Today, the Under the Breach team, which addresses the cybercrime investigations sphere, published screenshots of dialogues with a hacker pretending to own the databases of two of the world-leading hardware wallets - Ledger and Trezor.
Aftermath of Shopify Exploit?
According to investigators, the malefactor posted his announcements on a forum. He claims to have hijacked the databases of numerous crypto-related products including Trezor, Ledger, and KeepKey hardware wallets, as well as the Bitso payment provider and Ethereum.org forum.
The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger.May 24, 2020
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture. pic.twitter.com/4M3f2bQKvB
The hacker also pretended to obtain a SQL dump of investors from the Bank To The Future platform. As per the Jabber conversation with this mysterious cybercrook, the individual accessed the sensitive databases through a critical flaw in Shopify's data storage infrastructure.
Whoever he/she is, this person demonstrated an insane thirst for money. He advertised his message as 'BIG MONEY ONLY' and was very selective about the clients (spelling of the original is kept):
Don't offer me low dolar, only big money allowed
It May Not Be That Bad
While the hacker demonstrated his/her knowledge of obtaining information from databases, some of the alleged 'victims' have already denied the fact that their clients' data was leaked.
The Ledger team was the first to announce that the malefactor may have been bluffing:
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.— Ledger (@Ledger) May 24, 2020
The producers of cutting-edge hardware crypto wallets started their own investigation and have disclosed that the files for sale do not match the real Ledger database.
Trezor's e-commerce team also started an investigation, and its representatives announced that they do not use Shopify.