Coinbase User Data for Sale on Popular Hacker Forum

By Leakd.com Authors

January 07, 2025

A new post on a popular dark web forum has surfaced, advertising the sale of alleged Coinbase user data, referred to as "crypto leads." According to the post, the data includes sensitive information such as names, emails, phone numbers, source, and country, specifically targeting users in the United States.

Coinbase Leak — Alleged sale of Coinbase leads in a dark web forum.

What Are Crypto Leads?

In the world of cryptocurrency scams, crypto leads refer to personal identifiable information (PII) or sensitive data that scammers use to target potential victims. These leads often include a combination of emails, phone numbers, names, and other identifiers. Such data is highly sought after on the black market for use in social engineering attacks, phishing campaigns, malicious SMS (smishing), and fraudulent calls designed to steal cryptocurrency or gain unauthorized access to user accounts. Attackers frequently exploit leaked crypto leads to orchestrate a range of schemes. The sensitive nature of the information makes victims vulnerable to convincing fraud tactics aimed at breaching their accounts or extracting funds.

Details of the Alleged Coinbase Lead Sale

coinbase leak data — The PII details of alleged victims

While the seller refrained from revealing the source of the data, the details provided in the advertisement align with the sensitive information typically associated with such leaks. Samples shared in the forum post appear to validate the inclusion of personal identifiable information (PII), such as names, emails, and phone numbers. Through private discussions with the threat actor, leakd.com learned that the dataset is being offered for $800 and is claimed to contain 50,000 lines of data.

Language Artifact Indicates Possible Russian Connection

The dataset includes a notable language artifact: the spreadsheet is named "Лист1", which translates to "Sheet1" in Russian. This detail suggests that the creator or compiler of the data may be a Russian-speaking individual or someone from a region influenced by the Russian language. While this does not confirm the source or origin of the breach, it provides a potential clue about the background of the threat actor.

hacker posts — Some of the past posts of the threat actor in the same forum.

The seller, known for posting similar dumps and compilations in the past, remained silent about the data's origin during our communication. The dataset might have originated from stealer logs, a common source of stolen information harvested through malware infections on compromised devices.

This alleged Coinbase-related sale is not an isolated incident. Similar listings involving other cryptocurrency platforms have been observed recently, also believed to originate from stealer logs.

hacker forum post — Another sale related to various crypto platforms.

The increasing frequency of such leaks highlights the persistent threat posed to cryptocurrency users and platforms, emphasizing the need for robust security measures and user vigilance.

Coinbase's Response Awaited

We have reached out to Coinbase for a statement on the alleged leak and will update this article as more information becomes available. At this stage, the claims remain unverified, and no official confirmation links the data to Coinbase users.

How to Protect Yourself

Users concerned about potential data exposure should:

Enable two-factor authentication (2FA) on their accounts.
Be cautious of unsolicited emails, calls, or messages.
Avoid clicking on suspicious links or downloading unknown attachments.
Regularly update and secure their devices against malware.