Shopify Database Hack Denied by Crypto Wallet Providers

Reading Time: 2 minutes

A supposed Shopify database hack that is said to have exposed the names and addresses of tens of thousands of Ledger, Trezor, and KeepKey hardware wallets has been denied by the companies. The alleged breach was ‘revealed’ on Sunday when a data breach monitoring service posted on Twitter that a Shopify customer database had been compromised, which had allowed hackers to access the personal details of over 72,000 of the manufacturers’ customers. The companies in question have since denied that the databases are genuine, but the issue raises an uncomfortable truth about hardware wallets that many may not want to consider.

72,000 Customer Records For Sale

The alleged Shopify database hack was suggested by Under the Breach, a cybercrime investigation and insight service, who posted images that they said showed that hacker had accessed names, addresses, and phone numbers of over 41,000 Ledger customers, over 21,000 Trezor customers, and 10,000 KeepKey customers, which he then began selling on the dark web. Alongside this, the hacker was also supposed to have obtained the full customer database for investing site Bank to the Future, which he was also selling.

This revelation naturally concerned a great many people, with one respondent saying that it would lead to customers having “a huge target on your back”. However, it quickly emerged that things might not be as dire as predicted. Ledger were first in, responding that they had doubts about the authenticity of the databases:

A few hours later Trezor also responded, this time with an even more emphatic denial:

KeepKey are yet to respond to the leak, although the fact that Ledger can’t match the records shown in the images to their actual records and Trezor doesn’t even use Shopify would seem to put the matter, thankfully, to bed.

Genuine Breach Could Damage Crypto

Even if the Shopify database hack turns out to be fake, it acts as a sobering reminder that for all the benefits that hardware crypto wallets bring, namely the ability to look after one’s own tokens and have full access over them, it does introduce an element of third-party trust into the matter. A genuine hack of a customer database belonging to your hardware wallet provider immediately circumnavigates all the security benefits associated with owning one, and puts you in physical danger.

Hardware wallets remain the safest option for storing cryptocurrency, and will be a key player in accelerating their growth, but a large scale hack on a hardware wallet provider’s user database could prove crippling for the company involved and could be a major backwards step in adoption.