Cybersecurity researcher Jeremiah Fowler recently discovered a public and unprotected database containing 149 million stolen credentials, increasing the risks to crypto users worldwide. The find, revealed this January 23, 2026, includes approximately 420,000 logins linked to the Binance platform, highlighting the vulnerability of digital assets to external cyber attacks.
This massive leak did not originate from a breach in the exchange’s internal systems but rather through “infostealer” malware. These malicious programs infect personal devices to silently extract saved usernames and passwords, proving that individual security is often the weakest link in the chain. The dataset, totaling 96 GB of raw data, also affects giants such as Facebook, Gmail, and Instagram.
Likewise, Fowler warned that the database continued to grow in real-time while he attempted to coordinate its shutdown with the hosting provider. The presence of government accounts with .gov domains adds an additional layer of danger, as it facilitates highly sophisticated phishing campaigns. Attackers could impersonate official agencies to trick investors and drain their digital wallets through advanced social engineering.
Evolution of malware and infiltration tactics in the digital ecosystem
On the other hand, reports from Kaspersky revealed that new variants of this malicious software disguise themselves as cheats or mods for popular video games. By downloading these files, attackers manage to hijack browser extensions and crypto-asset wallets, even installing hidden miners on the victims’ equipment. This tactic affects more than 80 exchange platforms, including heavyweight names such as Coinbase and MetaMask.
In the same way, security experts emphasize that changing passwords is useless if the device remains infected by the malicious code. The technology Blockchain behind these infostealers allows for capturing every keystroke, meaning any new key would be immediately transmitted to the criminals. Therefore, deep system cleaning and the use of hardware-based authentication are now indispensable measures for protecting personal digital wealth.
How can investors protect themselves against this wave of data theft?
Because credential theft has become a large-scale business, prevention must be the absolute priority for every investor. In this way, Binance and other entities strongly recommend the use of updated antivirus tools and periodic security scans to detect threats before funds are moved. The industry is shifting toward security models that block suspicious activities based on user behavior and real-time monitoring.
Finally, the discovery of this database serves as a critical reminder of the digital hygiene necessary in today’s digital environment. It is expected that as malware sophistication increases, users will adopt external password managers and avoid saving logins in web browsers. Keeping operating systems updated remains the most effective defense to mitigate unwanted intrusions and ensure the integrity of individual digital finances.
