Brinztech Alert: Crypto Data are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a large collection of compromised credentials that they allege are related to cryptocurrency platforms. According to the seller’s post, the data includes tens of thousands of email:hash and login:hash pairs. In a more direct and severe threat, the package also allegedly includes several thousand credentials for the Payeer payment platform, with 2,000 of them already dehashed into plain text passwords.

This claim, if true, represents the sale of a potent toolkit for widespread account takeovers and financial fraud. The large “combolists” of hashed credentials are the raw material for “credential stuffing” attacks, while the ready-to-use plaintext passwords for a payment service like Payeer create a risk of immediate financial loss for the victims. The seller’s mention of “dehashing” indicates they have the capability to convert the stolen password hashes into usable passwords, making the entire dataset a weaponized asset for the criminal underground.

Key Cybersecurity Insights

This alleged data sale presents a critical and widespread threat to crypto users:

• A Massive Toolkit for Credential Stuffing: The primary danger of this data is its use in large-scale credential stuffing attacks. Criminals will take the tens of thousands of email and password combinations, crack the hashes, and use them in automated attacks to take over accounts on every major crypto exchange and financial platform.
• Direct and Immediate Threat to Payeer Users: The specific inclusion of thousands of Payeer credentials, especially the 2,000 alleged plaintext password pairs, is an immediate and severe threat. Attackers can use this data to instantly attempt to log in to those Payeer accounts and drain any funds held within them.
• “Dehashed” Data Lowers the Bar for Attackers: By providing already cracked, plaintext passwords, the seller is making their product more valuable and accessible to a wider range of less-skilled criminals. It removes the time-consuming step of password cracking and allows for immediate use in account takeover attempts.

Mitigation Strategies

In response to the constant threat of credential leaks, all cryptocurrency users must prioritize account security hygiene:

• Assume Your Credentials Have Been Compromised: Every individual involved in cryptocurrency should operate under the assumption that their email and password combination is on a list like this. This requires immediate action to secure all of their financial and personal online accounts.
• Mandate Multi-Factor Authentication (MFA) Universally: This is the single most effective defense against credential stuffing. All users must enable the strongest form of MFA available on all their crypto, payment, and email accounts. A stolen password is not enough to get in if MFA is active.
• Practice Unique Password Hygiene: This incident is a direct consequence of password reuse. Users must be relentlessly reminded of the critical importance of using a strong, unique password for every single online service. Using a reputable password manager is the best way to achieve this and is essential for security.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com