What databases are being sold?

The threat actor is selling databases from multiple platforms across three categories: Crypto (BTC.Allo.xyz with 91K emails, Metaxseed.io with 5K emails, YesNoError.com with 100K emails), Finance (365.loans with 26K emails, plus a 71K user ecommerce website), and AI (MagicSlides.App with 2.3 million emails, TLDR.Tech with 1.2 million emails, YesNoError.com Crypto/AI database with 100K emails).

How many records are allegedly affected?

The combined databases allegedly contain approximately 3.8 million unique email addresses across all listed platforms, with MagicSlides.App being the largest at 2.3 million and TLDR.Tech at 1.2 million.

Threat Actor Selling Alleged Databases From Crypto, AI, and Finance Platforms Including MagicSlides, TLDR.Tech, and 365.loans

Quick Facts

Date & Time 2026-03-13 04:28:44 UTC

Threat Actor Sythe

Victims Multiple Platforms

Industry Crypto / AI / Finance

Category Database Sale

Alleged Records ~3.8 Million Emails

Databases Listed 7

Price Contact Seller

Network Open Web

Samples Available via Channel/PM

Incident Overview

A threat actor going by Sythe is advertising the sale of multiple alleged databases spanning cryptocurrency, artificial intelligence, and finance platforms. The actor claims their group has been collecting private data across these sectors and is offering individual databases for purchase, with samples available through their channel or direct messages.

The listing breaks down into three categories with the following databases:

Crypto - BTC.Allo.xyz (91K unique emails), Metaxseed.io (5K unique emails), and YesNoError.com Crypto/AI Database (100K unique emails).
Finance - 365.loans (26K emails) and an unnamed 71K-user ecommerce website.
AI - MagicSlides.App (2.3 million emails), TLDR.Tech (1.2 million emails), and YesNoError.com Crypto/AI Database (100K unique emails).

The two largest databases by far are MagicSlides.App and TLDR.Tech, which are both AI-focused platforms - MagicSlides is a presentation generation tool and TLDR.Tech is a popular technology newsletter. Combined, those two alone account for roughly 3.5 million of the approximately 3.8 million total email addresses being offered. The actor notes that YesNoError.com appears in both the crypto and AI categories, suggesting it straddles both spaces. No pricing was listed publicly; interested buyers are directed to contact the seller directly.

Compromised Data Categories

Email Addresses User Account Data Cryptocurrency Platform Records Financial Service Records AI Platform User Data Ecommerce User Records

Image Preview

Forum post by Sythe advertising private crypto, AI, and finance databases for sale with record counts per platform

Claim URL

Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers.