After hacking Ethereum.org forum, the hacker has resorted to selling of info related to Ledger, KeepKey and Trezor, the three most sought-after cryptocurrency hardware wallets.
The three databases include address, name, phone number and email for over 80,000 users in total, but without passwords for accounts.
Of late, the hacker has also started offering the SQL database of BnkToTheFuture, a platform facilitating online investment.
Under the Breach, a cybercrime tracking website, discovered the hacker’s fresh listings for the infobases of the top hardware wallet providers.
The hacker has claimed to hold account info pertaining to almost 41,500 Ledger users, more than 27,100 Trezor users, and KeepKey’s 14,000 clients.
Chat logs published on Twitter hint that the info was looted by taking advantage of a bug on Shopify, a famous e-commerce platform.
Through advertisement, the hacker is also offering the databases of 18 digital currency exchanges and forums, along with email lists of two tax platforms catering to crypto investors.
The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger.
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture. pic.twitter.com/4M3f2bQKvB
— Under the Breach (@underthebreach) May 24, 2020
Other data bases offered by the hacker are full SQL database comprising 4,500 users of Korean exchange Korbit, three databases pertaining to Mexican exchange Bitso, and entire account info including passwords for blockchain platforms Blockcypher, Plutus and Nimirum.
The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger.
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture. pic.twitter.com/4M3f2bQKvB
— Under the Breach (@underthebreach) May 24, 2020
One of the conditions laid down by the hacker for selling the database is a demand for premium bid for the databases. He has specifically stated “Don’t offer me low dolar, only big money allowed.”
A week earlier BlockFi published a data vulnerability incident caused by Sim-swap attack. Clients’ full names, date of birth, email address, and physical addresses seeped through.
Customer funds were not affected. By the end of April, Etana, a crypto custody firm offering its services to Kraken, also got affected by a data breach, but did not face any loss of clients funds.