On sale the data of thousands of Ledger, Trezor and KeepKey users

The same hacker who managed to breach the security of the Ethereum.org forum is now trying to sell user data from three popular hardware wallets: Ledger, Trezor and KeepKey.

In particular, he seems to have managed to get his hands on three SQL databases containing names, addresses, phone numbers and email (but fortunately not passwords) of over 80,000 people. The criminal posted the sale announcement on the online investment platform BnkToTheFuture.com.

Compromised the databases of Ledger, Trezor and KeepKey?

The hacker claims to have data corresponding to nearly 41,500 users of Ledger, 27,100 of Trezor and 14,000 of KeepKey.

According to screenshots of some chats posted on Twitter, this data was stolen by exploiting a vulnerability on the famous e-commerce platform Shopify.

However, a Shopify representative said that, after conducting extensive investigations, the company „found no evidence to support“ the hacker’s claims and „no evidence that Shopify’s systems have been compromised.

A large amount of personal data for sale

The hacker in question also promotes the sale of the databases of 18 exchanges and forums dedicated to cryptocurrency, as well as the e-mails of two platforms offering tax services related to cryptocurrency.

The hacker claims to own the entire SQL database of the South Korean exchange Korbit, three databases of the Mexican trading platform Bitso, as well as the account data, including passwords, of the Blockcypher, Nimirum and Plutus platforms.

The criminal points out that he is only interested in Bitcoin Code, The News Spy, Bitcoin Circuit, Bitcoin Billionaire, Bitcoin Trader, Bitcoin Profit, Bitcoin Evolution, Bitcoin Era, Immediate Edge, Bitcoin Revolution of a certain thickness:

„Don’t offer me a few dollars, only a lot of money is allowed.“

However, a Bitso representative also confirmed that the company „has found no evidence that third-party entities have sufficient information to access our customers‘ accounts. The exchange’s security team is further investigating the truth of the hacker’s allegations.

Hackers continue to attack crypto platforms
Last week BlockFi reported a data leak following a SIM swap attack: hackers apparently managed to get their hands on the names, email addresses, birth dates and physical addresses of users.

At the end of April, Etana, a custody company offering services to the well-known Kraken crypto currency exchange, also suffered a similar attack by hackers.