Stolen Trezor, Ledger and KeepKey Databases Are a ‘Scam,’ Says SatoshiLabs

Published at: May 25, 2020

The hacker claiming to be selling user databases from top hardware wallet manufacturers Ledger, Trezor, and KeepKey appears to actually be peddling bunk, according to SatoshiLabs.

On May 24, cybercrime monitoring blog Under the Breach reported that a hacker had begun advertising the customer databases of popular hardware wallet companies for sale. The data purportedly included the full names and physical addresses for over 80,000 user accounts.

Under the Breach tweeted screenshots suggesting that the hacker obtained the databases by exploiting a vulnerability of popular e-commerce platform Shopify.

“Don’t offer me low dolar, only big money allowed,” the hacker warns prospective bidders.

Trezor refutes hacker’s claims

SatoshiLabs is the team behind Trezor, and a company rep told Cointelegraph that Trezor had gotten ahold of sample data for the supposed database and found “no Trezor customer data included in the offered database.”

Trezor’s initial investigation concluded that “the content and structure of the leaked data does not correspond to the data from the Trezor e-shop and looks more likely to be fabricated.” The spokesperson added that “the whole incident seems like a scam.”

Slush, the pseudonymous chief executive of SatoshiLabs, said, “We take data privacy very seriously at SatoshiLabs. By anonymizing the data in our e-shop after 90 days, we minimize the impact of such a breach. I would like to assure our customers that their data is being treated as highly sensitive.“

A spokesperson for Shopify also told Cointelegraph that an investigation into the purported vulnerability found “no evidence of any compromise of Shopify’s systems.”

Scammer poses as hacker

After adding the popular hardware wallets to his advertisement for stolen data, the hacker now claims to offer customer databases of 18 total virtual currency firms, having first posted the ad on May 17.

But based on investigations carried out by the companies whose databases are supposedly available for purchase, the hacker’s entire bazaar of stolen account information is probably fabricated.

Mexican crypto trading platform Bitso, one of the companies previously named in the hacker’s list, has also refuted the validity of the cybercriminal’s claims, asserting that its investigations “have not found evidence that a third party has sufficient information to access our customers’ accounts.”

Cointelegraph also reached out to Ledger and KeepKey regarding the purported database leaks and did not receive a response as of press time.

Tags
Related Posts
It’s been 4 months & KeepKey’s hardware is still vulnerable to remote ransom attacks
A Shift Crypto employee successfully deployed a ransom attack on Trezor and KeepKey hardware wallets last May. While Trezor released a fix on September 2, KeepKey has yet to fix the issue. According to a blog post published on September 2, the vulnerability affected all cryptocurrencies on affected devices. The exploit, which was first spotted on April 15 by developers Shift Crypto, also affected KeepKey wallets — which were originally based on a fork of Trezor’s code and likely operate on similar foundations. When asked about the vulnerability, a KeepKey representative apparently commented that a fix had not yet been …
Technology / Sept. 3, 2020
Hacker Sells Tens of Thousands of Ledger, Tezor, and Keepkey Users’ Info
The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey. The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts. The hacker has also recently listed the SQL database for online investment platform, BnkToTheFuture. Ledger and Trezor databases reportedly compromised On May 24, cyber crime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers. The hacker claims to be in …
Technology / May 24, 2020
Trezor Responds to Ledger Report on Vulnerabilities in Its Hardware Wallets
Prague-based crypto wallet manufacturer Trezor has responded to а report about hardware vulnerabilities from its competitor Ledger on Tuesday, March 12. Trezor claims that none of the weaknesses revealed by Ledger in a detailed report on March 10, are critical for hardware wallets. As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.” Trezor further cites the results of a recent security survey performed in partnership with major cryptocurrency exchange Binance. According to the survey, only around 6 percent of respondents believe that physical …
Blockchain / March 12, 2019
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
Research Team Demonstrates Hard Wallets Vulnerabilities, Trezor Promises Firmware Update
Researchers have reportedly shown how they were able to hack the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference. The demonstration of the hacks was published in a video on Dec. 27. The research team behind the dubbed “Wallet.fail” hacking project is made up of hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher and former submarine officer Josh Datko. During the conference, the researchers announced that they have been able to extract the private key out of a Trezor One hardware wallet after flashing — overwriting existing data …
Blockchain / Dec. 28, 2018