justingoldberg · March 12, 2026 17:58 · justingoldberg · Mar 15, 2026
diff --git a/gistfile1.txt b/gistfile1.txt

 So, Who Lost Your Personal Info? 
 ·
 That Led to Scam Emails & Letters
 A comprehensive reference list of data breaches at Bitcoin and cryptocurrency companies where customer personally identifiable information (PII) was leaked, leading to phishing emails, scam letters, and targeted attacks against bitcoiners.
 Aprox. ~32 million affected direct from Crypto companies and ~1b from the KYC service provider. 
 Researched with Claude in ~5 minutes — likely more nuance to uncover, but happy to update if anything's wrong.
 Hardware Wallet Companies
 1. Ledger — E-Commerce Database Breach (July 2020)
 Breach type: Third-party API key exploitation (e-commerce/marketing database)
 Data leaked: ~1M email addresses; ~272,000 records with full names, phone numbers, physical mailing addresses
 Consequences: Massive phishing campaigns, extortion emails, physical mail scams with fake QR codes, counterfeit Ledger devices mailed to victims, "wrench attack" risk from leaked home addresses
 Link 1: Ledger's Official Statement
 Link 2: Bitdefender — Hacker Publishes 270K Ledger Addresses
 2. Ledger — Global-e Payment Partner Breach (January 2026)
 Breach type: Third-party payment processor (Global-e) cloud system breach
 Data leaked: Customer names, contact information, order data (number of affected users undisclosed)
 Consequences: Renewed phishing campaigns, physical mail scam letters
 Link 1: CoinDesk — Ledger Faces New Data Breach Through Global-e
 Link 2: DL News — Ledger Payments Partner Leaked Customer Data
 3. Trezor — Support Portal Breach (January 2024)
 Breach type: Unauthorized access to third-party support ticketing platform
 Data leaked: Names and email addresses of up to 66,000 users who contacted support since December 2021
 Consequences: 41 confirmed cases of phishing exploitation; fake "automated reply" emails requesting recovery seeds
 Link 1: Hackread — Trezor Data Breach Exposes 66,000 Users
 Link 2: BleepingComputer — Trezor Support Site Breach
 4. Trezor — Mailchimp Insider Breach (March 2022)
 Breach type: Mailchimp employee compromised via social engineering; insider targeted crypto companies
 Data leaked: Trezor newsletter subscriber email addresses (part of 102 affected Mailchimp clients)
 Consequences: Phishing emails with fake "security incident" warnings, malicious download links disguised as Trezor Suite updates, trojanized app to steal seed phrases
 Link 1: The Hacker News — Hackers Breach Mailchimp to Target Crypto
 Link 2: GovInfoSecurity — Mailchimp Breach Affects Trezor Customers
 5. Trezor — Support Platform Abuse (2025)
 Breach type: Automated support system abused to send phishing from official help@trezor.io address
 Data leaked: No direct data breach; attackers exploited the ticket system to send legitimate-looking phishing
 Consequences: Emails from official Trezor address urging users to "protect assets from state-sponsored actors"
 Link 1: BleepingComputer — Trezor Support Platform Abused
 Link 2: The Block — Trezor Issues Phishing Alert
 6. BitBox (Shift Crypto) — ActiveCampaign Email Provider Breach (July 2022)
 Breach type: Email marketing provider ActiveCampaign compromised; subscriber lists downloaded by unauthorized party
 Data leaked: Newsletter subscriber names/aliases, email addresses, IP addresses
 Consequences: Phishing attempts targeting BitBox users; Shift Crypto dropped ActiveCampaign and switched to Brevo
 Link 1: BitBox Blog — Data Breach of ActiveCampaign
 Link 2: BitBox on X — Breach Announcement
 7. BitBox (Shift Crypto) — Everest Ransomware Breach (July 2025)
 Breach type: Ransomware attack (Everest group); internal documents and customer order database leaked
 Data leaked: 20,000+ customer records including IDs, emails, full names, phone numbers, IP addresses, order details
 Consequences: Hardware wallet purchases linked to specific individuals, physical security risks
 Link 1: Brinztech Alert — BitBox Order Data Leaked
 Link 2: Dark Web Informer on X
 8. Blockstream (Jade Wallet) — Third-Party Shipping Provider Leak (2023)
 Breach type: Third-party fulfillment partner leaked customer data
 Data leaked: Emails, phone numbers, physical addresses of Jade wallet buyers
 Consequences: Targeted phishing campaign with fake "emergency firmware" alerts, fake exploit warnings with malicious links
 Link 1: U.Today — Blockstream Publishes Phishing Investigation
 Link 2: NobsBitcoin — Blockstream Investigating Email Database Leak
 Cryptocurrency Exchanges
 9. Coinbase — Insider Bribery Breach (December 2024, disclosed May 2025)
 Breach type: Rogue overseas support agents bribed to steal customer data
 Data leaked: ~69,461 customers — names, SSNs, bank details, transaction histories, emails, phone numbers, government ID images
 Consequences: $20M extortion attempt (refused), social engineering attacks, class-action lawsuit, estimated $180–400M in losses
 Link 1: Coinbase Blog — Protecting Our Customers
 Link 2: The Hacker News — Coinbase Agents Bribed
 10. Gemini — Third-Party Vendor Breach (2022)
 Breach type: Twilio/Authy compromise exposed Gemini customer data
 Data leaked: 5.7 million email addresses and partial phone numbers
 Consequences: Database sold on dark web then leaked free; waves of phishing via email, SMS, WhatsApp, Telegram impersonating Gemini support
 Link 1: Cointelegraph — 5.7M Gemini Emails Leaked
 Link 2: BleepingComputer — 5.7M Gemini Users' Info Leaked
 11. Binance — KYC Data Leak (August 2019)
 Breach type: Third-party KYC vendor compromise; 10,000+ personal KYC photos leaked
 Data leaked: KYC verification photos (selfies, IDs) of up to 60,000 users; $3M+ extortion demand
 Consequences: KYC photos distributed on Telegram, identity theft risk, ongoing dark web listings
 Link 1: CoinDesk — Binance Customer Data Has Leaked
 Link 2: The Hacker News — Binance Confirms KYC Data from 3rd-Party Vendor
 12. Crypto.com — Scattered Spider Breach (2022, unreported)
 Breach type: Social engineering by Scattered Spider hacking group via Twilio compromise
 Data leaked: Personal information of users (scope undisclosed); no customer funds accessed
 Consequences: Never publicly disclosed; only acknowledged when contacted by Bloomberg
 Link 1: Yahoo Finance — Crypto.com Breach Tied to Scattered Spider
 Link 2: Decrypt — Crypto.com Breach Linked to Scattered Spider
 13. Liquid Exchange — GoDaddy DNS Hijack (November 2020)
 Breach type: GoDaddy incorrectly transferred domain control; DNS records changed, internal emails compromised
 Data leaked: Emails, names, addresses, encrypted passwords; possible KYC document access
 Consequences: Potential phishing using compromised internal email accounts
 Link 1: TechCrunch — Liquid Confirms Hack
 Link 2: CoinDesk — Liquid User Data Possibly Exposed
 14. BTC Markets (Australia) — Accidental Email Exposure (December 2020)
 Breach type: Botched blast email send — customer emails placed in "To" field instead of BCC
 Data leaked: 270,000 customer names and email addresses exposed to each other in batches of 1,000
 Consequences: Email addresses doubled as login usernames, creating account takeover risk
 Link 1: iTnews — BTC Markets Exposes Customer Names and Emails
 Link 2: CoinDesk — Australian Exchange Exposes 270K Users
 15. GateHub — Database Breach (June 2019)
 Breach type: Unauthorized access to database holding valid access tokens
 Data leaked: 1.4 million accounts — email addresses, hashed passwords, encrypted mnemonic phrases, encrypted master/recovery keys
 Consequences: ~$10M in stolen XRP funds; phishing targeting compromised accounts
 Link 1: Have I Been Pwned — GateHub
 Link 2: Cointelegraph — GateHub Crypto Wallet Breach
 16. Robinhood — Social Engineering Breach (November 2021)
 Breach type: Customer support representative socially engineered over the phone
 Data leaked: 5M+ email addresses, 2M+ customer names, 310 full profiles (DOB, ZIP), 4,400 phone numbers
 Consequences: Extortion demand; targeted phishing campaigns against crypto-trading users
 Link 1: TechCrunch — Robinhood Data Breach
 Link 2: Robinhood Official Statement
 Crypto Service Providers & Data Aggregators
 17. CoinMarketCap — Email Database Leak (October 2021)
 Breach type: 3.1 million email addresses appeared on hacking forums (CMC disputes direct breach)
 Data leaked: 3,117,548 email addresses (no passwords)
 Consequences: Targeted phishing; CMC claims data was correlated from other breaches, but HIBP users confirmed CMC accounts
 Link 1: CoinDesk — 3 Million CMC Emails Leaked
 Link 2: Have I Been Pwned — CoinMarketCap
 18. CoinGecko — GetResponse Email Provider Breach (June 2024)
 Breach type: GetResponse employee account compromised
 Data leaked: 1,916,596 contacts — names, email addresses, IP addresses, email metadata, subscription plans
 Consequences: 23,723 phishing emails sent from another compromised GetResponse account; fake airdrop offers
 Link 1: CoinGecko — Security Notice
 Link 2: Cointelegraph — CoinGecko Confirms Breach
 19. CoinTracker — SendGrid/Twilio Breach (December 2022)
 Breach type: SendGrid (Twilio subsidiary) employee credentials compromised
 Data leaked: 1.5M+ customer email addresses
 Consequences: Phishing campaigns targeting crypto tax software users
 Link 1: CoinTracker Blog — SendGrid Data Breach
 Link 2: Have I Been Pwned — CoinTracker
 20. CoinTracker — Mixpanel Breach (November 2025)
 Breach type: Analytics partner Mixpanel hit by smishing attack
 Data leaked: Email addresses, IP-derived locations, device metadata, transaction summaries
 Consequences: Combined with OpenAI in same breach; heightened phishing risk
 Link 1: Protos — OpenAI, CoinTracker Data Leaked via Mixpanel
 Link 2: BleepingComputer — OpenAI Discloses Mixpanel Vendor Hack
 21. OpenSea — Customer.io Insider Breach (June 2022)
 Breach type: Employee at email vendor Customer.io abused access to download and share user data
 Data leaked: 7 million email addresses (fully publicized in 2025)
 Consequences: Phishing impersonating OpenSea; fake NFT offers and wallet-draining links; data now fully public
 Link 1: TechCrunch — OpenSea Data Breach
 Link 2: Cointelegraph — Millions of OpenSea Emails Now Fully Public
 Bankruptcy & Financial Services
 22. FTX / BlockFi / Genesis — Kroll SIM Swap Breach (August 2023)
 Breach type: SIM swapping attack on bankruptcy claims agent Kroll
 Data leaked: Names, emails, mailing addresses, phone numbers, account numbers, account balances, claim details for bankruptcy claimants of FTX, BlockFi, and Genesis
 Consequences: Phishing mimicking official bankruptcy communications; $3.3M settlement; class-action lawsuit
 Link 1: Top Class Actions — FTX, BlockFi, Genesis Claimant Data Exposed
 Link 2: The Chain Bulletin — Kroll Data Breach
 23. Celsius Network — Multiple Breaches (2021–2023)
 Breach type: (a) Email server breach (April 2021); (b) Customer.io insider leak (July 2022); (c) Stretto bankruptcy agent phishing (April 2023)
 Data leaked: Customer email addresses; 104,000 creditor names/contact info via Stretto; ~30 SSNs; transaction histories published in court filings
 Consequences: Persistent phishing campaigns impersonating Stretto and Celsius; transaction data publicly searchable in court documents
 Link 1: Blockworks — Celsius Customer Emails Leaked
 Link 2: Cointelegraph — Celsius Phishing Attacks Surge
 CRM & Email Provider Breaches (Affecting Multiple Crypto Companies)
 24. HubSpot — Targeted Crypto Industry Hack (March 2022)
 Breach type: HubSpot employee account compromised; targeted attack on crypto industry clients
 Companies affected: BlockFi, Swan Bitcoin, Pantera Capital, NYDIG, Circle (~30 clients total)
 Data leaked: Names, email addresses, mailing addresses, phone numbers, regulatory classifications
 Consequences: Phishing campaigns across multiple crypto brands; fake "data breach notice" scams years later
 Link 1: CoinDesk — HubSpot Hack Hits BlockFi, Swan Bitcoin
 Link 2: Blockworks — NYDIG, BlockFi, Pantera Targeted
 25. MailerLite — Crypto Account Takeover (January 2024)
 Breach type: Social engineering of support employee; internal admin panel access
 Companies affected: WalletConnect, Token Terminal, De.Fi, CoinTelegraph (117 accounts accessed, 4 used for phishing)
 Data leaked: Email subscriber lists; phishing emails sent from official brand accounts
 Consequences: $3.3M stolen via wallet-draining phishing emails disguised as airdrops from trusted brands
 Link 1: MailerLite — Security Incident Notice
 Link 2: Cointelegraph — MailerLite $3.3M Crypto Phishing
 KYC Providers
 26. IDMerit — Exposed KYC Database (2025)
 Breach type: Exposed MongoDB database containing KYC verification data
 Data leaked: ~1 billion records across 26 countries — full names, addresses, DOBs, national ID numbers, phone numbers, email addresses (used by crypto firms for KYC)
 Consequences: Massive identity theft risk for crypto users who completed KYC through IDMerit clients
 Link 1: Cybernews — Global Data Leak Exposes Billion Records
 Other Notable Incidents
 27. Swan Bitcoin — Klaviyo Breach + Dark Web Listing (2022 / 2025)
 Breach type: Klaviyo employee phished (2022); 235K user records later appeared on dark web (2025)
 Data leaked: Names, emails, phone numbers, account properties; later listing includes physical addresses and investment details
 Consequences: Fake "data breach notice" phishing emails; ongoing scam campaigns
 Link 1: Decrypt — Swan Bitcoin Data Leak via Klaviyo
 Link 2: Brinztech — 235K Swan Bitcoin Records on Sale
 28. Figure (Blockchain Lender) — ShinyHunters Breach (2025)
 Breach type: Data stolen and leaked by ShinyHunters group
 Data leaked: ~967,000 user records — names, DOBs, emails, postal addresses, phone numbers
 Consequences: Identity theft risk; data published on Have I Been Pwned
 Link 1: SecurityWeek — Nearly 1M Figure Records Compromised
 Link 2: Decrypt — Figure Confirms Customer Data Breach
 29. Grayscale Investments — Alleged Everest Ransomware Breach (July 2025)
 Breach type: Everest ransomware group claims data theft (unconfirmed by Grayscale)
 Data leaked: Allegedly ~693,000 records — names, job titles, emails, phone numbers, company affiliations
 Consequences: Unverified; may be recycled data from earlier 2024 listing
 Link 1: GBHackers — Grayscale Data Breach
 Link 2: BreachSense — Grayscale Data Breach
 30. Bybit — Ransomware Attack (February 2025)
 Breach type: Ransomware attack exploiting security vulnerabilities
 Data leaked: Customer PII (names, emails, phone numbers), financial details, unencrypted wallet keys
 Consequences: One of the largest crypto exchange hacks; combined data theft and fund theft
 Link 1: Huntress — Bybit Data Breach
 Physical Mail Scam Campaigns (Linked to Breaches)
 These scams directly exploit leaked physical addresses from the breaches above:
 Fake Ledger hardware wallets mailed to breach victims (2021) — Counterfeit Nano devices with modified firmware to steal seed phrases. Bitcoin Magazine
 Ledger physical mail QR code scam (2025–2026) — Letters on branded letterhead demanding "mandatory authentication update" via malicious QR code. Crypto.jobs News
 Fake Trezor security letters (2026) — Physical letters with deadlines for "firmware verification" via malicious websites. Bitcoin Ethereum News
 Blockstream Jade "emergency firmware" letters (2023) — Postal letters claiming Jade was exploited. U.Today
 Summary Statistics
 Category Count Total Records Exposed     Hardware wallet companies 8 breaches ~2.3M+ records   Exchanges 8 breaches ~82M+ records   Service providers & aggregators 5 breaches ~14M+ records   Bankruptcy agents 2 breaches ~170K+ records   CRM/Email providers (multi-company) 2 breaches 30+ companies affected   KYC providers 1 breach ~1B records
 Common Attack Vectors
 Third-party vendor compromise — The #1 vector. Mailchimp, ActiveCampaign, Customer.io, HubSpot, Klaviyo, GetResponse, SendGrid, MailerLite, Kroll, Stretto, Global-e all breached
 Insider threats / bribery — Coinbase, Customer.io (OpenSea/Celsius), Mailchimp
 Social engineering — Robinhood, Liquid (via GoDaddy), MailerLite
 SIM swapping — Kroll (FTX/BlockFi/Genesis)
 Ransomware — BitBox (Everest), Bybit, Grayscale (alleged)
 Accidental exposure — BTC Markets (email BCC error)
 Last updated: March 2026. Sources verified via web search. Some incidents (Grayscale, Kraken dark web listings) remain unconfirmed by the companies.
 Want to publish your own Article?

	So, Who Lost Your Personal Info?
	·
	That Led to Scam Emails & Letters
	A comprehensive reference list of data breaches at Bitcoin and cryptocurrency companies where customer personally identifiable information (PII) was leaked, leading to phishing emails, scam letters, and targeted attacks against bitcoiners.
	Aprox. ~32 million affected direct from Crypto companies and ~1b from the KYC service provider.
	Researched with Claude in ~5 minutes — likely more nuance to uncover, but happy to update if anything's wrong.
	Hardware Wallet Companies
	1. Ledger — E-Commerce Database Breach (July 2020)
	Breach type: Third-party API key exploitation (e-commerce/marketing database)
	Data leaked: ~1M email addresses; ~272,000 records with full names, phone numbers, physical mailing addresses
	Consequences: Massive phishing campaigns, extortion emails, physical mail scams with fake QR codes, counterfeit Ledger devices mailed to victims, "wrench attack" risk from leaked home addresses
	Link 1: Ledger's Official Statement
	Link 2: Bitdefender — Hacker Publishes 270K Ledger Addresses
	2. Ledger — Global-e Payment Partner Breach (January 2026)
	Breach type: Third-party payment processor (Global-e) cloud system breach
	Data leaked: Customer names, contact information, order data (number of affected users undisclosed)
	Consequences: Renewed phishing campaigns, physical mail scam letters
	Link 1: CoinDesk — Ledger Faces New Data Breach Through Global-e
	Link 2: DL News — Ledger Payments Partner Leaked Customer Data
	3. Trezor — Support Portal Breach (January 2024)
	Breach type: Unauthorized access to third-party support ticketing platform
	Data leaked: Names and email addresses of up to 66,000 users who contacted support since December 2021
	Consequences: 41 confirmed cases of phishing exploitation; fake "automated reply" emails requesting recovery seeds
	Link 1: Hackread — Trezor Data Breach Exposes 66,000 Users
	Link 2: BleepingComputer — Trezor Support Site Breach
	4. Trezor — Mailchimp Insider Breach (March 2022)
	Breach type: Mailchimp employee compromised via social engineering; insider targeted crypto companies
	Data leaked: Trezor newsletter subscriber email addresses (part of 102 affected Mailchimp clients)
	Consequences: Phishing emails with fake "security incident" warnings, malicious download links disguised as Trezor Suite updates, trojanized app to steal seed phrases
	Link 1: The Hacker News — Hackers Breach Mailchimp to Target Crypto
	Link 2: GovInfoSecurity — Mailchimp Breach Affects Trezor Customers
	5. Trezor — Support Platform Abuse (2025)
	Breach type: Automated support system abused to send phishing from official help@trezor.io address
	Data leaked: No direct data breach; attackers exploited the ticket system to send legitimate-looking phishing
	Consequences: Emails from official Trezor address urging users to "protect assets from state-sponsored actors"
	Link 1: BleepingComputer — Trezor Support Platform Abused
	Link 2: The Block — Trezor Issues Phishing Alert
	6. BitBox (Shift Crypto) — ActiveCampaign Email Provider Breach (July 2022)
	Breach type: Email marketing provider ActiveCampaign compromised; subscriber lists downloaded by unauthorized party
	Data leaked: Newsletter subscriber names/aliases, email addresses, IP addresses
	Consequences: Phishing attempts targeting BitBox users; Shift Crypto dropped ActiveCampaign and switched to Brevo
	Link 1: BitBox Blog — Data Breach of ActiveCampaign
	Link 2: BitBox on X — Breach Announcement
	7. BitBox (Shift Crypto) — Everest Ransomware Breach (July 2025)
	Breach type: Ransomware attack (Everest group); internal documents and customer order database leaked
	Data leaked: 20,000+ customer records including IDs, emails, full names, phone numbers, IP addresses, order details
	Consequences: Hardware wallet purchases linked to specific individuals, physical security risks
	Link 1: Brinztech Alert — BitBox Order Data Leaked
	Link 2: Dark Web Informer on X
	8. Blockstream (Jade Wallet) — Third-Party Shipping Provider Leak (2023)
	Breach type: Third-party fulfillment partner leaked customer data
	Data leaked: Emails, phone numbers, physical addresses of Jade wallet buyers
	Consequences: Targeted phishing campaign with fake "emergency firmware" alerts, fake exploit warnings with malicious links
	Link 1: U.Today — Blockstream Publishes Phishing Investigation
	Link 2: NobsBitcoin — Blockstream Investigating Email Database Leak
	Cryptocurrency Exchanges
	9. Coinbase — Insider Bribery Breach (December 2024, disclosed May 2025)
	Breach type: Rogue overseas support agents bribed to steal customer data
	Data leaked: ~69,461 customers — names, SSNs, bank details, transaction histories, emails, phone numbers, government ID images
	Consequences: $20M extortion attempt (refused), social engineering attacks, class-action lawsuit, estimated $180–400M in losses
	Link 1: Coinbase Blog — Protecting Our Customers
	Link 2: The Hacker News — Coinbase Agents Bribed
	10. Gemini — Third-Party Vendor Breach (2022)
	Breach type: Twilio/Authy compromise exposed Gemini customer data
	Data leaked: 5.7 million email addresses and partial phone numbers
	Consequences: Database sold on dark web then leaked free; waves of phishing via email, SMS, WhatsApp, Telegram impersonating Gemini support
	Link 1: Cointelegraph — 5.7M Gemini Emails Leaked
	Link 2: BleepingComputer — 5.7M Gemini Users' Info Leaked
	11. Binance — KYC Data Leak (August 2019)
	Breach type: Third-party KYC vendor compromise; 10,000+ personal KYC photos leaked
	Data leaked: KYC verification photos (selfies, IDs) of up to 60,000 users; $3M+ extortion demand
	Consequences: KYC photos distributed on Telegram, identity theft risk, ongoing dark web listings
	Link 1: CoinDesk — Binance Customer Data Has Leaked
	Link 2: The Hacker News — Binance Confirms KYC Data from 3rd-Party Vendor
	12. Crypto.com — Scattered Spider Breach (2022, unreported)
	Breach type: Social engineering by Scattered Spider hacking group via Twilio compromise
	Data leaked: Personal information of users (scope undisclosed); no customer funds accessed
	Consequences: Never publicly disclosed; only acknowledged when contacted by Bloomberg
	Link 1: Yahoo Finance — Crypto.com Breach Tied to Scattered Spider
	Link 2: Decrypt — Crypto.com Breach Linked to Scattered Spider
	13. Liquid Exchange — GoDaddy DNS Hijack (November 2020)
	Breach type: GoDaddy incorrectly transferred domain control; DNS records changed, internal emails compromised
	Data leaked: Emails, names, addresses, encrypted passwords; possible KYC document access
	Consequences: Potential phishing using compromised internal email accounts
	Link 1: TechCrunch — Liquid Confirms Hack
	Link 2: CoinDesk — Liquid User Data Possibly Exposed
	14. BTC Markets (Australia) — Accidental Email Exposure (December 2020)
	Breach type: Botched blast email send — customer emails placed in "To" field instead of BCC
	Data leaked: 270,000 customer names and email addresses exposed to each other in batches of 1,000
	Consequences: Email addresses doubled as login usernames, creating account takeover risk
	Link 1: iTnews — BTC Markets Exposes Customer Names and Emails
	Link 2: CoinDesk — Australian Exchange Exposes 270K Users
	15. GateHub — Database Breach (June 2019)
	Breach type: Unauthorized access to database holding valid access tokens
	Data leaked: 1.4 million accounts — email addresses, hashed passwords, encrypted mnemonic phrases, encrypted master/recovery keys
	Consequences: ~$10M in stolen XRP funds; phishing targeting compromised accounts
	Link 1: Have I Been Pwned — GateHub
	Link 2: Cointelegraph — GateHub Crypto Wallet Breach
	16. Robinhood — Social Engineering Breach (November 2021)
	Breach type: Customer support representative socially engineered over the phone
	Data leaked: 5M+ email addresses, 2M+ customer names, 310 full profiles (DOB, ZIP), 4,400 phone numbers
	Consequences: Extortion demand; targeted phishing campaigns against crypto-trading users
	Link 1: TechCrunch — Robinhood Data Breach
	Link 2: Robinhood Official Statement
	Crypto Service Providers & Data Aggregators
	17. CoinMarketCap — Email Database Leak (October 2021)
	Breach type: 3.1 million email addresses appeared on hacking forums (CMC disputes direct breach)
	Data leaked: 3,117,548 email addresses (no passwords)
	Consequences: Targeted phishing; CMC claims data was correlated from other breaches, but HIBP users confirmed CMC accounts
	Link 1: CoinDesk — 3 Million CMC Emails Leaked
	Link 2: Have I Been Pwned — CoinMarketCap
	18. CoinGecko — GetResponse Email Provider Breach (June 2024)
	Breach type: GetResponse employee account compromised
	Data leaked: 1,916,596 contacts — names, email addresses, IP addresses, email metadata, subscription plans
	Consequences: 23,723 phishing emails sent from another compromised GetResponse account; fake airdrop offers
	Link 1: CoinGecko — Security Notice
	Link 2: Cointelegraph — CoinGecko Confirms Breach
	19. CoinTracker — SendGrid/Twilio Breach (December 2022)
	Breach type: SendGrid (Twilio subsidiary) employee credentials compromised
	Data leaked: 1.5M+ customer email addresses
	Consequences: Phishing campaigns targeting crypto tax software users
	Link 1: CoinTracker Blog — SendGrid Data Breach
	Link 2: Have I Been Pwned — CoinTracker
	20. CoinTracker — Mixpanel Breach (November 2025)
	Breach type: Analytics partner Mixpanel hit by smishing attack
	Data leaked: Email addresses, IP-derived locations, device metadata, transaction summaries
	Consequences: Combined with OpenAI in same breach; heightened phishing risk
	Link 1: Protos — OpenAI, CoinTracker Data Leaked via Mixpanel
	Link 2: BleepingComputer — OpenAI Discloses Mixpanel Vendor Hack
	21. OpenSea — Customer.io Insider Breach (June 2022)
	Breach type: Employee at email vendor Customer.io abused access to download and share user data
	Data leaked: 7 million email addresses (fully publicized in 2025)
	Consequences: Phishing impersonating OpenSea; fake NFT offers and wallet-draining links; data now fully public
	Link 1: TechCrunch — OpenSea Data Breach
	Link 2: Cointelegraph — Millions of OpenSea Emails Now Fully Public
	Bankruptcy & Financial Services
	22. FTX / BlockFi / Genesis — Kroll SIM Swap Breach (August 2023)
	Breach type: SIM swapping attack on bankruptcy claims agent Kroll
	Data leaked: Names, emails, mailing addresses, phone numbers, account numbers, account balances, claim details for bankruptcy claimants of FTX, BlockFi, and Genesis
	Consequences: Phishing mimicking official bankruptcy communications; $3.3M settlement; class-action lawsuit
	Link 1: Top Class Actions — FTX, BlockFi, Genesis Claimant Data Exposed
	Link 2: The Chain Bulletin — Kroll Data Breach
	23. Celsius Network — Multiple Breaches (2021–2023)
	Breach type: (a) Email server breach (April 2021); (b) Customer.io insider leak (July 2022); (c) Stretto bankruptcy agent phishing (April 2023)
	Data leaked: Customer email addresses; 104,000 creditor names/contact info via Stretto; ~30 SSNs; transaction histories published in court filings
	Consequences: Persistent phishing campaigns impersonating Stretto and Celsius; transaction data publicly searchable in court documents
	Link 1: Blockworks — Celsius Customer Emails Leaked
	Link 2: Cointelegraph — Celsius Phishing Attacks Surge
	CRM & Email Provider Breaches (Affecting Multiple Crypto Companies)
	24. HubSpot — Targeted Crypto Industry Hack (March 2022)
	Breach type: HubSpot employee account compromised; targeted attack on crypto industry clients
	Companies affected: BlockFi, Swan Bitcoin, Pantera Capital, NYDIG, Circle (~30 clients total)
	Data leaked: Names, email addresses, mailing addresses, phone numbers, regulatory classifications
	Consequences: Phishing campaigns across multiple crypto brands; fake "data breach notice" scams years later
	Link 1: CoinDesk — HubSpot Hack Hits BlockFi, Swan Bitcoin
	Link 2: Blockworks — NYDIG, BlockFi, Pantera Targeted
	25. MailerLite — Crypto Account Takeover (January 2024)
	Breach type: Social engineering of support employee; internal admin panel access
	Companies affected: WalletConnect, Token Terminal, De.Fi, CoinTelegraph (117 accounts accessed, 4 used for phishing)
	Data leaked: Email subscriber lists; phishing emails sent from official brand accounts
	Consequences: $3.3M stolen via wallet-draining phishing emails disguised as airdrops from trusted brands
	Link 1: MailerLite — Security Incident Notice
	Link 2: Cointelegraph — MailerLite $3.3M Crypto Phishing
	KYC Providers
	26. IDMerit — Exposed KYC Database (2025)
	Breach type: Exposed MongoDB database containing KYC verification data
	Data leaked: ~1 billion records across 26 countries — full names, addresses, DOBs, national ID numbers, phone numbers, email addresses (used by crypto firms for KYC)
	Consequences: Massive identity theft risk for crypto users who completed KYC through IDMerit clients
	Link 1: Cybernews — Global Data Leak Exposes Billion Records
	Other Notable Incidents
	27. Swan Bitcoin — Klaviyo Breach + Dark Web Listing (2022 / 2025)
	Breach type: Klaviyo employee phished (2022); 235K user records later appeared on dark web (2025)
	Data leaked: Names, emails, phone numbers, account properties; later listing includes physical addresses and investment details
	Consequences: Fake "data breach notice" phishing emails; ongoing scam campaigns
	Link 1: Decrypt — Swan Bitcoin Data Leak via Klaviyo
	Link 2: Brinztech — 235K Swan Bitcoin Records on Sale
	28. Figure (Blockchain Lender) — ShinyHunters Breach (2025)
	Breach type: Data stolen and leaked by ShinyHunters group
	Data leaked: ~967,000 user records — names, DOBs, emails, postal addresses, phone numbers
	Consequences: Identity theft risk; data published on Have I Been Pwned
	Link 1: SecurityWeek — Nearly 1M Figure Records Compromised
	Link 2: Decrypt — Figure Confirms Customer Data Breach
	29. Grayscale Investments — Alleged Everest Ransomware Breach (July 2025)
	Breach type: Everest ransomware group claims data theft (unconfirmed by Grayscale)
	Data leaked: Allegedly ~693,000 records — names, job titles, emails, phone numbers, company affiliations
	Consequences: Unverified; may be recycled data from earlier 2024 listing
	Link 1: GBHackers — Grayscale Data Breach
	Link 2: BreachSense — Grayscale Data Breach
	30. Bybit — Ransomware Attack (February 2025)
	Breach type: Ransomware attack exploiting security vulnerabilities
	Data leaked: Customer PII (names, emails, phone numbers), financial details, unencrypted wallet keys
	Consequences: One of the largest crypto exchange hacks; combined data theft and fund theft
	Link 1: Huntress — Bybit Data Breach
	Physical Mail Scam Campaigns (Linked to Breaches)
	These scams directly exploit leaked physical addresses from the breaches above:
	Fake Ledger hardware wallets mailed to breach victims (2021) — Counterfeit Nano devices with modified firmware to steal seed phrases. Bitcoin Magazine
	Ledger physical mail QR code scam (2025–2026) — Letters on branded letterhead demanding "mandatory authentication update" via malicious QR code. Crypto.jobs News
	Fake Trezor security letters (2026) — Physical letters with deadlines for "firmware verification" via malicious websites. Bitcoin Ethereum News
	Blockstream Jade "emergency firmware" letters (2023) — Postal letters claiming Jade was exploited. U.Today
	Summary Statistics
	Category Count Total Records Exposed Hardware wallet companies 8 breaches ~2.3M+ records Exchanges 8 breaches ~82M+ records Service providers & aggregators 5 breaches ~14M+ records Bankruptcy agents 2 breaches ~170K+ records CRM/Email providers (multi-company) 2 breaches 30+ companies affected KYC providers 1 breach ~1B records
	Common Attack Vectors
	Third-party vendor compromise — The #1 vector. Mailchimp, ActiveCampaign, Customer.io, HubSpot, Klaviyo, GetResponse, SendGrid, MailerLite, Kroll, Stretto, Global-e all breached
	Insider threats / bribery — Coinbase, Customer.io (OpenSea/Celsius), Mailchimp
	Social engineering — Robinhood, Liquid (via GoDaddy), MailerLite
	SIM swapping — Kroll (FTX/BlockFi/Genesis)
	Ransomware — BitBox (Everest), Bybit, Grayscale (alleged)
	Accidental exposure — BTC Markets (email BCC error)
	Last updated: March 2026. Sources verified via web search. Some incidents (Grayscale, Kraken dark web listings) remain unconfirmed by the companies.
	Want to publish your own Article?
No results found