Claims of a massive data breach involving over 100,000 Gemini and Binance users have surfaced on the dark web, raising fresh concerns about the persistent vulnerabilities plaguing the crypto exchange ecosystem. The allegations, made by threat actors on cybercrime forums, suggest that personal user data, ranging from emails and names to phone numbers and location information is now being sold online.
While Gemini has yet to publicly respond, Binance strongly denies any internal breach, attributing the leaked data to phishing campaigns and malware-infected devices rather than a compromise of its systems.
On March 27, cyber threat intelligence site Dark Web Informer reported that a hacker operating under the alias AKM69 had listed a database allegedly tied to Gemini Exchange, containing over 100,000 records.
The compromised data includes:
- Full names
- Email addresses
- Phone numbers
- Location data
Most entries are reportedly from the United States, with some additional users from Singapore and the United Kingdom. The hacker described the dump as part of a broader campaign aimed at exploiting consumer data for crypto-targeted marketing, fraud, or asset recovery scams.
Gemini has not issued an official statement in response to the claims.
Binance Leak Tied to Phishing, Not Server Breach
A day before the Gemini listing surfaced, another dark web actor using the handle kiki88888 claimed to be selling Binance account data, including 132,744 entries with emails and passwords.
In response, Binance told Cointelegraph the data was not the result of a server-side breach. Instead, it traced the exposure to compromised browser sessions via malware-infected devices, another case of social engineering and phishing, not a backend data leak.
Even Dark Web Informer hinted that poor digital hygiene was to blame, warning users, “Some of you really need to stop clicking random stuff.”
This is not the first time high-profile names like Binance and Gemini have been targeted. In September 2023, a hacker known as FireBear claimed to have stolen a 12.8 million-record Binance database, which included full names, addresses, and phone numbers. Binance later denied those claims following an internal investigation.
Just this month, both exchanges have seen renewed phishing activity. On March 14, users on X reported receiving spoofed SMS messages from Coinbase and Gemini, urging victims to reset wallets using recovery phrases controlled by scammers. And on March 21, the Australian Federal Police said it had alerted over 130 people of a targeted phishing campaign spoofing Binance’s SMS sender ID.
While the latest incidents don’t appear to stem from direct exchange breaches, they spotlight an uncomfortable truth: users remain the weakest link in crypto security. Malware, fake wallet setups, and phishing emails continue to enable attackers to harvest sensitive user data at scale, often outside the control of the exchanges themselves.
In this context, Binance and Gemini may be operationally secure, but their users remain highly vulnerable to deceptive tactics.
What’s Next
As these dark web claims circulate, crypto exchanges and users alike are under pressure to double down on security hygiene. Platforms will need to enhance anti-phishing protections and educate users on recognizing threats, while users must be vigilant against malicious links, spoofed messages, and social engineering.
For regulators and security experts, these incidents highlight the evolving cyber threat landscape and the need to balance innovation with robust security infrastructure—especially in a financial ecosystem increasingly reliant on self-custody and digital IDs.
