Unconfirmed: A Threat Actor Compromised Binance and Coinbase. Carts Users’ Data

Sampson Gideon April 29, 2024

1 minute read

WazirX — Anonymous hacker in front of his computer with red light wall backgroundAnonymous hacker in a black hoody with laptop in front of a code background with binary streams cyber security concept

Binance and Coinbase suffered an unfortunate breach, with logins available for sale. Although the breach is still unconfirmed, it is unfortunate and disturbing news that worries users of both Binance and Coinbase. A dark web informer revealed the news.

The notorious threat actor known as kiki88888 has allegedly breached data from both platforms and compromised data, including email addresses, usernames, and passwords. Coinbase: 334k, Binance: 553k.

The Coinbase Hacker Seem Legit

The threat actor is relatively new, according to its profile data. The account shows it has posted 126 threads and joined or created the account in October 2023.

According to the source, the threat actor also leaked the following databases from previous leaks: Coinmama: 480K Coinmarketcap: 3.1M Cointracker: 1.5M Gemini: 5.7M Zipmex: 1.4M Compromised data: Email addresses, and Partial phone numbers.

The hacker stated on its web page, “Most of the accounts are correct, and you can log in directly.” The user seems legit; however, it is awaiting confirmed data. An X user said, “I don’t think this is a data breach, actually, rather a collection of infostealer compromised credentials.”

Akira Ransomware Gang Drains $42M.

The Akira ransomware group has been attacking businesses and critical infrastructure entities across North America, Europe, and Australia since March 2023, according to the United States Federal Bureau of Investigation (FBI).

The FBI revealed that the group was able to breach over 250 organizations, extracting approximately $42 million in ransomware proceeds.

Recently, it was discovered that Akira ransomware targets Windows systems and Linux variants. To alert the public about the threat, the FBI and other global cybersecurity agencies have released a joint cybersecurity advisory.

The advisory warns that Akira gains initial access through virtual private networks (VPNs) that lack multifactor authentication (MFA), allowing the ransomware to extract credentials and sensitive information before locking up the system and displaying a ransom note.

The group demands payment in Bitcoin, at the current price of $64,254, from the victim organizations to access restoration. The Akira threat group does not leave an initial ransom demand or payment instructions on compromised networks and does not relay this information until contacted by the victim.