Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged Data Breach of Multiple Cryptocurrency Platforms

Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.

📚
4,000+ Blog Posts
Continuously updated breach reports and threat summaries.
📢
26,000+ Alerts
Daily breach, leak, and DDoS alerts.
📤
Unredacted Threat Feed
Live tracking with JSON export.
🔍
Leak and Breach Coverage
Direct access to claims and posts.
📡
Snippets and Quick Facts
Concise summaries of DDoS, defacements, and breaches.
🌐
500+ Onion and Clearnet Resources
Verified index of dark web sites and services.
📊
Real Time Uptime Dashboard
Live status of 500+ sites.
🤖
WhiteIntel.io API
Integrated checks inside breach posts.
🖼️
High Resolution Images
Uncompressed, watermark free evidence.
🔑
Keyword Notifications
Browser alerts for tracked terms.
👥
Telegram Channels
Stay in the loop across channels.
📨
PGP Contacts
Verified PGPs for ransomware and threat groups.

📖 Overview

A threat actor is advertising databases from three cryptocurrency platforms: Casa.io, Theya.us, and Nunchuk.io. The leak allegedly contains hundreds of thousands of user records with IDs, emails, phone numbers, passwords, wallet details, registration dates, and referral codes.


📌 Key Details

  • Victim Country: USA
  • Industry: Financial Services
  • Victim Organization: casa inc.
  • Victim Site: casa.io
  • Threat Actor: MrDark
  • Network: tor
  • Category: Data Breach
  • Severity: High
  • Data Fields: user_id, email, password, phone, wallet, registration_date, referral_code
  • Records and Prices:
    • Casa.io: 330,000 records, $7,500
    • Theya.us: 194,000 records, $6,500
    • Nunchuk.io: 491,000 records, $10,000
  • Sale Terms: One-hand sale only, escrow available
  • Contact: Private message on forum

🔗 Claim Post (Plain Text)

Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.


📸 Screenshot Preview

⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.


🛡️ WhiteIntel.io Access Infostealers Check

This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.


🧩 TTPs (MITRE ATT&CK Mapping)

  • TA0009 Collection: Database dumps of user and wallet data
  • TA0010 Exfiltration: Sale and distribution of stolen records
  • TA0040 Impact: Fraud, identity theft, and wallet compromise
  • T1078 Valid Accounts: Use of stolen credentials for further access

👤 Threat Actor Profile: MrDark

Summary

  • Total Matches: 6
  • First Seen: 2025-06-15
  • Last Seen: 2025-08-21
  • Data Start: 2024-10-02
  • Countries: USA
  • Industries: Financial Services, Gaming

📊 Threat Actor Activity

DateCountrySector / IndustryTypeTarget / PlatformNetwork
2025-08-21USAFinancial ServicesData BreachCasa.ioopenweb
2025-08-21USAFinancial ServicesData BreachCasa Inc. (Casa.io)tor
2025-07-24GamingData BreachMiomi.gameopenweb
2025-07-16GamingData LeakUnidentified crypto gaming companyopenweb
2025-07-02Crypto / SocialInitial AccessCompromised Crypto Meme Twitter APIopenweb
2025-06-15USAFinancial ServicesData BreachKraken (kraken.com)openweb

🚨 Potential Risks

These databases include sensitive identity and wallet data that can fuel account takeovers, fraudulent withdrawals, targeted phishing, and SIM-swapping.


  • Notify impacted users and require password resets
  • Enforce MFA for all accounts, ideally with hardware keys
  • Monitor for suspicious logins and withdrawal attempts
  • Alert partner exchanges and services about exposed credentials
  • Perform a forensic review of authentication and wallet logs

💡 Final Thoughts

Crypto platforms remain prime targets because leaked data can translate directly into stolen assets. Strong authentication, user education, and continuous monitoring are essential to limit the damage from breaches like these.

Latest