Cryptocurrency wallet providers Trezor (SatoshiLabs s.r.o.) and Ledger SAS are denying reports that they have been hacked and data stolen from their customers being offered for sale in the dark web.

The hacking claim comes via data breach monitoring and prevention service Under The Breach, which claimed Sunday that data stolen from both companies is being offered by a hacked who obtained the data by an exploit of Shopify Inc. The hacker in question also claims to have stolen data from online investment firm BnkToTheFuture and hardware wallet provider KeepKey, among others.

Although there are cases of individual users of Shopify claiming they have been hacked, Shopify itself has never officially been known to have been hacked.

The allegedly stolen databases are said to include customer information such as names, addresses, phone numbers and email addresses for more than 80,000 users but do not include wallet keys or other information that could provide access to users’ cryptocurrency holdings.

The hacker offering the databases is said to be the same person or group behind a breach of the Ethereum Forum in 2016.

In response to the reports, Trezor said in a statement Sunday on Twitter that “there are rumors spreading that our eshop database has been hacked through a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.”

Ledger responded similarly, stating that “rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.”

Shopify also denied being hacked, telling Bitcoin.com that “we investigated these claims and found no evidence to substantiate them and no evidence of any compromise of Shopify’s systems.”

Under The Breach is a longstanding service that has in the past broken big hacking stories. There’s no reason to believe that its report of the alleged hack is malicious, since it simply detailed claims made by a hacker on the dark web, a shady part of the internet reachable with special software.

Whether the hacker who claims to have stolen the data and is now offering it for sale is legit is another question. That point was made in a followup tweet by Under The Breach as well.

At this point, there is absolutely no evidence that the hacker behind the alleged @Trezor and @Ledger leaks is telling the truth, and the samples which he did share did not match these companies internal investigations.

I will follow this closely and update if anything changes!

— Under the Breach (@underthebreach) May 25, 2020

Image: Trezor