Darkweb Actors Target Crypto Users with Alleged Gemini and Binance Data

Darkweb threat actors are claiming to allegedly possess vast troves of sensitive personal information from Gemini and Binance, two prominent crypto exchanges. Reports emerging from the shadowy corners of the internet suggest that these individuals are offering detailed user records—including names, passwords, emails, phone numbers, and even location data—for sale to the highest bidder.

The revelations have sparked concern among crypto enthusiasts and raised questions about the security of personal information in an increasingly digital world. A Binance spokesperson has responded to the allegations, asserting that the exchange’s systems remain secure and attributing the alleged leaked data to external phishing schemes rather than an internal breach.

The Dark Web Informer, a cyber news outlet focused on underground internet activities, broke the story in a blog post. According to the site, a threat actor operating under the pseudonym AKM69 is behind the latest sale, advertising a database purportedly containing 100,000 records tied to Gemini users.

This information reportedly spans full names, email addresses, phone numbers, and location details, primarily from individuals in the United States, with a smaller number of entries from Singapore and the United Kingdom. The seller has positioned this data as a resource for crypto-related marketing efforts, fraud schemes, or recovery operations targeting unsuspecting users. Meanwhile, Gemini has yet to provide an official statement.

Just a day prior, the Dark Web Informer highlighted a separate incident involving another actor, known as kiki88888, who claimed to possess a dataset with 132,744 lines of Binance-related information, including emails and passwords.

Binance Attributes Data Exposure to Phishing Schemes

Binance has moved quickly to address the situation, with a spokesperson speaking to Cointelegraph about the circulating claims. The exchange firmly denied that its systems had been compromised, emphasizing that no data leak originated from their end.

Instead, the spokesperson pointed to a known darkweb hacker who collects sensitive information by exploiting browser sessions on infected computers—a tactic commonly associated with phishing attacks. This explanation aligns with a follow-up observation from the Dark Web Informer, which hinted that user negligence, such as clicking on suspicious links, might be the true culprit behind the exposed data. The site’s candid remark, urging users to “stop clicking random stuff,” serves as a reminder of the role personal vigilance plays in online security.