Hacker Sells Tens of Thousands of Ledger, Tezor, and Keepkey Users’ Info
The customer databases of Trezor, Ledger, and Keepkay have allegedly been listed for sale by the perpetrating hacker.
The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey.
The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts.
The hacker has also recently listed the SQL database for online investment platform, BnkToTheFuture.
Ledger and Trezor databases reportedly compromised
On May 24, cyber crime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers.
The hacker claims to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and KeepKey’s 14,000 customers.
Chat logs posted to Twitter indicate that the data was stolen through exploiting a vulnerability to the popular e-commerce website platform Shopify.
Hacker adds to bazaar of crypto account info
The hacker is now advertising the databases of 18 virtual currency exchanges and forums, in addition to the email lists of two crypto tax platforms.
The databases include the full SQL for Korean exchange Korbit spanning 4,500 users, three databases for Mexcican trading platform Bitso, and the complete account information including passwords for blockchain platforms Blockcypher, Nimirum, and Plutus.
The hacker specifies he is only interested in premium bids, stating: “Don’t offer me low dolar, only big money allowed.”
KYC platforms comprise honeypot for hackers
Last week, BlockFi reported a data breach resulting from a Sim-swap attack. Customers’ full names, email address, date of birth, and physical addresses were leaked. Client funds were not impacted.
At the end of April, Etana, a custody firm that provides services to Kraken, also suffered a data breach that did not see any customer funds lost.