YEREVAN (CoinChapter.com) — Over 230,000 user records from Binance and Gemini are now for sale on dark web markets. The data includes emails, names, phone numbers, and location details. The incidents were reported by Dark Web Informer, a platform that tracks online cybercrime activity.
Both exchanges have not released official statements. The source of the leaked crypto exchange records remains unclear.
Gemini User Data Listed by Seller AKM69
On March 27, a dark web actor using the name AKM69 posted a dataset linked to Gemini user data. The listing reportedly contains over 100,000 entries. Most affected users are based in the United States, with some from the United Kingdom and Singapore.
The seller claims the Gemini user data can be used for marketing, fraud, or crypto scams. Each record allegedly includes full name, email, phone number, and location.
Dark Web Informer did not confirm a direct breach of Gemini’s systems. Instead, the report suggested the data likely came from phishing crypto attacks or stolen user credentials.
Binance User Data Offered on Dark Web by Second Actor
On March 26, another seller named kiki88888 offered over 132,000 Binance user data entries. This separate listing includes login credentials and other personal data. The data was also shared on dark web leak platforms, according to Dark Web Informer.
The report attributes the leak to phishing crypto attacks, not a direct breach of Binance’s infrastructure. A post from the Informer noted,
“Some of you really need to stop clicking random stuff.”
There is still no public comment from Binance.
Phishing Crypto Attacks Behind Most Leaks
Security researchers point to phishing as a key tool behind the growing number of leaked crypto exchange records. Attackers impersonate trusted sources and trick users into revealing sensitive data. They often use fake websites, emails, or ads to gain access.
In March, Coinbase users reportedly lost over $46 million in social engineering scams. Also, Scam Sniffer reported that phishing crypto attacks led to over $15 million in losses in January and February 2025.
This trend shows how phishing remains one of the most common methods used to steal crypto exchange user data.