Binance is facing heightened cybersecurity scrutiny after a reported data leak exposed information linked to 1.5 million user accounts despite no direct breach of its core systems.
The incident, identified by cybersecurity platform VECERT, involved a threat actor offering a database containing user details including names, emails, phone numbers, and KYC verification statuses.
Evidence suggests the attack was carried out through credential stuffing and scraping techniques that bypassed security layers such as captcha protections rather than infiltrating Binance’s internal servers.
“The evidence suggests that the attacker managed to bypass or abuse security mechanisms (such as Captcha) in the login interface or some platform API, allowing a constant flow of unblocked requests,”
VECERT said.
The exposure of login metadata and two-factor authentication details raises concerns over increased risks of phishing and SIM-swap attacks targeting affected users.
The incident follows earlier reports of hundreds of thousands of Binance-linked credentials being exposed through infostealer malware, adding to mounting security challenges.
The breach comes as Binance’s institutional OTC trading volume surges, highlighting a contrast between growing institutional adoption and ongoing retail security vulnerabilities.