Private Data from 500 Cryptocurrency Platforms Is Allegedly for Sale Online

A threat actor claims to have for sale a massive trove of databases of users, wallets, balances and more, stemming from compromised databases of more than 500 cryptocurrency platforms. 

Dark Web vendors who claim to have massive databases for sale aren't all that rare. They tell the truth sometimes, but lie just as often. It's impossible to take them at their word. However, if this leak proves real, it might be one the largest ever recorded. 

Intelligence platform ThreatMon noted that someone posted a ZIP archive allegedly containing databases from dozens of major cryptocurrency platforms on a popular underground marketplace.

The asking price? 

A staggering 75 BTC, or approximately $5 million, which clearly reflects the scale of the data involved, if the leak is real.

"Lots of private data, & balances of 10+ exchanges," the seller says in the listing, trying to justify the high price. A screenshot of the post shows hundreds of filenames referencing well-known exchanges and crypto services, including Binance, Coinbase, KuCoin, Ledger, Trust Wallet, and Bitfinex.

The filenames in the leaked screenshot include:

• binance_2023_full.txt
• coinbase_fllgs_full.txt
• phantom_wallet_2023_full.txt
• kucoin_emails.txt
• crypto.com_full.txt
• ledger_emails_full.csv

Each file suggests what type of data it contains, ranging from wallet credentials and balances to personally identifiable information (PII). Files such as flags_full.txt imply the inclusion of internal platform activity flags or suspicious activity reports. 

This would mean that the attackers, whoever they are, may have had direct access to this type of data from numerous cryptocurrency platforms. 

The seller published no sample data in the listing, which is a common tactic meant to deter data scraping and ensure that only serious buyers engage. Instead, they instruct interested parties to send private messages and refer to a "sample image" of the file index. 

Until now, no publicly circulating samples of the dataset have been spotted online. There's also a good chance that it's not actually new data but a combination of previously known leaks, breaches, or scraped credentials from multiple forums.