Sensitive data of Ledger, Gemini and Robinhood users put up for sale on the dark web. Concerns about crypto security grow.
April revealed a worrying development: sensitive user data from crypto platforms Ledger, Gemini, and Robinhood appeared for sale on the dark web.
The stolen data would contain detailed personal information, including full names, home and email addresses, phone numbers, and geographic details such as cities, states, postal codes, and countries of residence. The crypto industry now faces further concerns in the area of cybersecurity, which is already under widespread pressure from constant online threats.
How-Dark Web User Data Ends Up
It was the Dark Web Informer account on X (formerly Twitter) that first reported the disturbing discovery. The account posted screenshots showing a vendor claiming to own and sell the data of users of the crypto platforms involved.
🚨 A Threat Actor Claims to be Selling USA Crypto Accounts from Ledger, Gemini, Robinhood
- Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) April 8, 2025
X
The images indicate that the vendor has detailed user profiles with contact information and physical addresses. Most of the affected users reside in the United States, in line with Gemini and Robinhood's main user base.
The affected platforms - Ledger, Gemini and Robinhood - have not yet released official communications regarding the reported data breaches.
This incident is not isolated. A major breach hit Robinhood in 2021, when hackers obtained over five million email addresses and two million customer names by tricking a support employee through social engineering techniques.
Also in that case, the stolen data included personally identifiable information mainly from US users, but users from Singapore and United Kingdom were also involved.
According to cybersecurity experts at Dark Web Informer, the recent data leaks did not stem from direct intrusions into the platforms' systems. Investigations indicate that the most likely cause is phishing attacks.
Phishing consists of scams in which victims are tricked into providing their data to entities posing as legitimate organisations. User data has been compromised through these attacks, without a direct breach of the exchange's core infrastructure.
"Stay vigilant: your data may already be exposed. We provide unobscured screenshots in blog posts and live threat feeds to keep you informed," Dark Web Informer stated.
Stay vigilant-your data might already be exposed. Providing unredacted screenshots in blog posts and live threat feeds to keep you informed.
- Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) April 8, 2025
X
The massive scale of these breaches, which have affected hundreds of thousands of users, demonstrates how individuals remain vulnerable to increasingly advanced social engineering schemes.
Fraud fuelled by artificial intelligence is becoming increasingly sophisticated and experts predict the problem will worsen. Users are struggling to recognise AI-generated deepfake scams, synthetic identities and increasingly complex automated phishing methods.
According to a survey by Spaziocrypto, user complaints about deceptive phishing messages on X have increased. Many have received apparently genuine scam communications from Binance, with the real sender ID used for authentication notifications. The fraudsters allegedly acquired users' phone numbers, making SMS attacks even more credible.
Reports indicating the selling of data on the dark web confirm that cybersecurity threats in the crypto sector are constantly evolving.
Users remain in uncertainty as the platforms involved have yet to provide official statements, highlighting the need for stronger security measures and greater vigilance of the entire sector.
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
April revealed a worrying development: sensitive user data from crypto platforms Ledger, Gemini, and Robinhood appeared for sale on the dark web.
The stolen data would contain detailed personal information, including full names, home and email addresses, phone numbers, and geographic details such as cities, states, postal codes, and countries of residence. The crypto industry now faces further concerns in the area of cybersecurity, which is already under widespread pressure from constant online threats.
How-Dark Web User Data Ends Up
It was the Dark Web Informer account on X (formerly Twitter) that first reported the disturbing discovery. The account posted screenshots showing a vendor claiming to own and sell the data of users of the crypto platforms involved.
X
The images indicate that the vendor has detailed user profiles with contact information and physical addresses. Most of the affected users reside in the United States, in line with Gemini and Robinhood's main user base.
The affected platforms - Ledger, Gemini and Robinhood - have not yet released official communications regarding the reported data breaches.
This incident is not isolated. A major breach hit Robinhood in 2021, when hackers obtained over five million email addresses and two million customer names by tricking a support employee through social engineering techniques.
Also in that case, the stolen data included personally identifiable information mainly from US users, but users from Singapore and United Kingdom were also involved.
According to cybersecurity experts at Dark Web Informer, the recent data leaks did not stem from direct intrusions into the platforms' systems. Investigations indicate that the most likely cause is phishing attacks.
Phishing consists of scams in which victims are tricked into providing their data to entities posing as legitimate organisations. User data has been compromised through these attacks, without a direct breach of the exchange's core infrastructure.
X
The massive scale of these breaches, which have affected hundreds of thousands of users, demonstrates how individuals remain vulnerable to increasingly advanced social engineering schemes.
Fraud fuelled by artificial intelligence is becoming increasingly sophisticated and experts predict the problem will worsen. Users are struggling to recognise AI-generated deepfake scams, synthetic identities and increasingly complex automated phishing methods.
According to a survey by Spaziocrypto, user complaints about deceptive phishing messages on X have increased. Many have received apparently genuine scam communications from Binance, with the real sender ID used for authentication notifications. The fraudsters allegedly acquired users' phone numbers, making SMS attacks even more credible.
Reports indicating the selling of data on the dark web confirm that cybersecurity threats in the crypto sector are constantly evolving.
Users remain in uncertainty as the platforms involved have yet to provide official statements, highlighting the need for stronger security measures and greater vigilance of the entire sector.
Sign up for Spaziocrypto®
No spam. Unsubscribe anytime.
Read Next
UK crypto heist: convictions and self-custody risk
A heist of more than 4.3 million in cryptocurrencies in the UK calls into question the security of self-custody and the risks of the human factor.
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.