Brinztech Alert: Alleged Database of Counos is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database purportedly belonging to Counos, a cryptocurrency wallet platform. The dataset is said to contain 290,821 records, including sensitive information such as code, userId, email, and—most critically—userSessionCookie. The alleged breach date is listed as 2025, and the data is being offered for a negotiable price.

This claim, if true, represents a catastrophic security failure for a financial platform. While the leak of user emails is a significant risk for phishing, the inclusion of active user session cookies is a worst-case scenario. It provides a complete toolkit for criminals to bypass standard authentication (like passwords and 2FA) entirely. This fits a pattern of recent high-profile breaches targeting crypto exchanges (like Coinbase in May 2025) where attackers focus on bypassing MFA to drain accounts.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat to all users of the platform:

• High Risk of Direct Financial Theft: The leak of userSessionCookie data is the most severe threat. Attackers can use these stolen cookies in “pass-the-cookie” attacks to hijack active, authenticated user sessions, giving them full access to accounts. For a crypto wallet, this means they could potentially bypass 2FA and passwords to drain funds.
• Significant Data Exposure: Over 290,000 user records, including personally identifiable information (emails, user IDs), are allegedly compromised and available for sale.
• Targeted Phishing and Further Attacks: Exposed email addresses and user IDs will be leveraged for highly targeted phishing campaigns, social engineering, or credential stuffing attacks against other services where users may have reused passwords.
• Financial Motivation & Monetization: The data is being actively monetized on the dark web, indicating a direct financial incentive for threat actors and the immediate value of the stolen information for committing fraud.

Mitigation Strategies

In response to this claim, the company and its users must take immediate and decisive action:

• Immediate User Session Invalidation: Counos must immediately invalidate all active user sessions across its entire platform. This is the only way to render the stolen session cookies useless.
• Forced Password Reset: A platform-wide mandatory password reset should be enforced for all users.
• Enforce Multi-Factor Authentication (MFA): Implement and enforce strong, phishing-resistant MFA (like FIDO2/Hardware Keys) for all user accounts to reduce the risk of account takeover.
• Conduct a Comprehensive Security Audit and Incident Response: Perform an in-depth security audit to identify the root cause of the alleged breach (e.g., an XSS vulnerability, malware, or an insecure API), patch vulnerabilities, and strengthen security controls.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com