Grafa logo

Crypto users exposed in 149M infostealer credential data dump

Written by Liezl GambePublished Jan. 27 2026Last Updated Jan. 27 2026

Share

A massive database containing 149 million stolen login credentials linked to malware-infected devices has been uncovered by a cybersecurity researcher.

The dataset included credentials tied to major platforms such as Facebook, Instagram, Netflix and the crypto exchange Binance.

Researcher Jeremiah Fowler said at least 420,000 of the exposed credentials were associated with Binance user accounts.

“This is not the first dataset of this kind I have discovered and it highlights the global threat posed by credential-stealing malware,”

Jeremiah Fowler said.

The leaked data also contained millions of logins linked to Gmail, Yahoo, TikTok and other widely used online services.

Security experts said the exposure was not caused by a breach of Binance’s internal systems.

“Those are not leaks from Binance,”

A Binance spokesperson said, adding that the data was harvested from compromised user devices.

Blockchain security executives said the incident reflects end-user device infections rather than exchange-level failures.

The leak also included credentials linked to government-related accounts, increasing the risk of targeted phishing attacks.

Infostealer malware has emerged as a growing threat to crypto users by extracting saved credentials from infected computers and mobile devices.

Cybersecurity firms warned that newer variants of infostealers are designed to target crypto wallets, browser extensions and exchange accounts.

Binance said it actively monitors dark web activity and takes steps such as password resets and session revocations to protect users.