A hacker has allegedly managed to obtain personal details of users on several cryptocurrency platforms, including Ethereum (ETH), Ledger, Trezor and KeepKey, according to a post by cybersecurity researcher Under the Breach on May 24. Over 100,000 accounts have been compromised, allegedly.
The hacker has proceeded to sell the databases of Ledger, Trezor and KeepKey. Initial investigations state that the hacker had exploited a Shopify loophole, but more details are only just emerging. Passwords have not been compromised, but the names, addresses, phone numbers and emails of hardware wallet users are all up for sale.
The hacker has also said that he or she is in possession of the full SQL database of investing site Bank to the Future, which has invested over $800 million in the crypto sector. There has been no update from the platform. An attack was also made on Ethereum.org, similar to the one conducted in 2016 - and the hacker has claimed to be the same person.
The hacker is selling data stolen from major wallet manufacturers. Source
Trezor has said that it has no link to Shopify, but is looking into the matter. Similarly, Ledger has said that it has analyzed the “so-called hacked database”, which doesn’t seem to match the one in its records. ShapeShift-owned KeepKey has not made an official announcement about the incident yet.
Almost all entities in question are looking into the matter, but an investigation will take a few days at the very least.