Over 100k Gemini Customer Data Allegedly Up For Sale On The Dark Web: Report

Over 100,000 customers of cryptocurrency exchange Gemini may be at risk after a threat actor allegedly listed a trove of personal user data, including names, emails, phone numbers, and locations, for sale on the dark web.

According to a Mar. 27 blog from The Dark Web Informer, a cyber threat intelligence platform, a user operating under the alias “AKM69” claims to have gotten their hands on a massive cache of Gemini user data.

The post says the database includes around 100,000 individual records, mostly from the United States, with a few entries tied to users in Singapore and the UK. Each record reportedly contains full names, email addresses, phone numbers, and location data.

Gemini hasn’t commented publicly on the matter yet. At this stage, it’s unclear whether the breach originated from Gemini’s own systems or from external vulnerabilities, such as compromised user devices or phishing attacks.

The latest report follows a similar warning about Binance just a day earlier. Another threat actor, using the handle “kiki88888,” reportedly put up over 132,700 lines of Binance user data for sale, including emails and passwords.

Regarding the Binance incident, The Dark Informer hinted that the data leak may be due to compromised user devices, and urged the public to “stop clicking random stuff.”

crypto.news has reached out to both Gemini and Binance, but neither has responded at the time of writing.

For Binance, this isn’t the first time bad actors have threatened to leak stolen credentials. Back in September, an anonymous user going by the name “FireBear” claimed to have access to 12.8 million records stolen from the exchange and tried to sell them on similar dark web forums. 

The database allegedly included first and last names, email addresses, phone numbers, birthdates, and residential addresses.

Binance, however, refuted the claims, stating that an internal investigation by its security team found no evidence that the data leak originated from its platform. 

As previously reported by crypto.news, last November, Nigerian crypto exchange Bitnob reportedly exposed over 250,000 KYC documents after a misconfigured Amazon Web Services (AWS) storage bucket left sensitive user data publicly accessible.

Such incidents have not been limited to just crypto exchanges. In December of that year, hackers compromised the personal data of over 58,000 customers of United States-based Bitcoin ATM operator Byte Federal.

A month later, SlowMist warned that over 7 million OpenSea user email addresses, originally compromised in a June 2022 breach, had been made fully public, placing users at risk of phishing attacks.