CoinMarketCap, which is owned by Binance, the world’s biggest exchange by transaction volume, maintains its servers weren’t breached while acknowledging a correlation with its subscriber base.
However, the website Have I Been Pwned, which checks if your email has appeared anywhere on the dark web, reported that 3.1 million addresses are being traded on hacking forums, CoinDesk reports. This proves that millions of email addresses associated with the crypto market data website have been compromised.
Unclear how addresses were obtained
On Saturday, the market data site reported it had become aware of data batches appearing online “purporting to be a list of user accounts.” While it is not clear how the addresses were obtained, Binance commented that just addresses, not passwords had been exposed. Yet, the leading cryptocurrency exchange reported a “correlation” and warned users to use unique and separate passwords on every site.
On its blog, CoinMarketCap wrote:
At this point in our investigation, we’ve come to the conclusion that the leak did not come from CoinMarketCap servers. As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.We believe that a bad actor (or actors) took a list of leaked emails (this list that claims to be from CoinMarketCap) and compared it with other batches of leaked data.
A way to flag crypto criminals
So far, CMC has not released an official statement to the press. In related news, Chainalysis has found a way to identify crypto criminals by setting up a block explorer website that scrapes visitors’ internet protocol (IP) addresses, CoinDesk reported in late September. This way, they are connected to their anonymous bitcoin supplies.
Wallet Explorer is fully transparent with a twist
According to leaked documents, blockchain tracing leader Chainalysis owns and operates a site called walletexplorer.com. It allows anyone to see public cryptocurrency wallet addresses and their history, but copies the IP addresses of users who seem suspicious. These become part of Wallet Explorer’s database according to the documents, which were originally drafted in Italian.
In addition, the documents say:
Using this dataset, we were able to provide law enforcement with meaningful leads related to the IP data associated with an address. It is also possible to conduct a reverse lookup on any known IP address to identify other BTC addresses.