Crypto Wallet Providers Ledger and Trezor Dismiss Claims of Database Hack
Ledger and Trezor, two of the world’s leading cold wallet providers, on May 24, 2020, dismissed rumors of a Shopify database exploit and claims that hackers are auctioning customer personal details on the dark web.
Hardware wallets – like those issued by Trezor and Ledger – are not connected to the Internet, and are, therefore “cold.” Ordinarily, users prefer them to “hot” wallets because of their perceived security. Hot wallets are connected to the web and they include issued provided by centralized exchanges.
Shopify as a Weak Link?
The rumor first appeared after Under The Breach, a monitoring portal, posted several screen-grabs alleging that a hacker (or a group) was auctioning and selling Ledger and Trezor databases after successfully exploiting and breaching Shopify. Shopify is an eCommerce platform where anyone can set up and sell their products or services online.
The hacker also sensationally claimed that he had the whole SQL database of Bank-to-the-Future. Bank-to-the-Future is a global online investment platform.
https://twitter.com/underthebreach/status/1264460979322138628
Rumors (regardless of their authenticity) of a hack–especially to a cold wallet vendor or manufacturer, are enough to send shockwaves in the crypto scene. Only a small percentage of coins and tokens are stored in hot wallets by exchanges and third-party providers.
News of high profile heists often stems from the theft of coins/tokens stored through these vulnerable vaults. The majority are stored in cold wallets which are decoupled from the Internet and technically considered to be impervious.
With this knowledge, it is thereof reassuring for wallet owners when they receive statements of confidence from the firms’ representatives that hackers have no access to information about their names, physical addresses, and other precious gems that can be used against them.
Trezor and Ledger: Databases Are Safe
Ledger, which offers several wallets supporting a wide range of coins, said an initial analysis by their eCommerce team of the circulated screenshots turned out negative. The team found no connection between the alleged infiltrated database and its database. Still, there are taking the matter seriously, have taken a “dive” into the dark web, and investigations are ongoing. They are yet to issue an official statement of their findings.
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020
On their end, Trezor said their e-shop does not use Shopify. Furthermore, they have been regularly purging out old customer data to mitigate impacts should they occur. Trezor CTO and Co-Founder, Pavel Ruznak, has also reassured customers that their details are in safe hands and the alleged hack is false.
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We've been also routinely purging old customer records from the database to minimize the possible impact.
— Trezor (@Trezor) May 24, 2020