Cybercriminals on the dark web are claiming to possess extensive personal data from users of major cryptocurrency exchanges Gemini and Binance, offering the stolen information for sale. However, Binance insists the data was not leaked from its platform but instead obtained through malware infections on users' devices.
A cyber news site, Dark Web Informer, reported on March 27 that a threat actor using the alias AKM69 is selling a database containing 100,000 user records allegedly from Gemini. The database reportedly includes full names, emails, phone numbers, and location data of individuals, primarily from the United States, with some entries from Singapore and the United Kingdom.
According to Dark Web Informer, the seller categorized the listing as part of a broader effort to sell consumer data for crypto-related marketing, fraud, or targeted scams.
A Second Data Breach Claim Hits Binance
A day earlier, another dark web user, kiki88888, was seen offering a separate batch of compromised data from Binance, allegedly containing 132,744 user emails and passwords.
Binance responded to the report, stating that the data did not originate from an exchange leak. Instead, the company said hackers likely obtained the information through phishing attacks and malware infections on compromised devices, allowing them to steal user login credentials.
The Dark Web Informer post appeared to support Binance’s explanation, adding a blunt warning: "Some of you really need to stop clicking random stuff."
This is not the first time Binance has faced such claims. In September, a hacker using the alias FireBear claimed to have 12.8 million records from Binance, including names, emails, phone numbers, birthdays, and addresses. Binance denied the allegation, saying its internal security team found no evidence of a breach.
A Growing Cybersecurity Threat in Crypto
This latest dark web activity comes amid a broader wave of cyber threats targeting cryptocurrency users. On March 21, Australian federal police alerted 130 individuals about a scam that spoofed legitimate Binance communications in an attempt to steal funds.
Similarly, on March 14, X (formerly Twitter) users reported phishing scams disguised as Coinbase and Gemini alerts, tricking victims into setting up wallets with pre-generated recovery phrases controlled by fraudsters.
As crypto exchanges continue to be a prime target for cybercriminals, security experts warn users to stay vigilant against phishing attacks, avoid clicking suspicious links, and enable two-factor authentication (2FA) to protect their accounts.