Over 100,000 Gemini user details are being marketed by dark web operators. user records In addition, 132,744 Binance user credentials are listed for sale on hidden online platforms.
Dark Web Informer, a cyber threat intelligence service, recently shared insights on a massive ongoing data exchange. This group tracks and reports on a variety of cyber threats ranging from data breaches to DDoS attacks.
Is It Real?
On March 27, a new entry from Dark Web Informer detailed how a cybercriminal known as AKM69 is selling a large database allegedly linked to Gemini, packed with records of U.S.-based cryptocurrency users.
The advertised dataset on hidden forums supposedly features over 100,000 entries, including full names, emails, phone numbers, and location information, predominantly from American users, with minor data from Singapore and the UK.
A day earlier, on March 26, Dark Web Informer alerted that an actor under the pseudonym "kiki88888" posted about a 2025 Binance data leak on a hacking forum, including an offer of 132,744 records with personal details.
Gemini is yet to officially verify any data leaks claimed by others. Meanwhile, security specialists caution that potential exposure of this user information could lead to phishing, identity fraud, and crypto-related scams.
Binance has responded to concerns about a phishing operation that seems to target its user base.
Following revelations of user data appearing on the dark web, Binance clarified that the data was not a result of a breach of their security systems but rather a phishing exploit.
Binance detailed how this attack utilized malware to commandeer individual users' browsers, leading to the eventual theft of their data.
The statement from Dark Web Informer aligns with Binance's explanation, suggesting that users unintentionally compromised their information by engaging with suspicious links or downloads.
Big Money At Risk
Cybersecurity experts note that major crypto platforms frequently act as lucrative targets for cybercriminals aiming to capitalize on sensitive consumer data.
Back in September 2024, an individual identified as “FireBear” alleged they had obtained private details of 12.8 million Binance users, including personally identifiable information.
Claiming the information stemmed from a previous security slip-up, FireBear decided to sell the dataset on the dark web.
Binance, however, has categorically denied such claims post an exhaustive internal audit, stating no data breach was reported on their end.
During that period, it was recommended that users remain vigilant against phishing endeavors.
Criminals have also been noted to impersonate leading crypto exchanges to mislead users. Recently, Australian Federal police warned 130 people about a refined scam involving messages that mimicked authentic exchange sender IDs, including those of Binance.
Earlier, deceptive messages mimicking Coinbase and Gemini were reported, aiming to manipulate users into creating new wallets with recovery phrases under the control of the fraudsters.
SOCRadar’s Dark Web Team recently revealed that an individual on the dark web has advertised a service to exploit stolen cryptocurrency, claiming compatibility with over 100 blockchain networks, covering major ones like Ethereum, Bitcoin, and Binance Smart Chain.
In a related cyber threat update, Microsoft has flagged a new malware called StilachiRAT targeting crypto users, designed to siphon credentials from browsers, clipboard content, and system information.
