Crypto users say the Gemini email leak occurred much earlier than first reported

“Not handled well,” is how one user described the revelations made by Cointelegraph on Dec. 14 regarding a leak of 5.7 million email addresses and partial phone numbers of Gemini customers. Shortly after the release, several users contacted Cointelegraph, claiming the leak, which Gemini attributes to a “third-party incident,” happened much sooner than expected.

Mysterious reports of users receiving targeted phishing emails began surfacing on the official r/Gemini subreddit over the past few weeks. In a November thread, user DaveJonesBones claimed to have received a targeted phishing email from an address registered only on Gemini:

“He promoted a Cyberbroker NFT release using the Opensea branding. I think I also received one last month but deleted it without reading. Got the hump today as I had specifically opted out of all marketing emails from Gemini .”

To which a Gemini representative replied:

“Report to our security team. Thanks for letting us know.”

In another thread titled “Gemini is compromised. Gemini user data is being used for complex phishing attempts” from two weeks earlier, user Exit_127 claimed to have received a phishing email from a Metamask imposter regarding the need to “sync my wallet due to the merger.” The user also said that “I use email aliases so that each online account has a specific email attached to it. This phishing attempt is went to the email used and only from my Gemini account”.

A similar thread by user opfu from the previous week claimed that Gemini was already aware of the breach. As told by opfu:

“I just received an email stating that my Exodus wallet was connected to the Binance exchange from Bermuda (phishing of course). I ONLY use that particular email address on Gemini. When I asked Gemini, they confirmed a violation at a third-party vendor. Partial customer emails and phone numbers. When I asked if they planned to let users know, they thanked me for the feedback.”

Another user replied:

“The same thing happened to me too. The email was definitely a phishing attempt. I was so confused as to how Exodus even got my Gemini email address so I knew there must have been some compromise…”

Gemini’s wrote in its official statement that “No Gemini account information or system was affected by this third-party incident and all customer funds and accounts remain secure.” It also warned of an “increase in phishing campaigns” as a result of third-party hacking. The blog post did not mention the date of the security incident. Ahead of the release, Cointelegraph reached out to a Gemini spokesperson who declined to comment on the matter.

An alleged targeted phishing attempt sent to a Gemini email address dated October 3, 2022 | Source: anonymous user