-
Personal data from Ledger, Gemini, and Robinhood users is being sold on the dark web, sparking renewed crypto sector security fears.
-
Leaks show US-based users’ emails, phone numbers, and addresses were compromised, likely via phishing—not platform breaches.
-
With AI-driven fraud growing, experts urge users to stay alert as scams mimic official crypto communications, including SMS alerts.
April sees a surge in user data from major crypto companies being sold on the dark web, highlighting serious security vulnerabilities within the crypto sector.
How Are User Details Ending Up on the Dark Web?
The Dark Web Informer account on X (formerly Twitter) recently shared a troubling update. An account claimed to be selling data from well-known crypto platforms, including Ledger, Gemini, and Robinhood.
Dark Web Informer posted screenshots showing that the seller has access to detailed user information—from phone numbers to home addresses. Most of the affected users are based in the United States, which matches the primary user base of Gemini and Robinhood.
So far, none of the mentioned platforms have issued official statements about the reported leaks.
This isn’t the first time such an incident has occurred. In 2021, Robinhood suffered a breach in which hackers stole more than 5 million email addresses and 2 million customer names. The attack exploited a customer support employee through social engineering.
A more recent report by COINOTAG revealed that a similar data breach also affected over 100,000 users. The compromised data contains similar personal information, mostly belonging to US-based users. A smaller portion includes users from Singapore and the UK.
Experts at Dark Web Informer believe these leaks likely did not stem from system breaches within the exchanges. Instead, they point to phishing attacks as the probable cause. Phishing scams trick individuals into sharing sensitive data by impersonating trusted entities, suggesting the exchanges themselves may not have been directly compromised.
However, the scale of the leaks—impacting hundreds of thousands—highlights that many users still fall prey to such tactics. The growing use of AI may worsen the problem. AI-driven fraud, deepfake scams, synthetic identities, and automated phishing attacks are becoming more sophisticated and harder to detect.
“Stay vigilant—your data might already be exposed,” Dark Web Informer warned.
Meanwhile, COINOTAG’s investigation noted a rise in user complaints on X regarding phishing messages. Many users reported that scam messages, disguised as coming from Binance’s official sender ID used for authentication alerts, deceived them. Somehow, attackers managed to obtain users’ phone numbers.
In response, Binance’s Chief Security Officer told COINOTAG that the company has expanded its anti-phishing code feature. The update now includes SMS verification in an effort to combat the issue.
Addressing the Growing Security Concerns
As the frequency of such breaches rises, both users and crypto exchanges must adopt proactive measures to enhance security. Users are advised to implement strong, unique passwords and activate two-factor authentication (2FA) across their accounts. Furthermore, organizations are encouraged to conduct regular audits of their security protocols and provide users with educational resources on identifying phishing attempts.
Also critical is the need for platforms to increase collaboration with cybersecurity firms to fortify their defenses against emerging threats. The responsibility of safeguarding personal data extends beyond users; platforms must commit to improving their security frameworks and mitigating risks related to data breaches.
Conclusion
The recent leaks involving personal data from Ledger, Gemini, and Robinhood users underscore a pressing need in the crypto sector to address security vulnerabilities. As phishing scams become increasingly sophisticated, users must remain alert and take protective measures to safeguard their personal information. Ultimately, both users and exchanges share the responsibility for enhancing the security landscape in the ever-evolving world of cryptocurrency.
