Hackers operating on the dark web claim they are selling personal data of users from two of the largest cryptocurrency exchanges — Gemini and Binance.
The stolen information allegedly includes sensitive details such as full names, email addresses, phone numbers, passwords, and location data. However, Binance has denied any breach of its own systems.
Hacker Offers 100,000 Gemini User Records for Sale
According to Dark Web Informer, a website that tracks cybercrime activities on the dark web, a hacker using the alias “AKM69” is selling a database containing information on around 100,000 Gemini users. The cybercriminal claims the data includes full names, email addresses, phone numbers, and location details. The majority of the stolen records reportedly belong to users based in the United States, with a smaller portion of entries from Singapore and the United Kingdom.
The hacker categorized the sale as part of a wider scheme targeting crypto users. The data is said to be used for fraudulent activities, fake recovery services, or crypto-related marketing campaigns. Gemini has yet to issue an official statement in response to these claims.
On March 26, just a day before the Gemini leak was reported, another hacker advertised a different batch of stolen data from Binance. This time, the hacker claimed to possess email addresses and passwords belonging to Binance users. The database reportedly contains over 132,000 records.
However, Binance quickly responded to the reports, saying that the data was not obtained through a breach of Binance’s platform. Instead, the exchange clarified that the information likely came from malware infections on users’ devices. Malware refers to harmful software that infects computers and steals information, often when users unknowingly click on suspicious links or download harmful files.
Binance Says It Was a Phishing Attack, Not a Leak
Binance stressed that its systems were not breached and that the exchange remains secure. The company explained that the hackers seem to have gathered user data through phishing attacks and malware infections. These attacks often occur when users visit fake websites, click on unsafe links, or enter sensitive information without realizing they are interacting with scammers.
In a follow-up blog post, Dark Web Informer supported Binance’s explanation, pointing out that the leaked information appears to come from compromised user devices, not from Binance itself. The site also reminded users to be cautious, warning, “Some of you really need to stop clicking random stuff.”
This is not the first time hackers have claimed to possess large amounts of data from major crypto exchanges. On March 14, several users reported receiving fraudulent messages that impersonated major crypto platforms such as Coinbase and Gemini. The scammers attempted to trick users into creating new crypto wallets using pre-generated recovery phrases controlled by the attackers.