Brinztech Alert: Database of Defunct Crypto Exchange Catex.io on Sale

Dark Web News Analysis

A threat actor is advertising a database for sale on a hacker forum for $1,400, claiming it belongs to the former cryptocurrency exchange Catex.io. The database purportedly contains information on 67,000 users. The seller, who is reachable via Telegram, makes a highly suspicious claim that the breach occurred in October 2025. However, the Catex.io exchange officially ceased all operations in 2019, making a new breach of its systems in 2025 impossible.

This discrepancy strongly suggests that the threat actor is attempting to sell an old database, likely from a breach that occurred before the 2019 shutdown, while falsely advertising it as a recent compromise to inflate its perceived value. This is a common tactic on the dark web. Despite the likely deception regarding the breach date, the data itself—if authentic from that era—still poses a significant and immediate risk to former users. The primary threat is large-scale credential stuffing. The users in the database are known cryptocurrency enthusiasts, and criminals will use the exposed email and password combinations to launch automated attacks against other, still active, cryptocurrency exchanges and financial platforms, hoping to find reused credentials.

Key Cybersecurity Insights

This incident highlights several critical threats, particularly for the cryptocurrency community:

• High Risk of Credential Stuffing Targeting Crypto Users: Even though the data is old, it remains dangerous. The exposed emails and (likely weakly hashed) passwords will be used in automated attacks against active cryptocurrency exchanges, DeFi platforms, and online wallets. Former Catex.io users who reused their credentials on other services are at a high risk of having their current accounts compromised and their crypto assets stolen.
• Threat Actor Deception and Repackaging of Old Data: This incident is a classic example of a common dark web tactic where threat actors repackage old, publicly available, or previously sold data and market it as a fresh, high-value breach. While security professionals should note the deception, the underlying risk from the recycled data itself should not be dismissed, as it can still be effective against users who have not changed their passwords.
• Targeting of Defunct Services to Exploit “Forgotten” Accounts: Threat actors deliberately target data from defunct services. Users are far less likely to remember the specific password they used for a service that shut down years ago, making it a highly effective source of credentials for password reuse attacks.

Mitigation Strategies

In response to the circulation of this data, former users and the broader crypto community must take proactive steps:

• Crypto Users Should Proactively Rotate Passwords: Any individual who ever had an account on Catex.io should treat their old password as compromised. They must immediately ensure that the password (and any variations of it) they used for that service is not being used on any other platform, especially other crypto exchanges or financial services.
• Crypto Exchanges Must Enhance Credential Stuffing Defenses: All active cryptocurrency exchanges should enhance their security measures to protect their users. This includes actively monitoring for login attempts using credentials known to be from the Catex breach and implementing robust technical defenses against large-scale, automated credential stuffing attacks, such as bot detection and CAPTCHA challenges.
• Implement Universal Multi-Factor Authentication (MFA): The single most effective defense for individuals is to secure their accounts with MFA. All cryptocurrency and financial account holders must enable the strongest form of Multi-Factor Authentication available, preferably using a phishing-resistant method like an authenticator app or a hardware security key, to protect their assets even if their password is stolen.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? Brinztech provides cybersecurity services worldwide and does not endorse or guarantee the accuracy of external claims. For any inquiries or to report this post, please email: contact@brinztech.com