Darkweb threat actors claim to have hundreds of thousands of user records — including names, passwords and location data — of Gemini and Binance users, putting the apparent lists up for sale on the internet. 

The Dark Web Informer, a Darkweb cyber news site, said in a March 27 blog post that the latest sale is from a threat actor operating under the handle AKM69, who purportedly has an extensive list of private user information from users of crypto exchange Gemini. 

“The database for sale reportedly includes 100,000 records, each containing full names, emails, phone numbers, and location data of individuals from the United States and a few entries from Singapore and the UK,” the Dark Web Informer said.

“The threat actor categorized the listing as part of a broader campaign of selling consumer data for crypto-related marketing, fraud, or recovery targeting.”

Gemini didn’t immediately respond to Cointelegraph’s request for comment. 

A day earlier, Dark Web Informer said another user, kiki88888, was offering to sell Binance emails and passwords, with the compromised data reportedly containing 132,744 lines of information.

Binance says leaked info came through phishing, not data leak

Speaking to Cointelegraph, Binance said the information on the dark web is not the result of a data leak from the exchange. Instead, it was a hacker who collected data by compromising browser sessions on infected computers using malware.In a follow-up post, the Dark Web Informer also alluded to the data theft being a result of user’s tech being comprised rather than a leak from Binance, saying, “Some of you really need to stop clicking random stuff.” 

In a similar situation last September, a hacker under the handle FireBear claimed to have a database with 12.8 million records stolen from Binance, with data including last names, first names, email addresses, phone numbers, birthdays and residential addresses, according to reports at the time. 

Binance denied the claims, dismissing the hacker’s claim to have sensitive user data as false after an internal investigation from their security team. 

This isn’t the first cyber threat targeting users of major crypto exchanges this month. Australian federal police said on March 21 they had to alert 130 people of a message scam aimed at crypto users that spoofed the same “sender ID” as legitimate crypto exchanges, such as Binance. 

Another similar string of scam messages reported by X users on March 14 spoofed Coinbase and Gemini attempting to trick users into setting up a new wallet using pre-generated recovery phrases controlled by the fraudsters.