Binance, the world's largest cryptocurrency exchange, is navigating a sharp contradiction as 2026 gets underway. On one hand, the platform is firmly consolidating its position in the institutional market; on the other, a growing wave of data security alerts is threatening to undermine the long-term ambitions of the exchange led by CEO Richard Teng.
Institutional Trading and OTC Explosion
The opening months of 2026 have delivered unprecedented momentum for Binance's over-the-counter (OTC) trading desk. In January and February alone, the platform recorded OTC volumes equivalent to 25% of its entire 2025 total — a remarkable acceleration by any measure.
This explosive growth reflects a broader market maturation: large investors and institutional players are increasingly seeking private execution channels to handle massive transactions. As CEO Richard Teng has explained, these entities favor the "deep liquidity" offered by OTC desks to avoid slippage and prevent sharp order book disruptions, thereby protecting their operational strategies from public exposure.
Cybersecurity Alert: 1.5 Million Users at Risk
Behind this polished institutional facade, however, serious operational vulnerabilities are surfacing. On March 28, cybersecurity platform VECERT raised the alarm: a threat actor operating under the pseudonym PexRat had put up for sale a private database containing the personal information of approximately 1.5 million Binance users.
The leaked data includes highly sensitive details that expose customers to serious risks:
- Full names, email addresses, and phone numbers.
- Know Your Customer (KYC) verification status.
- IP addresses from last login and device user agents.
- Two-factor authentication (2FA) status, including whether the user relies on SMS, email, or a dedicated authenticator app.
The availability of this information leaves users acutely vulnerable to targeted SIM-swap attacks and highly sophisticated phishing campaigns — threats that are particularly well-documented in the US and UK crypto community.
Scraping and Captcha Bypass: How the Attack Worked
According to VECERT's technical analysis, this was not a direct breach of Binance's internal servers. The incident was instead the result of an advanced credential stuffing and scraping operation.
Our Analyzer platform has detected one of the most critical threats to the cryptocurrency sector so far this year. Threat actor PexRat has put up for sale a private database affecting approximately 1.5 million Binance users, stated VECERT Analyzer on X.
🚨 FINANCIAL INTELLIGENCE ALERT: Binance Database Leak (1.5M Users) 🌐💰
— VECERT Analyzer (@VECERTRadar) March 28, 2026
Our Analyzer platform has detected one of the most critical threats to the cryptocurrency sector so far this year. Threat actor PexRat has put up for sale a private database affecting approximately 1.5… pic.twitter.com/IjgHL3DwMR
The attacker reportedly managed to circumvent or abuse security mechanisms — including Captcha systems on the login interface and certain platform APIs — enabling a steady stream of automated requests that bypassed Binance's defensive layers.
This episode follows a separate critical report from January, published by researcher Jeremiah Fowler, which identified approximately 420,000 Binance-linked credentials exposed through infostealer malware.
A Critical Stress Test for Binance Security
Taken together, these events represent a defining test for Binance's security practices. While the exchange continues to attract institutional capital at record pace, the trust of its retail user base — fundamental to the platform's global liquidity — is being eroded by increasingly effective automated attacks. The company's ability to contain data scraping operations will be a decisive factor in whether its 2026 strategy succeeds or stalls.
