Dark Web Hackers Claim to Sell Gemini and Binance User Data: Details

Threat actors on the dark web are allegedly selling hundreds of thousands of user records from Gemini and Binance, raising serious concerns over the security of crypto exchanges. According to Dark Web Informer, a cyber-focused news outlet, hackers operating under the alias AKM69 are offering 100,000 Gemini user records for sale.

The database reportedly contains full names, emails, phone numbers, and location data of individuals, primarily from the United States, with some entries linked to Singapore and the UK. The hacker claims the data is part of a broader campaign aimed at exploiting crypto users for fraud, marketing scams, or account recovery targeting.

A day prior, another dark web seller, going by the handle kiki88888, listed a batch of Binance emails and passwords for sale. The compromised dataset allegedly contains 132,744 lines of sensitive information.

Binance Denies Internal Data Breach

In response to the reports, Binance clarified that the leaked data did not stem from a breach of the exchange itself. Instead, the company attributed the incident to malware-infected computers, where hackers gained access by compromising browser sessions.

Dark Web Informer echoed this explanation, hinting that the data leak stemmed from user negligence rather than exchange vulnerabilities. The platform cheekily added, “Some of you really need to stop clicking random stuff.”

This isn’t the first time Binance has been linked to a potential data leak. In September 2024, a hacker named FireBear claimed to have stolen a database containing 12.8 million Binance user records, including names, emails, phone numbers, and residential addresses. However, Binance dismissed the claim as false following an internal investigation.

Crypto Users Increasingly Targeted by Scams

The latest dark web listings underscore the rising cyber threats facing crypto users. Just last week, Australian federal police revealed they had warned 130 individuals about a phishing scam impersonating Binance. The scam, which used a spoofed sender ID, attempted to lure users into revealing their credentials.

On March 14, several X users reported receiving fraudulent messages mimicking Coinbase and Gemini, urging them to create new wallets with pre-generated recovery phrases controlled by hackers.

As hackers grow increasingly sophisticated, experts warn that even seemingly minor leaks can become entry points for large-scale fraud.