Yesterday, a site that scans the internet for data breaches reported that 3.1 million email addresses had been stolen from CoinMarketCap’s database.
Have I Been Pwned discovered on October 12 that the emails used on the crypto price aggregator site were being traded on a hacking forum. The suspected leak does not contain passwords.
New breach: 3.1M email addresses from CoinMarketCap were found being traded this month. CMC have advised there is “a correlation with our subscriber base”, but are yet to identify the source of the data. 99% were already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) October 22, 2021
But CoinMarketCap said today in a blog post that the leak “did not come from CoinMarketCap servers.” The company, which is a subsidiary of Binance, said it found “no trace of any security breach.”
CoinMarketCap reportedly told Have I Been Pwned there is “a correlation with our subscriber base,” but that 99% of the emails were already listed in the data breach site, meaning that they had already been exposed by earlier breaches on other sites.
“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites,” said CoinMarketCap.
CoinMarketCap believes that the attacker sold a list of leaked emails and compared it with other collections of leaked information to verify the emails.
“This is how the list of emails that claims to be from CoinMarketCap looks real — it’s because it’s a ‘cleaned’ email dataset from the Dark Web that has occurred in previous leaked email sets totally unrelated to CoinMarketCap,” said CoinMarketCap.
If your email is part of it, expect to get a lot of spam from crypto scams. Also, if you use that email for any exchange accounts, remove it asap and use another.
Stay safe guys
— Coin Bureau (guy.eth) (@coinbureau) October 23, 2021
CoinMarketCap’s parent company, Binance, was hacked in 2019. Hackers accessed important information, such as two-step authentication data and API keys, and stole 7,000 Bitcoin. Hacks are rife on Binance’s blockchain, the Binance Smart Chain. On Wednesday, decentralized finance (DeFi) protocol PancakeHunny was exploited for about $1.9 million after attackers used flash loans to manipulate the price of a liquidity pool.