Brinztech Alert: Alleged Database of Khabarpu (Iranian Crypto Exchange) is on Sale (250k Records)

Dark Web News Analysis

A threat actor on a monitored hacker forum is advertising the sale of a database purportedly belonging to Khabarpu, an Iranian blockchain and cryptocurrency exchange platform. The dataset is approximately 38 MB (CSV) and contains 250,000 records of verified investors. The data is encoded in UTF-8 (Farsi-compatible), indicating a localized and structured export.

Brinztech Analysis:

• The Target: The Iranian cryptocurrency market is heavily used as a hedge against inflation and sanctions. A breach of a local exchange like Khabarpu impacts a financially savvy and often affluent segment of the population.
• The Data: The leak is described as a “verified investor” list, containing:
  • Identity PII: Full Names, Dates of Birth (DOB), Gender, and Education Level.
  • Contact Info: Mobile Phone Numbers and Email Addresses.
  • Physical Location: Residential Addresses.
• The Context: The inclusion of “Education Level” and home addresses suggests this data may have been harvested from a KYC (Know Your Customer) verification database or a detailed user profile system.

Key Cybersecurity Insights

This alleged data breach presents unique risks due to the geopolitical and economic context of Iran:

• State-Sponsored Interest: Cryptocurrency use in Iran is closely monitored by the state. This database could be valuable to foreign intelligence agencies tracking sanctions evasion or to domestic authorities identifying tax evaders.
• Targeted Phishing (The “Blockage” Scam): Iranian users are accustomed to platform bans and seizures. Attackers can leverage this fear.
  • Scenario: “Dear User, due to new Central Bank regulations, your Khabarpu assets will be frozen in 24 hours. Click here to withdraw to a safety wallet.” The SMS arrives on the user’s verified mobile number, creating panic.
• Physical Security: The exposure of Residential Addresses of 250,000 crypto holders creates a risk of physical extortion or burglary, a trend seen globally where crypto-wealthy individuals are targeted at home.
• Credential Stuffing: Users likely reuse their Khabarpu password on other Iranian services (e.g., Digikala, Snapp) or international platforms (Binance, Gmail). Attackers will test these credentials widely.

Mitigation Strategies

In response to this claim, Khabarpu users and Iranian crypto investors should take defensive measures:

• Move to Cold Storage: If you hold assets on Khabarpu (or any centralized exchange mentioned in leaks), withdraw them to a non-custodial hardware wallet immediately.
• Change Passwords: Force a password reset on your exchange account and any linked email account.
• SMS Vigilance: Be skeptical of any SMS claiming to be from Khabarpu, the FATA (Cyber Police), or the Central Bank regarding crypto assets.
• Two-Factor Authentication (2FA): Ensure 2FA is enabled using an Authenticator App (like Google Authenticator), NOT SMS. SMS 2FA is vulnerable to SIM swapping, which is a known vector in the region.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com