Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > Hackers Claim to Sell more than 824,000 Records Linked to ExchangeMafia

Hackers Claim to Sell more than 824,000 Records Linked to ExchangeMafia

By: Morgan Cipher Senior Privacy Journalist

Last updated: June 30, 2026

Human Written
Hackers Claim to Sell more than 824,000 Records Linked to ExchangeMafia
  • A threat actor is claiming that a database allegedly stolen from cryptocurrency exchange ExchangeMafia.com is up for sale.

  • The listing brandishes approximately 824,262 records, with samples available privately via Telegram, according to reports.

  • So far, the data authenticity has got no independent verification as well as no public confirmation from ExchangeMafia.

According to a known cybersecurity researcher’s report on X, a cyber thief listed huge amounts of data allegedly belonging to ExchangeMafia.com. In the listing, one can only access the database samples privately using Telegram. This scheme helps the bad actor to cut a deal with potential buyers rather than just blowing the data open.

These reports have no confirmations yet. However, the incident could expose crypto users to a range of cyber threats, such as phishing, account takeover attempts, etc..

Exchange Service Allegedly Targeted

Bad actors are putting more attacks out against services that facilitate cryptocurrency transactions. The reason is that they often store valuable customer information and have connections to digital asset holdings. ExchangeMafia.com allows users to convert digital assets into fiat currencies and vice versa.

As such, it’s a target for the bad actors. The alleged breach listing does not publicly describe the exact contents of the database. However, the records mostly include user identifiers, contact information, account details, transaction histories, and authentication-related data.

Daily Dark Web emphasized the absence of adequate authenticity of the dataset or confirmation that it is from ExchangeMafia.com. Likewise, ExchangeMafia had not issued a public statement regarding the alleged breach at the time of publication.

Growing Trend of Cryptocurrency Data Sales

Over the past several years, threat actors have increasingly targeted cryptocurrency exchanges, wallets, decentralized finance (DeFi) platforms, and blockchain-related businesses. Some incidents stem from direct system compromises. Others involve credential theft, phishing attacks, insider threats, cloud misconfigurations, or third-party vendor breaches.

One of the most critical attack vectors is VPN infrastructure; ransomware groups have shifted their focus to exploiting these systems as a primary entry point into corporate networks.

Even when attackers fail to steal cryptocurrency itself, customer databases remain highly valuable. Cybercriminals often use personal information to launch highly targeted attacks. A few are phishing emails, impersonate customer support representatives, or trick victims into revealing wallet recovery phrases and authentication codes.

Security researchers note that cryptocurrency users are particularly attractive targets. The reason is that successful compromises may provide attackers with immediate access to digital assets difficult to recover once transferred.

Victim or Not; Next Steps

Although the alleged breach remains unverified, cybersecurity analysts recommend that organizations treat such claims seriously. Threat actors frequently exaggerate the scale or authenticity of stolen datasets to increase their market value. However, security experts also warn that seemingly unverified claims have, in numerous past cases, later proven to involve genuine data breaches. 

Security experts advise organizations facing similar claims to promptly investigate any allegations and review authentication logs for suspicious activity. It’s also important to look out for unauthorized access. Customers should also remain vigilant for phishing emails, fake support messages, and fraudulent login pages.

If you use any cryptocurrency services, quickly enable multiple authentication, use unique passwords, monitor account activity for unauthorized logins or withdrawals, and avoid clicking unsolicited links claiming to relate to account security.

As of now, there is no evidence confirming that ExchangeMafia.com has suffered a verified data breach. Until independent validation or an official statement emerges, the claims made by the threat actor should be treated with caution.

Share this article

About the Author

Morgan Cipher

Morgan Cipher

Senior Privacy Journalist

Morgan combines a journalist’s curiosity with a security specialist’s precision. His reporting on data breaches, privacy laws, and encryption tech has been featured in several tech publications. At TorWire, he focuses on real-world threats and how to counter them, always with an eye on what’s next in digital privacy.

Comments (0)

No comments.