Brinztech Alert: The Alleged Database of CommEX is Leaked

Dark Web News Analysis

The dark web news reports a potential data breach involving CommEX, the cryptocurrency exchange that famously acquired Binance’s Russian operations before announcing its own shutdown in 2024. A threat actor has claimed to leak a database containing approximately 56,000 user records.

The compromised dataset, purportedly formatted as a CSV file, includes sensitive user identifiers such as Usernames, Email Addresses, IP Addresses, Preferred Languages, and Partial Phone Numbers. While the exchange itself may no longer be active, the surfacing of this data in 2026 presents significant residual risks to former users.

Key Cybersecurity Insights

Breaches of defunct or “sunsetted” platforms are dangerous because users often let their guard down, assuming their data died with the service:

• The “Zombie Data” Risk: CommEX ceased operations in 2024, yet this data has resurfaced in 2026. This “Zombie Data” is highly valuable for Credential Stuffing. Former users likely reused their CommEX passwords on other active crypto exchanges (like Binance, Bybit, or OKX). Attackers will immediately test these “dead” credentials against live financial platforms.
• Geographic & Language Targeting: The inclusion of Preferred Language and IP Addresses allows for highly localized attacks. CommEX had a heavy user base in the CIS (Commonwealth of Independent States) region. Scammers can draft phishing emails in the victim’s specific language (e.g., Russian, Ukrainian) referencing “Unclaimed Asset Refunds” or “Legal Settlements” related to the exchange’s closure to lure victims into revealing private keys.
• OSINT & Reconnaissance: The threat actor explicitly highlighted the data’s value for Open Source Intelligence (OSINT). By correlating an IP address with a username and email, attackers can potentially identify the real-world identity of pseudonymous crypto traders, leading to physical security threats or “doxxing.”
• Partial Phone Number Exploits: While the phone numbers are “partial,” they can often be completed using other data leaks (Combolists). Once reconstructed, these numbers become vectors for SIM Swapping attacks, aimed at bypassing 2FA on the victim’s other active financial accounts.

Mitigation Strategies

To protect digital identities from this legacy breach, the following strategies are recommended:

• Cross-Platform Password Reset: Former CommEX users must immediately change passwords on any other site where they reused the same credentials. Treat the CommEX password as publicly compromised.
• Ignore “Refund” Emails: Be extremely skeptical of any unsolicited communication claiming to be from CommEX administrators offering late withdrawals or refunds. These are almost certainly phishing attempts leveraging the leak.
• MFA Auditing: Ensure that all active crypto accounts are secured with Authenticator Apps (TOTP) or Hardware Keys (YubiKey), rather than SMS-based 2FA, to mitigate the risk of SIM swapping.
• Email Hygiene: Use services like HaveIBeenPwned to check if your email has appeared in this new dump and consider migrating sensitive financial accounts to a dedicated, private email address.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com