A trove of 149 million stolen credentials, including login details for 420,000 Binance accounts, was discovered circulating among cybercriminals this week.
The findings highlight a shift in crypto theft toward long-term malware infections that steal data directly from users’ devices, often long before any funds are moved.
The Scale of the Threat
According to an alert posted on February 4 by security firm Web3 Antivirus, the dataset was compiled from information-stealing malware installed on victim devices. Beyond exchange logins, the stolen data included passwords, private keys, API keys, and browser session tokens for email, social, and financial platforms.
The firm noted that these “infostealers” capture data that can later be used for account takeovers and fund theft, emphasizing that prevention requires early detection at the device level since by the time suspicious activity appears on-chain, it is often too late.
Furthermore, in a separate series of posts, Web3 Antivirus detailed how malicious AI skills on platforms like ClawHub are being used to steal crypto data. Per the security firm, these fraudulent skills, posing as wallet tools or trading bots, install information-stealing malware that can remain dormant until a victim’s crypto balance grows or specific actions are taken. This vulnerability represents a supply-chain risk that moves upstream “from wallets to the tools people trust to manage them.”
A Persistent Challenge for Users and Platforms
The gravity of losses resulting from crypto theft cannot be understated. A recent report from PeckShield noted that scams and hacks drained over $4.04 billion in 2025, with scams alone jumping 64% year-over-year. The firm observed a move toward targeting centralized exchanges and large organizations, which accounted for 75% of stolen funds in 2025.
Meanwhile, Web3 Antivirus put the volume of 2025’s illicit crypto activity at approximately $158 billion, up from $64 billion in 2024. While the on-chain security provider partly attributed the increase to better tracking and more state-linked activity, the figures show that even small success rates for thieves can result in large losses at scale.
The recent data thefts highlighted a gap between user and platform protection, with the company stating,
“Scams don’t succeed because users ignore advice; they succeed because risk is only surfaced after execution is already possible.”
The firm argued that platforms, which can see transaction approvals and behavioral patterns before users do, sit at “the last real control point” for preventing theft.
One of the more common attack vectors is wallet drainers, which Web3 Antivirus stated had gotten worse, with 15,530 suspicious approvals across 11,908 wallets leading to $4.25 million in losses in January. These drainers usually enter through malicious transaction approvals, making pre-signature detection extremely important.
The post Attention Binance Users: Massive Malware Dataset Exposes 420,000 Accounts appeared first on CryptoPotato.
