Jimmy Su, Binance’s Chief Security Officer (CSO), addresses growing concerns over credential leaks affecting Binance users and the broader cryptocurrency ecosystem.
Su clarifies that recent reports of compromised Binance user credentials surfacing on the dark web are not actually the result of any sort of breach within Binance’s systems.
Instead, Su points to a pervasive external threat: InfoStealer malware, which targets browser-stored credentials on users’ personal devices
This distinction, he claims, underscores the need for heightened user vigilance alongside Binance’s robust security measures.
InfoStealer malware, as Su explains, represents a sophisticated and escalating cybersecurity challenge.
Designed to covertly extract sensitive data—such as passwords, session cookies, and cryptocurrency wallet details—these malicious programs have surged in prevalence, with Kaspersky reporting over 2 million bank card details leaked in the past year alone.
Variants like RedLine, LummaC2, Vidar, and AsyncRAT have been particularly active over the last 90 days, targeting both Windows and macOS users.
LummaC2, for instance, has evolved to bypass modern browser protections, stealing cookies and wallet details in real time, while Vidar excels at exfiltrating data from local applications.
Available through a malware-as-a-service model, these tools offer cybercriminals dashboards, technical support, and automated data theft for a subscription fee, making them accessible even to less-skilled attackers.
Su emphasizes that Binance’s internal data reflects this trend.
In recent months, the exchange has noted a significant uptick in users whose credentials or session data were compromised by InfoStealer infections originating outside its platform.
These infections typically stem from phishing campaigns, malicious ads, trojanized software, or fake browser extensions that infiltrate personal devices where credentials are saved or auto-filled.
Once stolen, this data often ends up on dark web marketplaces or Telegram channels, posing risks of identity theft, financial fraud, and unauthorized account access—particularly when users reuse credentials across platforms.
Binance’s response, as outlined by Su, is proactive and multi-faceted.
The exchange claims that it continuously monitors dark web forums for leaked user data, alerting affected individuals, initiating password resets, and revoking compromised sessions.
While Binance’s infrastructure reportedly remains secure, Su stresses that credential theft from infected devices is an external risk requiring user cooperation.
To that end, he urges the crypto community to adopt strong security habits: using antivirus tools like Malwarebytes or Bitdefender, running regular scans, and avoiding suspicious downloads.
For macOS users, he recommends tools like Objective-See’s anti-malware suite, noting that lite scans often miss self-deleting malware.
Su’s message appears to be quite clear: while Binance reportedly invests heavily in platform security and dark web surveillance, protecting funds and personal data is a shared responsibility.
The rise of InfoStealer malware serves as a reminder of just how advanced cyberattacks have become, targeting not just crypto but all digital industries.
By staying informed and maintaining clean devices, users can significantly reduce their exposure.
As Su concludes, this is not just a Binance issue—it’s a call to action for the entire digital finance community to fortify their defenses against an ever-evolving threat landscape.