CoinMarketCap, an affiliated firm of the Binance cryptocurrency exchange, was reported to have been breached recently. About 3.1 million users’ email addresses have been stolen from CoinMarketCap’s database and are being traded on “hacking forums”, which are believed to be related to dark web marketplaces. CoinMarketCap has officially confirmed this breach, however, initial investigation shows that the leak did not come from CoinMarketCap servers.
Details of this breach were exposed after hacked email addresses were located on multiple hacking forums where data was being traded. The incident was first discovered on October 12 by Have I Been Pwned – a website specializing in detecting data breaches on the Internet.
It is not clear how the addresses were obtained. However, according to CoinMarketCap, only the address was stolen and the account password was still in the safe zone.
“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.
At this point in our investigation, we have come to the conclusion that the leak did not come from CoinMarketCap servers. As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites. We are actively investigating this issue and will update our subscribers as soon as we have any new information.” – CoinMarketCap said on its blog.
While users are relieved by the claim that none of their account passwords have been compromised, there are still a lot of threats associated with this breach. Hackers will most likely try to gain access to users’ accounts by tricking them into sharing passwords and other important information.
The cryptocurrency market is a prime target of hackers. Data leaks are a common occurrence in this sector, given that the space is mostly digitalized, making it the perfect focus by threat actors who are looking to cash in from the growing adoption. Many crypto companies have also been victims of similar data leaks. Therefore, users should be twice as cautious and use separate and unique passwords for each website.