzing the so-called hacked database, and so far it does not correspond to our real database, “he said.
The announcement added, “We are continuing our investigations and are taking the matter seriously. “
Overall, the hacker offers more than 200,000 user information from multiple websites and financial applications. Included are the three largest hardware portfolios of the world’s best known cryptocurrencies.
The attacker claims to have the names, addresses, email addresses, and telephone numbers of the exposed users in question.
This means that if the hacking is genuine, the worst to come will probably be the phishing schemes. However, knowing the personal addresses of users of Ledger and Trezor could be a way to track down cryptocurrency users in general – many of whom hold large sums in their wallets. As CryptoPotato reported in January, Trezor hardware wallets could be physically hacked.
Click here to start trading on BitMEX and receive 10% fee reduction for 6 months.