Gemini Crypto Exchange Data Breach: Hackers Sell Info of 5.7 Million Users

By Ava McKinneyOnline Safety

Hackers Sell Data of 5.7 Million Gemini Crypto Exchange Users

The cryptocurrency exchange Gemini has issued a warning that its clients are being targeted by phishing attacks after hackers stole their personal data from a third-party provider. Media outlets report that hacker forums are indeed offering a Gemini database for sale, containing the phone numbers and email addresses of 5.7 million users.

Gemini representatives released a brief warning, stating that an unnamed third-party provider recently experienced a “security incident.” As a result of this attack, email addresses and partial phone numbers belonging to “some customers” of Gemini were exposed to unauthorized parties.

Due to this leak, Gemini customers have been receiving numerous phishing emails. While the exact goals of the attackers are not yet clear, it is likely they are seeking access to user accounts and financial information.

Gemini emphasizes that customer account information and the company’s own systems were not affected by the attack, and that client funds and accounts remain “secure.”

Details of the Data Sale

According to Bleeping Computer, there are multiple posts on hacker forums where individuals are selling the Gemini database, allegedly containing the phone numbers and email addresses of 5.7 million people.

  • The first attempt to sell this data dump occurred back in September of this year. At that time, the seller did not specify how recent the data was and asked for 30 bitcoins (about $520,000 at the current rate) for the entire dump.
  • In October, another user with a different nickname posted another offer to sell the database, claiming the data was current as of September 2022.
  • Then, in mid-November, a third hacker posted an offer to sell databases from several crypto exchanges, including Gemini, again stating the dump contained information on 5.7 million users.

Gemini’s Recommendations for Users

Currently, Gemini recommends that users rely on strong authentication methods, enable two-factor authentication (2FA), or use hardware security keys to access their accounts.

Leave a Reply