Today, the Under the Breach team, which addresses the cybercrime investigations sphere, published screenshots of dialogues with a hacker pretending to own the databases of two of the world-leading hardware wallets - Ledger and Trezor.
Aftermath of Shopify Exploit?
According to investigators, the malefactor posted his announcements on a forum. He claims to have hijacked the databases of numerous crypto-related products including Trezor, Ledger, and KeepKey hardware wallets, as well as the Bitso payment provider and Ethereum.org forum.
The hacker also pretended to obtain a SQL dump of investors from the Bank To The Future platform. As per the Jabber conversation with this mysterious cybercrook, the individual accessed the sensitive databases through a critical flaw in Shopify's data storage infrastructure.
Whoever he/she is, this person demonstrated an insane thirst for money. He advertised his message as 'BIG MONEY ONLY' and was very selective about the clients (spelling of the original is kept):
Don't offer me low dolar, only big money allowed
It May Not Be That Bad
While the hacker demonstrated his/her knowledge of obtaining information from databases, some of the alleged 'victims' have already denied the fact that their clients' data was leaked.
The Ledger team was the first to announce that the malefactor may have been bluffing:
The producers of cutting-edge hardware crypto wallets started their own investigation and have disclosed that the files for sale do not match the real Ledger database.
Trezor's e-commerce team also started an investigation, and its representatives announced that they do not use Shopify.