- According to reports, over 18 million personal records of US-based crypto users have been listed for sale on the dark web.
- This data includes full names, email addresses, phone numbers, and even addresses, which puts millions at risk of identity theft.
- Everyday crypto users should keep in mind that digital assets are not immune to traditional cyber risks.
A major scare in the cybersecurity space has hit the crypto market this week. According to reports, over 18 million personal records of US-based crypto users have been listed for sale on the dark web. This development has triggered a wave of panic across the market, especially with questions of how secure crypto platforms really are, beginning to surface from all over the internet.
The leaked data reportedly includes sensitive personal details from more than 20 major crypto platforms like Binance US, Coinbase, Gemini, and Robinhood, among others. Here’s how bad the situation is and what happened.
What’s in the Data and Who’s Affected?
The data breach was first reported on 15 April by the popular underground cybercrime tracker, Dark Web Informer. According to this report, a malicious actor on the dark web is selling a massive database of U.S.-based crypto users for just $10,000.
This data includes full names, email addresses, phone numbers, and even addresses. All of this information falls under the Personally Identifiable Information (PII) and puts millions at risk of identity theft. Other more serious threats include cases of phishing attacks, SIM swapping, and many other kinds of fraud.
Around 1.4 million phone records were stolen from Binance, along with 1.8 million from Crypto.com and 432,000 from Coinbase, among others. Even CoinMarketCap and Ledger were not exempt from this large-scale exploit. Other platforms in the leak include Bitfinex, Coinmama, BearTax, and USA Crypto Legacy, with over 18 million groups of user information being sold.
How Did This Happen?
Dark Web Informer did not mention the exact source of the hack. The dataset’s size and platform diversity suggest a major vulnerability or aggregated past leaks. So far, no exchanges have reported breaches of their internal systems. This shows that many of these leaks come from malware-infected devices rather than the platforms themselves being hacked.
Security researchers are currently working on verifying this dataset and figuring out how the breach happened in the first place. Still, the size of the dataset and the range of affected platforms shows that this may be one of the biggest crypto-related leaks to date.
A Growing Rash of Crypto Data Leaks
Unfortunately, this breach, however large, isn’t the only one in recent times.
In the past few months alone, over 230,000 combined user records from Binance and Gemini were reportedly listed for sale on the dark web. Another breach saw Robinhood user leads across the U.S. and Europe exposed, including users from the Netherlands, Switzerland, France, Germany, Poland, Spain, and the UK.
Earlier incidents came from Ledger and Gemini, a breach that many believe to have come from unauthorized access rather than web scraping. The growing recurrence of these leaks shows that data privacy is a serious threat to the crypto space, not only for the platforms being hacked but also for their users. Overall, everyday crypto users should remember that digital assets are not immune to traditional cyber risks.
