Crypto Users Exposed in 149M Infostealer Data Dump

A cybersecurity researcher uncovered an enormous, publicly accessible database containing thousands and thousands of stolen login credentials harvested from malware-infected private units, together with accounts linked to main social media platforms and the crypto change Binance.

The dataset, uncovered by cybersecurity researcher Jeremiah Fowler, contained about 149 million usernames and passwords from private telephones and computer systems, in response to a Friday weblog put up revealed on ExpressVPN. The data had been tied to providers together with Fb, Instagram, Netflix and Binance, with at the least 420,000 credentials related to Binance customers.

The leak contained 48 million Gmail accounts, 4 million Yahoo accounts, 17 million Fb accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts and 780,000 TikTok accounts, amongst others.

“This isn’t the primary dataset of this type I’ve found and it solely highlights the worldwide risk posed by credential-stealing malware,” mentioned Fowler in the weblog put up. “Monetary providers accounts, crypto wallets or buying and selling accounts, banking and bank card logins additionally appeared in the restricted pattern of data I reviewed,” he added.

The researcher additionally famous a regarding variety of credentials related to government-linked accounts and .gov domains, which open the door to phishing assaults, doubtlessly permitting attackers to impersonate authorities businesses.

Associated: Matcha Meta breach tied to SwapNet exploit drains up to $16.8M

Credential theft, not a Binance-specific system breach

Safety consultants burdened the publicity doesn’t point out a breach of Binance’s inside programs. As a substitute, the credentials had been collected by way of so-called “infostealer” malware that silently extracts saved logins from compromised units.

“Infostealer is a recognized malware variant that steals consumer credentials when the customers’ units are compromised. These will not be leaks from Binance,” a spokesperson for Binance instructed Cointelegraph.

The incident alerts an information leak on the end-user units, not a breach to the change’s core programs, Deddy Lavid, the CEO of blockchain cybersecurity firm Cyvers, instructed Cointelegraph.

“This highlights why the trade is shifting towards prevention-first safety fashions that may detect and cease suspicious exercise earlier than funds are moved, alongside robust consumer hygiene corresponding to hardware-based MFA and safe password practices.”

To guard its customers, Binance displays darkish internet marketplaces, alerts affected customers, initiates password resets and revokes compromised periods, the change wrote in a weblog post revealed in March, 2025.

Binance recommends that customers make use of antivirus and anti-malware instruments together with common safety scans to guard towards exterior threats like this.

Associated: Bitcoin investor loses retirement fund in AI-fueled romance scam

Infostealer malware, a brand new risk for crypto traders’ wallets

Cybersecurity agency Kaspersky first reported in December 2025 on the specter of the new infostealer malware, which disguises itself as a sport cheat or mod, focusing on cryptocurrency wallets and browser extensions. 

Found in November, attackers use this malware to hijack accounts, steal cryptocurrency and set up crypto miners on the victims’ computer systems, that are masked as online game cracks or mods, significantly for Roblox.

Constructed on the Chromium and Gecko engines, the malware’s risks prolong to over 100 browsers, together with the most well-liked ones corresponding to Chrome, Firefox, Opera, Yandex, Edge and Courageous.

The malware additionally focused the customers of at the least 80 cryptocurrency exchanges, together with Binance, Coinbase, Crypto.com, SafePal, Belief Pockets, MetaMask, Ton, Phantom, Nexus and Exodus. 

To keep away from falling sufferer to infostealers, customers ought to run a dependable antivirus on their computer systems and preserve an up to date safety and working system on their cell units, Fowler mentioned.

Journal: Meet the onchain crypto detectives fighting crime better than the cops