Cryptocurrency Exchanges Gemini, Binance Face Data Leak Threats

Darkweb threat actors have claimed to possess a massive leak of user data from two prominent cryptocurrency exchanges, Gemini and Binance. The threat actors are selling over 100,000 Gemini user records and 132,744 Binance user credentials on online platforms. The data includes full names, emails, phone numbers, and location information, primarily from users based in America, with a smaller number of entries from Singapore and the UK.

The cybercriminals operating under the aliases AKM69 and kiki88888 have listed these databases on underground forums, offering them for sale. Gemini has not officially confirmed any breach or direct link to the leaked data, while Binance has stated that the information was not obtained through a direct security breach of their systems. Instead, Binance claims that the data was gathered through phishing attacks, where malware infected individual users’ computers, allowing hackers to take over browser sessions and steal data.

Ask Aime: How do the stolen data from Gemini and Binance affect the cryptocurrency market and user trust?

Security experts warn that the exposure of this information could lead to various cyber threats, including phishing attacks, identity theft, and cryptocurrency scams targeting affected individuals. The incident highlights the ongoing risk of cyber threats in the cryptocurrency industry, where major exchanges are often high-valued targets for cybercriminals seeking to profit from sensitive personal and financial data.

In a similar incident in September 2024, a person identifying as “FireBear” claimed to have acquired the sensitive details of 12.8 million Binance users. However, Binance denied these allegations after a comprehensive internal investigation, asserting that no data breach had taken place on their systems. Security experts advised users to exercise caution and be on the lookout for phishing attempts.

Cybercriminals often impersonate prominent exchanges to deceive users. This month, the Australian Federal Police notified 130 individuals about a sophisticated scam involving messages that mimicked the sender IDs of legitimate cryptocurrency exchanges, including Binance, to lure recipients. Earlier reports also surfaced on X of deceptive messages impersonating coinbase and Gemini, aiming to trick users into setting up new cryptocurrency wallets using recovery phrases controlled by scammers.

SOCRadar’s Dark Web Team reported that a threat actor advertised a service designed to handle and exploit stolen cryptocurrency information. The service claims to work across a vast range of over 100 different blockchain networks, including major ones like Ethereum, Bitcoin, Binance Smart Chain, Polygon, and Solana. Additionally, microsoft disclosed that it had identified a new malware targeting cryptocurrency holders called StilachiRAT, which can steal credentials stored in browsers, clipboard data, and system information.