- Most affected users are located in the United States, the United Kingdom, and Singapore.
- AI-driven scams have increased the risk of identity theft.
- Binance has added SMS verification to strengthen phishing defenses.
A new wave of crypto data leaks has exposed sensitive user details from major platforms including Ledger, Gemini, and Robinhood.
According to an investigation recently shared by the Dark Web Informer account on X (formerly Twitter), a vendor is actively selling leaked records on the dark web. The exposed data reportedly includes full names, email addresses, home addresses, phone numbers, and postal codes.
This development represents a troubling escalation in crypto-related cybersecurity threats. The majority of impacted individuals are based in the United States, with smaller numbers from Singapore and the United Kingdom.
No Official Statements Released
On April 13, Dark Web Informer posted screenshots showing the scope of the leaked records. The seller claims to possess comprehensive datasets tied to user bases of some of the largest retail crypto platforms.
Despite the seriousness of the allegations, Ledger, Robinhood, and Gemini have not yet issued formal statements.
This is not the first time these companies have been involved in data incidents. In 2021, Robinhood confirmed that attackers obtained more than 5 million email addresses and 2 million full names after social engineering a customer support employee.
Although investigators have not identified any internal system breaches in the current reports, the recent leaks appear to follow a similar pattern.
Phishing Likely Culprit as AI Scams Evolve
Cybersecurity experts connected to the Dark Web Informer account believe phishing—rather than direct attacks on internal systems—is the most likely cause of the leaks.
Attackers appear to have targeted users directly by creating fake websites, emails, and SMS messages that impersonate official channels, rather than breaching platform infrastructure.
These tactics have grown more effective, especially when combined with AI tools capable of generating convincing messages or deepfakes that allow scammers to mimic exchanges or senior executives.
Earlier this month, another leak affected more than 100,000 crypto users and exposed similar personal data, primarily impacting U.S.-based individuals.
This trend suggests an increase in attacks that exploit human error rather than software vulnerabilities.
AI-Driven Scams on the Rise
The surge in phishing activity has raised alarm among users. In recent weeks, many people have reported messages on X that appear to originate from Binance’s official sender ID.
These messages often impersonate SMS alerts used for account verification and two-factor authentication.
In response, Binance’s Chief Security Officer said the exchange has strengthened its anti-phishing code program.
Following a wave of user complaints, the update includes SMS verification measures designed to reduce the effectiveness of fraudulent messages.
Nevertheless, the volume and sophistication of phishing attacks continue to rise, highlighting the mounting risks faced by crypto users.
With the increase in AI-enabled scams and the widespread availability of phishing toolkits, platforms are being forced to improve user education and real-time threat detection.
Platforms Remain Silent
Although affected platforms have remained silent about the current leak, the recurrence of such incidents is heightening vigilance across the crypto community.
Without direct confirmation from Ledger, Gemini, or Robinhood, it remains unclear whether the leaked data stems from a new vulnerability or information recycled from earlier breaches.
The steady emergence of these leaks underscores the urgent need for service providers to offer stronger user protections and greater transparency. As exchanges expand globally and attract millions of users, the associated risks increase as well.
Given the lack of clear communication, users are urged to take extra precautions: enable two-factor authentication, verify official sources before responding, and avoid clicking links from unknown senders.