Hackers Reportedly Leak 1.5 Million Binance Account Login Data

Binance is successfully courting institutional trading activities, but a growing wave of data security alarms on its retail front threatens to complicate the firms ambitions.

The world‘s largest cryptocurrency exchange by market capitalization has started 2026 with explosive momentum in its over-the-counter trading division. In January and February alone, Binance’s OTC platform recorded 25% of its total volume for all of 2025.

Captcha Bypass Exposes 1.5 Million Binance Users in Scraping Attack

This sharp rise reflects a broader market maturation, as large-cap investors and institutional players increasingly seek private execution channels for massive trades.

Binance CEO Richard Teng explained that these entities prioritize deep liquidity to avoid slippage and market disruption. The exchanges OTC desk allows buyers and sellers to execute block trades directly, shielding their strategies from public order books.

However, beneath this institutional polish, operational red flags are mounting.

The leaked data purportedly includes full names, email addresses, phone numbers, and Know Your Customer verification statuses.

More alarmingly, the threat actor claims to possess victims last-login IP addresses, device user agents, and two-factor authentication statuses. This includes whether users rely on SMS, email, or dedicated authenticator apps.

Meanwhile, the potential exposure of 2FA logs and KYC data presents a severe operational risk. It leaves compromised users highly vulnerable to targeted SIM-swap attacks and sophisticated phishing campaigns.

Crucially, VECERT‘s analysis of the authentication logs and sample data revealed that Binance’s internal servers were not directly breached. Instead, the firm outlined a sophisticated credential stuffing and scraping operation.

“The evidence suggests that the attacker managed to bypass or abuse security mechanisms (such as Captcha) in the login interface or some platform API, allowing a constant flow of unblocked requests,” VECERT explained.

This incident follows a January report by cybersecurity researcher Jeremiah Fowler, who uncovered roughly 420,000 Binance-linked credentials exposed via similar infostealer malware.

Ultimately, these events present a critical stress test for Binance‘s cybersecurity practices, as the exchange cannot afford the continued automated scraping of its users’ data.

The post Hackers Reportedly Leak 1.5 Million Binance Account Login Data appeared first on BeInCrypto.