A hacker claims to be selling tens of millions of CoinMarketCap user records, putting crypto users at risk of phishing attacks.

A dataset allegedly tied to one of the crypto industry’s most-visited platforms is now circulating on hacker forums.

According to the listing, the dataset includes between 40 and 50 million “real” user accounts, alongside an additional 50 to 60 million bot accounts.

The platform, which tracks millions of cryptocurrency tokens and attracts over 300 million monthly visits, has become a central hub for both retail traders and institutional observers, making any potential exposure particularly valuable. Nearly 22% of the platform’s users are located in the US, with Indonesia and India coming next.

What does the leaked data contain?

The Cybernews research team reviewed samples shared by the seller. These included a small subset of records, 6 attributed to real users and 7 to bot accounts.

The data itself appears relatively limited at first glance, consisting of:

• User nicknames
• Follower and following counts
• Account metadata

Crucially, our researchers were unable to verify the full scale of the dataset, and the seller’s credibility remains unclear, as this is reportedly their first post on the forum.

On its own, a nickname and follower count might not seem particularly sensitive or pose any tangible risks. Unfortunately, even fragments of identity can be stitched together into something far more dangerous.

The threat actor claims that usernames in the dataset were created from email addresses, which, if true, would greatly increase the risks. In practice, that means attackers could infer or partially reconstruct email addresses and cross-reference data with previous leaks to build phishing campaigns.

“It can be used for recon to gain more precise contact info of these people, which then can be crafted into social engineering campaigns,” our researchers explained.

“These campaigns could be tailored to mimic CoinMarketCap’s email style, or combined with other leaked datasets to more accurately identify and target specific users.”

Attacks that mimic legitimate platform communications increase the chances of success. In a space like crypto, where users are already frequent targets, that added precision can make scams far more convincing.

At this point, it is impossible to verify the scale of alleged data theft. Cybernews has reached out to CoinMarketCap for comment, but the company has not yet responded.

The hidden risk behind bot accounts

The dataset’s second layer, tens of millions of alleged bot accounts, introduces a different kind of risk.

Bot accounts can become infrastructure for abuse if they are tied to real email addresses. If those credentials are weak, reused, or already exposed elsewhere, attackers could hijack them to create networks of burner accounts.

“I am assuming that these bot accounts were still created using legit email addresses, so if, for example, their email login credentials are leaked somewhere or if the passwords are easily crackable,” one of our researchers said.

“If there's a lack of MFA, they could be used to create burner accounts for a variety of purposes.”

---

Unlock more exclusive Cybernews content on YouTube.