Over 18 million US crypto user records surface on dark web in major data breach

A database containing records of millions of over 18 million US crypto users has surfaced on the dark web. Dark Web Informer on X first reported the incident, noting that the hacker offered the database for $10,000.

According to the post on X, the leaked data includes detailed user information, such as their names, phone numbers, physical addresses, and emails.

It said:

“A threat actor is allegedly selling a large U.S.-based cryptocurrency user database, sourced from multiple exchanges and platforms.”

The threat actor also claimed to have sourced the data from popular crypto platforms, including Binance, Coinbase, Kraken, Gemini, Crypto.com, Bitfinex, Coinmama, eCoin, BearTax, and others. Other reportedly compromised sources include crypto data aggregator CoinMarketCap, retail trading platform Robinhood, and hardware wallet Ledger.

Interestingly, this is not the only crypto-related data leak being offered for sale on the dark web this week. The same account noted that another hacker is selling crypto investors’ leads connected to Robinhood accounts in the US and Europe. Some of the European countries affected include the Netherlands, Germany, Spain, the UK, Switzerland, and Poland.

In this case, the hacker claimed the leads were from a fresh private database while adding that they could provide for other countries on demand within 1 – 2 weeks. This suggests that they are obtaining the data through breaches or unauthorized access.

Crypto platforms silent as the source of leaks remains unknown

The latest leaked data marks the second time in less than a month that details of crypto users will be offered for sale on the dark web. In the first instance, only 230,000 user records from Gemini and Binance were made available for sale.

Despite the reported leaks, none of the platforms concerned have addressed them, and there is no sign of how the hackers are obtaining the data. However, Binance, in a recent post, has denied being compromised in any data leak.

Instead, the exchange’s Chief Security Officer has attributed the source of the data leaks to hackers collecting user information by compromising their browser sessions. Su claimed that bad actors are using InfoStealer malware to gather users’ personal data and sell it online.

Nevertheless, it appears that the bad actors have already started using that information for phishing campaigns. Binance and Coinbase users have now reported receiving text messages from sender IDs tagged to the exchanges claiming that their accounts have been compromised and requesting that they call a phone number to resolve the issue.

Users call to switch to DEXs

Many people have expressed concerns about the data breach due to the large-scale impact of the data being offered for sale and the potential for bad actors to use it for targeted phishing campaigns, identity theft, and other illicit activities.

For some crypto users, this further proves that using centralized exchanges is not a good idea and that everyone should opt for decentralized platforms. Others believe that crypto exchanges should be liable for these data breaches, especially as they are not taking responsibility.

Meanwhile, the growing report of user data being offered for sale highlights recent concerns about privacy by Ethereum co-founder Vitalik Buterin. Buterin has been advocating for increased privacy on the blockchain in recent weeks and highlighted Zero-Knowledge proof as the solution to current privacy woes.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot