Millions of email addresses associated with the crypto market data website CoinMarketCap (CMC) have reportedly been compromised.
According to the data security breach website haveibeenpwned, 3.1 million addresses are now trading on “hacking forums.”
CMC said Saturday it had become aware that batches of data had shown up online “purporting to be a list of user accounts.” It is unclear how the addresses were obtained. The website, owned by leading global crypto exchange Binance, also said only addresses and not passwords had been exposed though it discovered a “correlation” and warned users to use separate and unique passwords across multiple sites.
“At this point in our investigation, we’ve come to the conclusion that the leak did not come from CoinMarketCap servers,” CMC said on its blog. “As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”
CMC did not immediately respond to CoinDesk’s request for comment.
UPDATE (Oct. 24, 14:40 UTC): Adds clarifying language throughout, removes redundant sentence attributed to anonymous source.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish, a cryptocurrency exchange, which in turn is owned by Block.one, a firm with interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets including bitcoin and EOS. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.