Sensitive data of Ledger, Gemini and Robinhood users put up for sale on the dark web. Concerns about crypto security grow.
April revealed a worrying development: sensitive user data from crypto platforms Ledger, Gemini, and Robinhood appeared for sale on the dark web.
The stolen data would contain detailed personal information, including full names, home and email addresses, phone numbers, and geographic details such as cities, states, postal codes, and countries of residence. The crypto industry now faces further concerns in the area of cybersecurity, which is already under widespread pressure from constant online threats.
How-Dark Web User Data Ends Up
It was the Dark Web Informer account on X (formerly Twitter) that first reported the disturbing discovery. The account posted screenshots showing a vendor claiming to own and sell the data of users of the crypto platforms involved.
🚨 A Threat Actor Claims to be Selling USA Crypto Accounts from Ledger, Gemini, Robinhood
- Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) April 8, 2025
X
The images indicate that the vendor has detailed user profiles with contact information and physical addresses. Most of the affected users reside in the United States, in line with Gemini and Robinhood's main user base.
The affected platforms - Ledger, Gemini and Robinhood - have not yet released official communications regarding the reported data breaches.
This incident is not isolated. A major breach hit Robinhood in 2021, when hackers obtained over five million email addresses and two million customer names by tricking a support employee through social engineering techniques.
Also in that case, the stolen data included personally identifiable information mainly from US users, but users from Singapore and United Kingdom were also involved.
According to cybersecurity experts at Dark Web Informer, the recent data leaks did not stem from direct intrusions into the platforms' systems. Investigations indicate that the most likely cause is phishing attacks.
Phishing consists of scams in which victims are tricked into providing their data to entities posing as legitimate organisations. User data has been compromised through these attacks, without a direct breach of the exchange's core infrastructure.
"Stay vigilant: your data may already be exposed. We provide unobscured screenshots in blog posts and live threat feeds to keep you informed," Dark Web Informer stated.
Stay vigilant-your data might already be exposed. Providing unredacted screenshots in blog posts and live threat feeds to keep you informed.
- Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) April 8, 2025
X
The massive scale of these breaches, which have affected hundreds of thousands of users, demonstrates how individuals remain vulnerable to increasingly advanced social engineering schemes.
Fraud fuelled by artificial intelligence is becoming increasingly sophisticated and experts predict the problem will worsen. Users are struggling to recognise AI-generated deepfake scams, synthetic identities and increasingly complex automated phishing methods.
According to a survey by Spaziocrypto, user complaints about deceptive phishing messages on X have increased. Many have received apparently genuine scam communications from Binance, with the real sender ID used for authentication notifications. The fraudsters allegedly acquired users' phone numbers, making SMS attacks even more credible.
Reports indicating the selling of data on the dark web confirm that cybersecurity threats in the crypto sector are constantly evolving.
Users remain in uncertainty as the platforms involved have yet to provide official statements, highlighting the need for stronger security measures and greater vigilance of the entire sector.
Cryptocurrency detective ZachXBT stated that the crypto industry is too vulnerable to hacker attacks and may not be able to cope with them without regulatory intervention, which, however, could damage the entire industry.
April revealed a worrying development: sensitive user data from crypto platforms Ledger, Gemini, and Robinhood appeared for sale on the dark web.
The stolen data would contain detailed personal information, including full names, home and email addresses, phone numbers, and geographic details such as cities, states, postal codes, and countries of residence. The crypto industry now faces further concerns in the area of cybersecurity, which is already under widespread pressure from constant online threats.
How-Dark Web User Data Ends Up
It was the Dark Web Informer account on X (formerly Twitter) that first reported the disturbing discovery. The account posted screenshots showing a vendor claiming to own and sell the data of users of the crypto platforms involved.
X
The images indicate that the vendor has detailed user profiles with contact information and physical addresses. Most of the affected users reside in the United States, in line with Gemini and Robinhood's main user base.
The affected platforms - Ledger, Gemini and Robinhood - have not yet released official communications regarding the reported data breaches.
This incident is not isolated. A major breach hit Robinhood in 2021, when hackers obtained over five million email addresses and two million customer names by tricking a support employee through social engineering techniques.
Also in that case, the stolen data included personally identifiable information mainly from US users, but users from Singapore and United Kingdom were also involved.
According to cybersecurity experts at Dark Web Informer, the recent data leaks did not stem from direct intrusions into the platforms' systems. Investigations indicate that the most likely cause is phishing attacks.
Phishing consists of scams in which victims are tricked into providing their data to entities posing as legitimate organisations. User data has been compromised through these attacks, without a direct breach of the exchange's core infrastructure.
X
The massive scale of these breaches, which have affected hundreds of thousands of users, demonstrates how individuals remain vulnerable to increasingly advanced social engineering schemes.
Fraud fuelled by artificial intelligence is becoming increasingly sophisticated and experts predict the problem will worsen. Users are struggling to recognise AI-generated deepfake scams, synthetic identities and increasingly complex automated phishing methods.
According to a survey by Spaziocrypto, user complaints about deceptive phishing messages on X have increased. Many have received apparently genuine scam communications from Binance, with the real sender ID used for authentication notifications. The fraudsters allegedly acquired users' phone numbers, making SMS attacks even more credible.
Reports indicating the selling of data on the dark web confirm that cybersecurity threats in the crypto sector are constantly evolving.
Users remain in uncertainty as the platforms involved have yet to provide official statements, highlighting the need for stronger security measures and greater vigilance of the entire sector.
Sign up for Spaziocrypto®
No spam. Unsubscribe anytime.
Read Next
Crypto Scams: Beware of Gemini and Coinbase
Rise of crypto scams: fake emails about failures and unauthorised access affect Gemini and Coinbase users.
Phishing on the Rise: Binance & Gemini Data Hacked
A serious security breach exposed the data of more than 100,000 Binance and Gemini users on the dark web. Alarm in the crypto sector.
ZachXBT: Crypto Industry Can't Handle Hacks Alone
Cryptocurrency detective ZachXBT stated that the crypto industry is too vulnerable to hacker attacks and may not be able to cope with them without regulatory intervention, which, however, could damage the entire industry.
Hacker Returns $5M Stolen From 1inch: Funds Recovered
1inch recovered $5 million stolen in a hacker attack on its smart contracts. An agreement with the hacker enabled the return of the funds.