Brinztech Alert: 218k Active Trader Emails from Pump.fun, GMGN.ai, Axiom, and Padre for Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of a dataset containing 218,000 alleged email addresses belonging to active users of four specific trading/finance platforms: Axiom.trade, Padre.gg, Pump.fun, and GMGN.ai. The data is described as “clean and de-duplicated” and was reportedly collected within the last 60 days (Oct-Nov 2025).

Brinztech Analysis:

• Target Profile: All four targets are high-traffic platforms in the cryptocurrency and gaming sectors, specifically within the Solana ecosystem (Pump.fun, GMGN.ai) and trading communities.
  • Pump.fun: A massive Solana memecoin launchpad that generated significant revenue in late 2025.
  • GMGN.ai: A popular crypto trading bot/analytics tool.
  • Padre.gg: A trading terminal recently acquired by Pump.fun (Oct 2025).
• Likely Vector: The aggregation of data from these interconnected platforms suggests a few possibilities:
  1. Third-Party Scraping: Attackers may have scraped user data from shared Discord servers or Telegram groups associated with these platforms.
  2. Shared Vulnerability: A compromise of a common tool (like a wallet connector or support bot) used across these “degen” trading ecosystems.
  3. Post-Acquisition Breach: Given Pump.fun acquired Padre.gg in Oct 2025, a breach during the integration phase is a plausible vector.

Key Cybersecurity Insights

This alleged data sale presents a critical threat to crypto traders:

• High-Value Phishing Targets: Users of pump.fun and gmgn.ai are typically “crypto-native” traders who manage self-custody wallets (Phantom/Solflare). A list of 218,000 active emails is a “goldmine” for Wallet Drainer phishing scams. Attackers can send fake “Airdrop” or “Security Alert” emails to trick users into signing malicious transactions.
• Recent Activity: The “last 60 days” timeframe means these are active, funded accounts. This increases the likelihood of successful financial fraud compared to stale data.
• Cross-Platform Exposure: The leak affects users across multiple platforms. If a user reuses their email/password combination, a breach on one site compromises their accounts on the others.
• Reputational Damage: For platforms built on trust and community (like Pump.fun), a data leak can severely damage user confidence and drive traders to competitors.

Mitigation Strategies

In response to this claim, users of these platforms must take immediate action:

• Wallet Hygiene: Disconnect your crypto wallets from these platforms when not actively trading. Revoke permissions for any old or unused smart contracts.
• Anti-Phishing Vigilance: Be extremely skeptical of any email claiming to be from Pump.fun, GMGN, or Padre, especially those offering “airdrops,” “refunds,” or asking for wallet connections. These platforms typically communicate via X (Twitter) or official Telegram channels, not email.
• Use Email Aliases: For future crypto registrations, use unique email aliases (like SimpleLogin) to isolate your trading identity from your primary personal email.
• Platform Security: The affected platforms should immediately investigate their user databases and third-party integrations for signs of scraping or unauthorized access.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com