420,000 Binance account login information leaked, stemming from a malware database of 149 million stolen credentials
On February 4th, security company Web3 Antivirus issued a warning that a massive database containing 149 million stolen credentials had been exposed, directly involving login information for approximately 420,000 Binance accounts. This incident has directly highlighted the severe security threats currently facing the cryptocurrency sector.
The source of this leak is attributed to 'information stealing' malware that has long been lurking on user devices. In addition to exchange accounts, the stolen data also includes email, social account passwords, as well as core asset credentials such as private keys, API keys, and browser session tokens.
Security experts emphasize that such attacks often complete the theft long before funds are transferred, and traditional on-chain monitoring is slow to respond. The key to defense must be realized in early detection at the device level.
The report points out that criminal gangs have begun distributing malicious AI tools disguised as wallets or trading bots on platforms like ClawHub, which activate stealing functions only when the victims' balances increase or they perform specific actions, thereby forming a 'supply chain attack' from software tools to wallets.
According to a previous report by PeckShield, losses due to fraud and hacking in 2025 have already exceeded $4.04 billion, and the targets of attacks have clearly shifted to centralized exchanges and large institutions, accounting for 75% of the stolen funds.
Furthermore, Web3 Antivirus predicts that illegal cryptocurrency activity in 2025 could reach as high as $158 billion, surpassing $64 billion in 2024. Therefore, real-time detection and infrastructure-level monitoring are more important than ever.
In conclusion, security agencies believe that the gap between user protection and platform risk control is the core issue exposed by this incident. The key to the success of scammers does not lie in user negligence, but rather in the lagging nature of risk exposure;
Thus, as a critical controlling party in the transaction authorization process, possessing comprehensive information on the trading models and authorization behaviors of exchanges should become the core responsibility for preventing asset theft.