Binance user accounts are likely in jeopardy at the moment as a new “infostealer” malware has swiped user credentials from major platforms.
Cybersecurity researcher Jeremiah Fowler uncovered a massive database containing roughly 149 million stolen usernames and passwords, all publicly accessible.
The credentials were harvested from malware-infected personal devices, including phones and computers. Interestingly the data heist spanned major platforms such as Facebook, Instagram, Netflix, and Binance.
The research also highlights that at least 420,000 of the compromised accounts were linked to Binance users.
The report, detailed in a blog post on ExpressVPN, highlights the scale of personal data breaches and the risks posed by malware targeting everyday devices. It also comes at a time when the larger crypto and AI sector has faced heightened scrutiny over data hacks and breaches.
Exposed credentials pose risk of account takeovers and financial losses
Experts warn that the exposed credentials can lead to account takeovers, identity theft, and even financial losses if not addressed promptly.
Among other accounts, the hack included 48 million Gmail accounts, 4 million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, and 780,000 TikTok accounts.
In the blog post, Fowler stated, “This is not the first dataset of this kind I have discovered and it only highlights the global threat posed by credential-stealing malware.”
“In the small sample of records I examined, financial services accounts, cryptocurrency wallets or trading accounts, banking, and credit card logins also appeared,” he continued.
The researcher pointed out that a large number of stolen credentials were from.gov domains and accounts connected to the government.
The blame on the government domains comes against the backdrop of regulators and government-backed service providers struggling to keep data and assets secure. As CoinHeadlines reported earlier, South Korean regulators are searching for lost Bitcoin seized in criminal cases.
The case also raises major issues since the stolen data might also be used by attackers for phishing, government agency impersonation, frauds, or unauthorised activities, endangering public confidence and sensitive information.
Binance not hacked: Malware on user devices stole credentials, experts say
Experts say Binance itself has not been hacked and that these login details didn’t come from the exchange’s systems.
Instead, the malware has quietly grabbed saved passwords from infected computers and phones. In other words, the problem was on users’ devices, not Binance.
The report also brings a reminder for users to keep devices secure, use strong passwords, and enable two-factor authentication to stay protected.
Additionally, on the platform’s part, Binance is taking steps to keep its users safe by monitoring the dark web for stolen login details and alerting anyone affected.
Further, the exchange had previously urged users to stay proactive by running antivirus scans and using anti-malware tools. The platform has constantly enforced that keeping devices clean is just as important as keeping passwords strong.
Infostealer malware remains a persistent threat to crypto
The infostealer malware has been a sore tooth for the crypto world for quite some time now and Jeremiah Fowler’s report is not the first time the industry has come face to face with a problem like this.
In December 2025, the cybersecurity firm Kaspersky discovered a new piece of malware that was aimed at cryptocurrency users.
Particularly for popular games like Roblox, the malware poses as a mod or game cheat to infect computers, steal cryptocurrency, and occasionally mine it covertly.
The malware can infect more than 100 web browsers, including Chrome, Firefox, Opera, Edge, Yandex, and Brave. It is based on popular web engines like Chromium and Gecko.
Users of at least 80 cryptocurrency exchanges, including Binance, Coinbase, MetaMask, and Exodus, have been infected by the malware.