Hackers leak data about 1.5 million Binance accounts

Binance attracts many institutional traders, but more reports of data breaches among individuals could create problems for the company's plans.

The world's largest cryptocurrency exchange, in terms of market value, has had a strong start in 2026 in its OTC trading department. Just in January and February, Binance's OTC platform accounted for 25% of the total volume for 2025.

Captcha bypass reveals 1.5 million Binance users in scraping attack

This increase shows that the market is maturing, as large investors and institutional players now prefer private trading channels for large transactions.

Binance CEO Richard Teng explained that these actors prioritize high liquidity to avoid price fluctuations and disruptions in the market. The exchange's OTC desk allows buyers and sellers to make large trades directly, thus avoiding public order books.

But behind this institutional success, there are increasing signs of security issues.

On March 28, the cybersecurity platform VECERT reported that an individual calling themselves PexRat attempted to sell a database containing personal information about 1,5 million Binance users.

The leaked information is said to include full names, email addresses, phone numbers, and KYC verification status.

More concerning is that the individual also claims to have access to the victims' latest login IP addresses, browser information, and two-factor authentication. This involves data about users who use SMS, email, or authentication apps.

At the same time, the leak of 2FA logs and KYC data is a serious problem. The affected individuals become very vulnerable to targeted SIM swap attacks and advanced phishing campaigns.

VECERT examined the authentication logs and sample data. The analysis shows that Binance's internal servers were not hacked directly. Instead, it involves an advanced attack known as credential stuffing and data harvesting.

“The evidence suggests that the attacker was able to bypass or exploit security protections (such as Captcha) in the login interface or some API on the platform. This allowed many requests to be sent without being blocked,” explained VECERT.

This incident follows a report in January from cybersecurity researcher Jeremiah Fowler. He found approximately 420,000 Binance-related accounts that leaked via similar malware.

These incidents put significant pressure on Binance's cybersecurity, as the exchange cannot afford for user data to continue being automatically collected.