Skip to content

Hacking allegations are unfounded and there is no evidence

May 28, 2020

According to a report from an online surveillance web portal, Under the Breach, A hacker broke into the data protection protocols of large companies such as Trezor, Ledger and Bnktothefuture on May 24 and took away a large amount of confidential customer information, such as email addresses, home addresses, and phone numbers.

Documents published by Under the Breach alleged that the hacker allegedly owned three large databases They contained the data from more than 80,000 customers. In this context, it was also rumored that the hacker was able to get the above information through a hack associated with Shopify, an e-commerce company that offers its services to several major cryptocurrency companies.

It now appears that this alleged data breach was a serious fake, as many of the companies related to the hack have claimed that Under the Breach’s claims are not based on objective evidence. For example, a Shopify spokesman said to Cointelegraph: “We have investigated these claims and found no supporting evidence or evidence of a Shopify system compromise.“”

Hacking allegations are unfounded and there is no evidenceHacking allegations are unfounded and there is no evidence

Similarly, Ledger’s security team has attempted to dispel customers’ fears that their funds are at risk. The company released a detailed blog post claiming the rumor that the leaked customer data came from Ledger’s e-store. It was a joke, and the company’s security team had examined the sample data and confirmed that it did not match their customers’ information.

Finally, concerns about the hacker’s allegation that it could access Ledger’s customer database through a Shopify exploit in 2016 were resolved. The hardware wallet manufacturer’s security team said Ledger is currently using Shopify as a third party for its e-commerce activities, but this was not the case in 2016.

Companies discredit the alleged violation

Cointelegraph turned to Matthieu Riou, technical director and co-founder of BlockCypher, a cloud-optimized platform that supports blockchain applications that support it. They allegedly compromised their data. Riou claimed that after a thorough analysis of the matter, his team concluded that the leak in question was over four years old and would simply be put back into circulation.. He further clarified:

“For example, the number of records reported by the hacker (2,358 users) is particularly revealing. Fortunately, we now have a few more users than this. However, this number is consistent with a data leak from March 2016 that we had on an older system. And that it was recognized at the time. “

In addition, Riou pointed out that since his leak in 2016, his company’s development team has rewritten the web application and API tokens for user management from scratch, which is why users had to return to log on to the new platform with a different password to register. He added: “We have been working on the new improved platform for several years and had no problems. We cannot talk about the seriousness or accuracy of the dumped data that comes from other companies. “

This feeling was confirmed by Peter Vecchiarelli, COO of Augur, a decentralized gambling protocol that the hacker allegedly compromised and stole customer information. Vecchiarelli said the Augur leaked list was the same that hackers are said to have acquired in 2016. He found that when he ran a cross-reference test, his team found that the leaked list did not match any of Augur’s private email lists for marketing or bulk sales.and that it was just a downloaded list of people who had configured their email addresses to be “publicly visible” from a previous company Slack channel.

Finally, Marek Palatinus, CEO of SatoshiLabs – the company behind Trezor’s various hardware portfolios – told Cointelegraph that it is important that people understand that “Data breach is not legitimate“And it’s mostly information that is being made. For example, he found that Trezor’s e-store doesn’t work with Shopify and that the company uses an anonymization protocol to minimize the impact of potential data breaches like this.

“Even if the data leaked from one of the parties’ electronic stores, The secret keys of the hardware portfolio would not be disclosedTherefore, the hacker or another potential person who is using the database does not have access to your secret keys, which are stored in a hardware wallet. Trezor does not collect data from your hardware portfolio or Trezor portfolio application. “

Cheers for exchange hacks is nonsense

Another aspect of this recent data breach is the hacker He claimed to have received a large amount of customer information from major cryptocurrency exchanges and investment platforms such as Coinigy, BitSo and Plutus.

Cointelegraph spoke to Coinigy’s co-founder, William Kehl, who explained that one of Coinigy’s third-party accounts, Stripe, was compromised in 2016. An attacker could access information on more than 500 clients. This data contained the last four digits of the customer’s credit card numbers, their names and addresses, and the associated emails. However, as part of the above violation, Kehl claims that none of Coinigy’s internal databases – including user accounts, passwords or API keys – have been compromised. He added:

“We were immediately alerted to the incident and these accounts and our entire platform were immediately blocked. All users must perform a comprehensive security check, including but not limited to new passwords and API keys, before they can access the platform again. Once again, what you see from the “hacker” was not retrieved from our database, but through the temporary access to some of the third-party services we use. “

Regarding the rumors of the hack, a spokesman for the Mexican stock exchange Bitso told Cointelegraph that after investigating this alleged threat The company’s security team has found nothing out of the ordinary. He added:

“We are enabling the pre-defined logs to review this potential event and will notify users. We have currently found no evidence that a third party has enough information to access our customers’ accounts.”

The same thoughts were reflected on by David Morrison, Community Manager at Plutus, a cryptocurrency and technology company. Morrison said his company’s security team was unable to find evidence of an attempted hacking after investigating several possible attack methods. Said: “So far, we have found no solid evidence of successful hacking attempts. Nevertheless, we take all possible precautions and inform our customers appropriately.“”

Before the events

On May 19, BlockFi reported a data breach that occurred as a result of a SIM card attack and resulted in compromised company customer data, such as: B. Full names, email addresses, date of birth and physical addresses. In the same way, Etana, a custodian that offers octopus cryptocurrency exchange services, was also the victim of a similar data breach last month.

Although customer funds were reportedly not affected in any of the cases mentioned, people tend to get to the worst result immediately as long as a story is compromised through a platform.