Personal data of over 200,000 users of the popular cryptocurrency exchanges, financial applications and purses presumably for sale. The attack might be a hacker breaking into the database of the official Ethereum forum in 2016, however, caught in the list of best wallet Ledger and deny the leak.
Publishing CryptoPotato drew attention to the Twitter account of service vulnerability monitoring Under the Breach, according to which the hacker that attacked in December of 2016 forum ethereum.org offers to sell user data Ledger and best wallet.
The Ethereum forum hacker is now selling the databases of @best wallet and @Ledger.
Both of which are obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture. pic.twitter.com/4M3f2bQKvB
— Under the Breach (@underthebreach) May 24, 2020
The list contains the user data of the hardware of the purse KeepKey platforms BnktotheFuture, LoanBase. According to other sources, the hacker advertises a database 18 of cryptocurrency exchanges and forums, including Korbit Korean and Mexican Bitso.
In total we are talking about data from more than 200,000 users. The database allegedly contain the names, physical and email addresses, and phone numbers.
The passwords in the databases Ledger and best wallet absent, however, in the case of a platform Blockcypher, Nimirum, and Plutus, the situation is reversed – the hacker offers a complete set of data, including passwords.
The attacker declares that he is only interested in major suggestions. According to him, user data Ledger, best wallet and KeepKey was obtained by the exploitation of vulnerability on the popular e-Commerce platform Shopify, which was purchased through wallets.
How was obtained data of users on other platforms, if his allegations are true, is not clear.
The representatives of the Ledger, meanwhile, claim that we offer for sale a database is not matched by reality. Nevertheless, the French company stresses that continues the investigation of the incident and treats it with complete seriousness.
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db and so far it doesn't match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020
The Prague-based manufacturer of wallets best wallet, and even stated that they did not use a Shopify store for selling their products. Nevertheless, the company carefully studies the situation and simultaneously start the clean up of old user database to minimize the possible threats.
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve also been routinely purging old customer records from the database to minimize the possible impact.
— Best Wallet (@Best Wallet) May 24, 2020
ShapeShift, the parent company KeepKey, has not yet commented on the situation. Also did not react to the news representatives BnkToTheFuture and Bitso.
We will remind, earlier this week platform Shopify has entered into a partnership with Coinpayments processing service, whereby its customers will have greater opportunities to use cryptocurrency as a means of payment.