"Not handled well." This was how one user described the revelations brought forth by Cointelegraph on Dec. 14 regarding the leak of 5.7 million Gemini customers’ email addresses and partial phone numbers. Shortly after publication, multiple users reached out to Cointelegraph alleging that the leak, which Gemini attributes to a “third-party incident,” happened much earlier than initially understood.
Mysterious reports of users receiving targeted phishing emails began surfacing on the official r/Gemini subreddit in the weeks prior. In one thread dating back to November, Redditor u/DaveJonesBones claimed that he received a targeted phishing email from an address that was only registered on Gemini:
“It promoted a Cyberbroker NFT drop using Opensea branding. I think I also received one last month, but I deleted it without reading it. Today, I got the hump because I’d specifically opted-out to all marketing emails from Gemini.”
To which a Gemini representative responded:
“Reporting this to our security team. Thank you for letting us know.”
In another thread titled “Gemini is compromised. Gemini user data is being used for complex phishing attempts” from two weeks prior, u/Exit_127 claimed they received a phishing email from a MetaMask imposter regarding the need to “sync my wallet due to the merge.” The user also claimed that “I use email aliases so each online account has a specific email linked to it. This phishing attempt went to the email used by and only by my Gemini account.”
I just experienced a very sophisticated crypto phishing attempt from a @Gemini customer information hack/leak.— cfo.btc (@btc_cfo) November 29, 2022
1) I first received this text message: pic.twitter.com/0UVfHa9q7B
A similar thread by u/Opfu the prior week claimed that Gemini was already aware of the breach. As told by u/Opfu:
“I just got an email claiming that my Exodus wallet was linked to the Binance exchange from Bermuda (phishing of course). I ONLY use that particular email address at Gemini. When I asked Gemini, they confirmed a breach at a third-party vendor. Customer emails and partial phone numbers. When I asked if they were planning on informing users, they said thanks for the feedback.”
Another user responded:
“The same thing happened to me as well. The email was definitely a phishing attempt. I was so confused how Exodus got my Gemini email address as well, so knew there must have been some compromised at some point…”
In an official statement, Gemini wrote that “no Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.” It also warned of “increased phishing campaigns” as a result of the third-party breach. The blog post did not mention the date of the security incident. Prior to publication, Cointelegraph reached out to a Gemini spokesperson, who declined to comment on the matter.