Hackers leaked data of 1.5 million Binance users, internal servers were not directly compromised

On March 28, the cybersecurity platform VECERT disclosed that hackers, under the name PexRat, are selling a database containing personal information of 1.5 million Binance users on the dark web. The content includes sensitive information such as names, emails, phone numbers, KYC verification status, login IP addresses, and two-factor authentication methods.

Analysis indicates that this incident was not a direct intrusion into Binance's internal servers, but rather that the attackers bypassed the CAPTCHA mechanism and obtained data through credential stuffing and automated scraping methods. Affected users face a high risk of SIM card hijacking and phishing attacks. At the time of this incident, Binance's institutional OTC trading business is experiencing rapid growth, with trading volume reaching 25% of the total for the entire year of 2025 in just January and February of this year. This is another data security crisis for Binance following the leak of 420,000 sets of account credentials in January.