Brinztech Alert: Database of BitBox (Hardware Wallet) is on Sale

Dark Web News Analysis

A threat actor using the alias “ATox” on a known hacker forum is advertising the alleged sale of a database belonging to BitBox (bitbox.swiss), a Swiss hardware cryptocurrency wallet provider developed by Shift Crypto AG.

The dataset is advertised as containing 1.1 million lines of customer data and is being sold for a surprisingly low price of €250.

Brinztech Analysis: This sale is likely the secondary distribution phase of a previously confirmed security incident. In July 2025, the Everest ransomware group claimed to have breached Shift Crypto/BitBox, stealing internal documents and customer order information.

• The Link: The data types listed by ATox (customer orders, shipping info, emails) align perfectly with the data originally claimed by Everest.
• The Escalation: While the initial breach was an extortion attempt, this new “fire sale” price (€250) indicates the data is now being dumped to the wider cybercriminal community. This dramatically increases the risk of widespread abuse, as low-level fraudsters can now afford to buy this list for mass phishing campaigns.

The data includes extensive PII: Email addresses, full names, phone numbers, IP addresses, and shopping/shipping details.

Key Cybersecurity Insights

This alleged data sale presents a unique and critical threat profile:

• Physical Security Risk (The “Ledger” Effect): Unlike a software wallet breach, a hardware wallet breach exposes physical addresses where valuable devices (and likely their owners) are located. This creates a risk of physical extortion or ” $5 wrench attacks,” similar to the fallout from the 2020 Ledger data breach.
• High-Value Phishing Targets: Individuals on this list are confirmed cryptocurrency owners who prioritize security (hence the hardware wallet). Attackers will use the “shopping specifics” data (e.g., “Your order #1234 has a shipping error”) to craft highly convincing supply-chain phishing emails designed to trick users into revealing their seed phrases.
• Trust Erosion: For a company whose product is “security,” a breach of customer PII is devastating. Even though the device itself (and the private keys) remains secure, the exposure of the customer’s identity undermines the privacy promise of the product.

Mitigation Strategies

In response to this claim, BitBox users and the company must take immediate action:

• Proactive User Notification: BitBox must transparently notify all 1.1 million affected customers (if not already done following the July incident) that their data is actively being sold. Transparency is the only way to maintain trust.
• Anti-Phishing Education (The Golden Rule): Users must be reminded: BitBox (Shift Crypto) will NEVER ask for your 24-word recovery seed. Any email, text, or website asking for this is a scam, no matter how “official” it looks or if it references real order details.
• Physical Security Awareness: Users should be vigilant regarding unsolicited packages or unexpected visitors. If possible, future orders should be routed to P.O. boxes or package lockers rather than home addresses.
• Enhanced Email Filtering: Users should be advised to use email aliasing services (like SimpleLogin or AnonAddy) for future crypto-related purchases to compartmentalize their digital identity.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com