Under the Breach, a cybersecurity firm, recently published claims by a hacker that they had managed to steal data from Trezor and Ledger hardware wallet users. The hackers were now selling the data on the internet, according to a tweet from the cybersecurity firm.
How the Hackers Got the Data
The hackers used a security flaw in Shopify to carry out their hack. Under The Breach shared screenshots that included phone numbers, emails, hardware wallet users, names, and addresses. However, thus far, the claims have been denied by Shopify. The company claims that data of its users is still secure.
Under The Breach later tweeted that there was no proof to back up the claims made by the hackers. However, the hacker who was behind the hack insists that they stole the data and are willing to sell it. It has been claimed that it was the same hacker who hacked the Ethereum.org platform in 2016.
Trezor and Ledger Deny the Claims
Besides Shopify, Trezor and Ledger have also denied that any data from their users was stolen. Trezor was the first to deny the claims. They said that the rumors of the data from their e-shop being stolen were false. They noted that their e-shop did not use Shopify. However, they said they were investigating the issue.
The blog post added that the company often purged old customer records to minimize the impact of a hack. According to the blog post, they purge all data from a user after 90 days of an order being placed. Trezor also noted that after a careful analysis of the data published by the hacker, they found that it did not match their customer records. According to them, the records published appear to be fabricated. They concluded by assuring users that their user data had not been stolen.
Ledger also denied the claims made by the hackers. They tweeted that they were looking into the claims. However, they noted that thus far the database published by the hacker did not match their database.
Are Hardware Wallets Safe?
Thus far, it is not clear why the hacker made the claim. However, it is worth noting they were not claiming to have hacked the wallets, only the data associated with them. In general, hardware wallets are quite safe. The only way to steal crypto from them would be by using a private key. However, Peter Todd, a former BTC Core Developer noted that it was possible to hack a Trezor wallet during a February podcast interview. According to Todd, you would only need to have the hard wallet in your possession and a bit of knowledge to access the contents of the wallet in minutes.
As a result, the intention of claiming to leak data regarding hardware wallets would be to ensure holders of the wallets are targeted physically. What the hacker was doing was illegal and if they are caught, it could lead to a long stay in prison. However, their claims appear to be fake and an attempt to gain fame online.
Image Source: Shutterstock