Dark Web Actors Claim Over 100K User Records from Gemini, Binance Response
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Dark web threat actors are selling what they claim is a database containing over 100,000 records of Gemini users’ personal information. The data reportedly includes full names, email addresses, phone numbers, and location details from mainly US users, with a few entries from Singapore and the UK.
Dark Web Informer Exposes Crypto Data Sales, as Binance Blames Malware Infiltration
According to a March 27 post on the dark web news site Dark Web Informer, the seller (operating under the handle AKM69) is promoting the data as part of a broader campaign targeting crypto users for fraud, marketing scams, or recovery operations.
In an earlier posting on X by Dark Web Informer, it was said that another individual known as kiki88888 offers a dataset with 132,744 lines of Binance emails and passwords.
https://twitter.com/DarkWebInformer/status/1904898332079632700
Binance has since refuted claims that the compromised information resulted from a direct breach of its systems.
Instead, the exchange explained that the hacker acquired the data by infiltrating browser sessions on compromised computers using malware. Dark Web Informer supported its claim in a follow-up post on X, although Gemini has not yet commented on the recent incident.
Similarly, major crypto exchanges have faced such incidents before.
Last September, a hacker named FireBear claimed to have obtained 12.8 million records from Binance, including detailed personal data. Binance dismissed these claims following an internal investigation.
Additionally, fraudulent schemes impersonating exchanges like Coinbase and Gemini have been widely reported on social media.
At the same time, authorities continue to warn the public about targeted scam messages masquerading as legitimate crypto exchanges.
For instance, in Australia, officials recently alerted 130 individuals about the possibility of receiving scam messages that mimicked trusted crypto brands, urging them to transfer crypto assets wrongly and provide sensitive information.
Clipboard Jacking Malware: New Trojan Targets Crypto Wallet Extensions, Warnings Issued
Crypto jacking malware continues to be a major concern for the crypto industry.
This malware, a particularly dangerous variant, has increased since 2017. By intercepting and manipulating clipboard data, it poses serious threats to crypto users—so much so that Binance issued a public warning last September after detecting a sharp surge in clipper malware activity during August.
Similarly, cybersecurity firm Kaspersky identified cases where hackers deploy fake GitHub projects to steal cryptocurrency and sensitive data.
According to Kaspersky, these repositories—active for over two years—distribute remote access trojans (RATs), info-stealers, and clipboard hijackers.
Masquerading as legitimate tools like Telegram bots for Bitcoin management, the projects infect systems upon execution, ultimately harvesting credentials, wallet data, and browsing histories.
In March, Microsoft’s Incident Response Team announced StilachiRAT, a new remote access trojan (RATs) targeting crypto wallet extensions in Google Chrome.
The team first identified it in November 2024. The malware scans configuration files from 20 wallet extensions (including Bitget, Trust Wallet, and MetaMask) to extract sensitive data.
It conducts deep system reconnaissance, stealing saved Chrome credentials and system details while establishing command-and-control connectivity via TCP ports 53, 443, or 16000 for remote execution.
Although its spread remains limited, this incident shows the urgent need for heightened vigilance and robust security measures in the crypto space.
