Crypto: Crypto Users Affected In Massive 149m Infostealer Data Dump 2026

A researcher uncovered a 149 million-record credential dump from infostealer malware, including 420,000 Binance logins, exposing growing risks to crypto users.

A cybersecurity researcher has uncovered a massive, publicly accessible database containing millions of stolen login credentials harvested from malware-infected personal devices, including accounts linked to major social media platforms and the crypto exchange Binance.

The dataset, uncovered by cybersecurity researcher Jeremiah Fowler, contained around 149 million usernames and passwords from personal phones and computers, according to a Friday blog post published on ExpressVPN. The records were tied to services including Facebook, Instagram, Netflix and Binance, with at least 420,000 credentials associated with Binance users.

The leak contained 48 million Gmail accounts, four million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts and 780,000 TikTok accounts, among others.

“This is not the first dataset of this kind I have discovered and it only highlights the global threat posed by credential-stealing malware,” said Fowler in the blog post. “Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed,” he added.

The researcher also noted a concerning number of credentials associated with government-linked accounts and .gov domains, which open the door to phishing attacks, potentially allowing attackers to impersonate government agencies.

Related: Matcha Meta breach tied to SwapNet exploit drains up to $16.8M

Security experts stressed the exposure does not indicate a breach of Binance’s internal systems. Instead, the credentials were collected through so-called “infostealer” malware that silently extracts saved logins from compromised devices.

“Infostealer is a known malware variant that steals user credentials when the users’ devices are compromised. Those are not leaks from Binance,” a spokesperson for Binance told Cointelegraph.

The incident signals a data leak on the end-user devices, not a breach to the exchange’s core systems, Deddy Lavid, the CEO of blockchain cybersecurity company Cyvers, told Cointelegraph.

Source: CoinTelegraph