Hackers have built a market for reselling stolen crypto data
Prices depend on the balance, age of the account, and 2FA protection.
29.12.2025 - 11:05
474
3 min
0
Key points:
- Crypto accounts stolen through phishing are being sold en masse on the dark web and Telegram at an average price of around $105.
- Hackers use bots and admin panels to collect, verify, and resell data, turning phishing into a full-fledged business.
Stolen accounts of crypto service users are being sold en masse on the dark web for an average of $105 each. This data is obtained through phishing attacks and becomes the starting point for a whole chain of cybercriminal services.
According to SecureList, the cost of a single crypto account can vary from $60 to $400 depending on its quality. Hackers either sell the data immediately or store it in databases for further use. It all depends on what kind of credentials they managed to get.
How phishing data gets to hackers and the market
After you enter your info on fake sites, it gets to the bad guys in a few ways: by email, through Telegram bots, or using special admin panels. To cover their tracks, phishing schemes often use legitimate services such as Google Forms, Microsoft Forms, GitHub, or Discord.
Mailing stolen data is gradually becoming a thing of the past: it is slow, easily blocked, and does not scale well. It has been replaced by Telegram bots, which instantly send information to operators and leave virtually no traces.
More advanced groups use administrative panels. They automatically collect data into databases, display statistics by country and time of attack, check the functionality of accounts, and prepare them for resale. Such tools are considered standard for large phishing operations.
What happens to stolen crypto data
Access to crypto exchanges, wallets, and fiat deposit services is particularly valuable. Accounts with one-time codes or linked to payments are often sold immediately, while the rest of the data is saved for future attacks.
Phone numbers are used for SMS fraud and bypassing two-factor authentication, while personal data is used for social engineering. Documents, selfies, and biometrics are used in more risky schemes.
Wave of crypto wallet hacks: how to protect your assets from AI and hackers
In 2025, attacks on cryptocurrency wallets became significantly more frequent. Attackers use a huge array of tools to bypass security mechanisms
Mass resale begins with so-called dumps — archives with millions of records that intermediaries can buy for as little as $50. The data is then cleaned, checked by automated scripts, and combined into profiles.
Ready-made and verified credentials are sold on dark web forums and Telegram channels, where prices are listed, and reviews are published. The cost depends on the age of the account, balance, linked payments, and the presence of 2FA.
Kaspersky Lab analysts note that almost 89% of phishing attacks are aimed specifically at stealing logins and passwords. Stolen crypto data remains a valuable asset for criminals for years and can lead to major hacks even long after the user’s initial mistake.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter