A significant data breach has rocked the cryptocurrency ecosystem, with reports indicating that over 18 million records of U.S.-based crypto users have been compromised and are now up for sale on the dark web. The threat actor behind the leak is allegedly offering the entire dataset—comprising sensitive personal information from more than 20 major crypto platforms—for approximately ₹8.35 lakh (about $10,000).
This breach poses serious security implications, particularly as the leaked data includes personally identifiable information (PII) such as names, email addresses, phone numbers, residential addresses, and potentially more sensitive identifiers. Cybersecurity experts warn that such data could be exploited for identity theft, phishing schemes, or large-scale financial fraud.
High-Profile Crypto Companies Reportedly Affected
According to the listing, the breach encompasses some of the biggest names in the crypto and fintech space. A partial breakdown of the data volume from each platform is as follows:
-
Crypto.com: 1.8 million+ records
-
Binance US: 1.4 million+ records
-
Gemini: 800,000+ records
-
Coinbase: 432,000+ records
-
Robinhood: 197,000+ records
-
Kraken: 121,000+ records
-
Ledger: 54,000 records (20,000 public and 34,000 private)
-
CoinMarketCap: 76,000+ records
Other platforms reportedly affected include Bitfinex, Coinmama, BearTax, and several lesser-known services. This breadth of affected entities suggests either a highly coordinated cyberattack or a long-term effort to aggregate leaked datasets from prior breaches.
Industry Response and Risk Assessment
Although the dataset’s authenticity is still under forensic review, cybersecurity analysts caution that even partial accuracy could lead to severe consequences. Given the interconnected nature of identity and financial data in crypto platforms, victims of the breach may face an increased risk of spear phishing, social engineering attacks, and direct wallet-targeted frauds.
Also read: NSA Agents Named in Chinese Cyberattack Allegations
Security teams from the mentioned platforms have not yet issued public statements, but internal investigations are reportedly underway across the industry. Some platforms may not have been directly compromised but rather affected through third-party data exposure or re-use of credentials across services.
A Call for Stronger Protections
If validated, this would represent one of the largest crypto-related data breaches to date, reigniting debates over user data protection, regulatory oversight, and platform accountability. The incident also highlights the urgent need for enhanced cybersecurity infrastructure and user education across the rapidly expanding digital asset space.
For users, experts recommend taking precautionary steps such as updating passwords, enabling two-factor authentication (2FA), and closely monitoring their email and crypto account activity for unusual behavior.
This breach serves as a stark reminder that while blockchain technology may promise security and decentralization, user-side data and centralized services remain significant vectors of risk.
