Dark Web Hackers Claim to Have Stolen User Data of Over 100K Gemini and Binance Users

Hackers operating on the dark web are claiming to possess and sell sensitive personal data of users from major crypto exchanges Gemini and Binance.

A threat actor identified as “AKM69” has reportedly put up a database containing 100,000 user records allegedly linked to Gemini, according to a March 27 report by cyber threat monitoring site Dark Web Informer.

The listing is said to include full names, email addresses, phone numbers, and location data — primarily from users in the United States, with some entries from Singapore and the UK.

The data is being marketed for purposes ranging from crypto-related marketing to fraud and recovery scams.

Just a day earlier, another threat actor using the alias “kiki88888” reportedly listed a separate trove of Binance user data, including emails and passwords.

That batch allegedly contains more than 132,000 records. However, the source of the data is unclear.

Dark Web Informer suggested that compromised user devices — rather than a breach of Binance itself — may be the root cause, cautioning users to avoid clicking suspicious links.

Some of you really need to stop clicking random stuff. Data courtesy of @whiteintel_io pic.twitter.com/MmbqYnFPVy

These claims follow similar incidents in the past.

In September, a hacker known as “FireBear” claimed to possess over 12 million records stolen from Binance, including personally identifiable information such as birthdates and addresses.

Binance later refuted those claims following an internal investigation, stating no sensitive user data had been compromised.

This month alone has seen a wave of cyber threats targeting crypto users.

On March 21, Australian Federal Police warned 130 individuals of a message scam that impersonated crypto exchange sender IDs, including Binance.

Just days earlier, on March 14, users on X reported fraudulent messages impersonating Coinbase and Gemini, attempting to trick recipients into setting up wallets using pre-generated recovery phrases under the control of the scammers.

Earlier this month, Microsoft identified a new cybersecurity threat targeting cryptocurrency users, uncovering a remote access trojan (RAT) that infiltrates digital wallet extensions in Google Chrome.

The malware, dubbed StilachiRAT, is designed to steal sensitive information from cryptocurrency holders.

The discovery came amid a surge in crypto-related cyberattacks, with hackers increasingly targeting digital assets through sophisticated methods.

Microsoft advised crypto users to strengthen their security measures by implementing antivirus software, cloud-based anti-phishing tools, and strong anti-malware protections to minimize risk.

The rise in malware attacks on cryptocurrency holders coincides with an alarming spike in crypto-related fraud.

In February 2025, losses in the crypto ecosystem increased by 20x month-over-month compared with January 2025, according to the latest report by major blockchain security platform Immunefi.

In January, registered losses stood at $73,915,700. Just a month later, this figure jumped to $1,528,342,400. The latter was the result of nine hacks.

Additionally, the February number is an 18x increase from the same time a year prior. In February 2024, registered losses were $81,603,400.

The post Dark Web Hackers Claim to Have Stolen User Data of Over 100K Gemini and Binance Users appeared first on Cryptonews.