Update (March 28, 10:50 am UTC): We’ve updated this article to include comments from spokespeople at both Binance and Gemini.

Hold on to your hats – dark web threat actors are now claiming to possess a massive trove of user data, allegedly from Gemini and Binance! We’re talking potentially hundreds of thousands of user records, including names, passwords, and even location data. These purported lists are apparently being offered for sale on the dark web right now.

According to Dark Web Informer, a website specializing in dark web cyber news, this latest alleged data dump comes from a threat actor known as AKM69. In a blog post on March 27th, they reported that AKM69 claims to possess a treasure trove of private user details pilfered from the crypto exchange Gemini.

Dark Web Informer further detailed that “the database up for grabs supposedly contains a whopping 100,000 records! Each entry is said to include full names, email addresses, phone numbers, and location data, primarily of individuals from the United States, with a smattering of entries from Singapore and the UK.”

Adding another layer of concern, they noted that “the threat actor has positioned this listing as part of a larger scheme of selling consumer data, potentially for crypto marketing, fraud, or even those dubious ‘recovery’ scams.”

Cointelegraph reached out to Gemini for comment, and a spokesperson clarified that the data in question actually stems from a December 2022 security incident at a third-party vendor. In that previous incident, some email addresses and partial phone numbers were unfortunately exposed.

The Gemini spokesperson suggested that “it’s highly likely this threat actor has beefed up the data from that past incident by combining it with other publicly available information, or even data floating around on the dark web from entirely separate breaches unrelated to Gemini.”

They firmly stated, and this is key: “There was absolutely no breach of Gemini’s own systems. Critically, no Gemini account details or any other Gemini-specific data was compromised in this third-party vendor incident. Rest assured, all user funds and accounts remain completely secure.”

Just a day prior to the Gemini news, Dark Web Informer reported another dark web user, going by the handle kiki88888, was trying to sell Binance user emails and passwords. This alleged haul reportedly included a staggering 132,744 lines of compromised information.

Binance Rejects Data Leak Claims, Points to Phishing

Binance also addressed the swirling rumors. A spokesperson for the exchange informed Cointelegraph that they were fully aware of the recent claims about a potential data breach affecting Binance users.

“Let’s set the record straight,” the Binance spokesperson stated emphatically. “There has been absolutely no data leak originating from Binance’s systems. Our dedicated security team is actively tracking a known hacker operating on the dark web. This individual obtains data by compromising browser sessions on users’ infected computers – it’s a browser-level issue, not a Binance breach.”

Interestingly, Dark Web Informer themselves seemed to echo this sentiment in a subsequent post, hinting that the data theft was more likely due to compromised user devices rather than a leak from Binance’s side. They even quipped, with a dose of dark web humor, “Some of you really need to stop clicking random stuff.”

This isn’t the first time Binance has faced such claims. Back in September, another hacker, using the alias FireBear, boasted about possessing a massive database of 12.8 million Binance user records! This supposedly included sensitive data like last names, first names, email addresses, phone numbers, birthdays, and even residential addresses, according to reports at the time.

However, Binance swiftly refuted these claims as well. Following an internal investigation, their security team dismissed FireBear’s allegations of holding sensitive user data as completely unfounded.

Related: Binance claims code leak on GitHub is ‘outdated,’ poses minor risk

And it’s worth remembering that crypto exchanges, and their users, are constantly under attack. Just this month, Australian federal police reported on March 21st that they had to warn 130 individuals about a sophisticated message scam. This scam cleverly spoofed the “sender ID” of legitimate crypto exchanges, including Binance, to trick users.

We also saw a similar wave of scam messages just days earlier, around March 14th. These messages mimicked Coinbase and Gemini, attempting to lure users into setting up new wallets using pre-generated recovery phrases – giving the fraudsters complete control, of course.

https://www.buzzsprout.com/2096305/episodes/16821617-lazarus-group-s-1-4b-bybit-hack-is-just-the-beginning-feat-certik?client_source=small_player&iframe=true&referrer=https://www.buzzsprout.com/2096305/16821617.js?container_id=buzzsprout-player-2096305-16821617&player=small" loading="lazy" width="100%" height="200" frameborder="0" scrolling="no" title="The Agenda Podcast: Decoding Crypto, Lazarus Group’s $1.4B Bybit hack is just the beginning (feat. CertiK)

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis

Explore more articles like this

Subscribe to the Finance Redefined newsletter

A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday

Subscribe

By subscribing, you agree to our Terms of Services and Privacy Policy