On Dec. 14, 2022, the crypto exchange Gemini revealed that some Gemini customers have been the target of phishing attacks that the firm believes stem from a third-party vendor leak. While reports disclosed that Gemini’s leak was approximately “5,701,649 lines of information pertaining to Gemini customers,” Gemini did not disclose how many customers were affected by the breach. Moreover, according to Bleeping Computer’s cybersecurity author, Ionut Ilascu, data from Gemini’s customer info leak has been advertised for sale on hacker forums as early as Sept. 2022.
Gemini Customer Data Leak Discovered on Multiple Hacker Forums
Three days ago, Bitcoin.com News reported on the crypto exchange Gemini after it was discovered that a database that contains phone numbers and email addresses of 5.7 million Gemini users was leaked. The crypto reporter Zhiyuan Sun detailed that he witnessed documentation that had shown “5,701,649 lines of information pertaining to Gemini customers.”
Gemini database leak advertisement – source: Kela.
Gemini addressed the issue on Dec. 14, 2022, in a blog post and it explained that the breach likely derived from a third-party vendor. The exchange did not explain how many customer accounts were affected and Gemini did not detail which third-party vendor was responsible for the data breach. The following day, after Gemini’s blog post published, Bleeping Computer’s cybersecurity author, Ionut Ilascu, published an article that explained Gemini’s leaked database has been advertised for sale since Sept. 2022.
Gemini database leak advertisement – source: Bleeping Computer.
Ilascu says there were “multiple posts on a hacker forum” that had shown the leak was for sale, with one discovered by the cybercrime intelligence platform Kela. One user attempted to sell the leak for 30 BTC or roughly $500K using today’s bitcoin exchange rates. Ilascu further disclosed that the data leak also showed up on hacker forums in Oct. 2022, when the seller leveraged “a different alias.”
Another person shared the info in mid-November on a hacker site and this particular post said that not only did the leak contain Gemini data, but allegedly other exchanges were included. The post published on Breachforums also offered the database for free before the account was banned from the forum. The now-banned user also told forum users that three digits from the sets of customer phone numbers were missing from the database leak.