Security Breach at Iranian Crypto Exchange Exposes Data of More Than 50,000 Users on Dark Web

Almaex, an Iranian firm for exchanging virtual assets, has reportedly been compromised, affecting tens of thousands of users and endangering their financial credentials on the exchange.

In a publicly shared online post, “lulzintel,” which is the threat group, claimed to have gotten access to an archive that housed records of over 50,000 users. This isn’t just a minor leak. It’s a significant exposure of personal and financial information.

What Almaex Does and Who Got Hit

Almaex positions itself as a straightforward platform for digital currency transactions. The exchange fosters accessibility of crypto trading to users living in Iran because of the unique challenges the region faces with financial services.

The breach appears to be comprehensive. The threat actor didn’t just grab a few random files. They extracted structured database records that contain multiple layers of user information. To prove the legitimacy of their claim, lulzintel released sample data. This sample shows exactly what information the database contains and how it organizes it.

The Scale of the Exposure

Over 50,000 user records represent a substantial portion of any cryptocurrency exchange’s user base. For a regional platform like Almaex, this could potentially be a significant percentage of their entire customer base. Each compromised record likely contains the kind of information users provide when signing up for financial services.

The severity of this event is “high.” Breaches on crypto exchanges are very dangerous because they combine financial data with authentication credentials. Unlike regular banking breaches, crypto-related activities are often irreversible. Once funds move, no coming back.

Since the data is public on the clear web, one thing is clear: it is readily up for grabs to a much wider audience of potential bad actors. 

The Prime Targets – Crypto Exchanges, Why?

Digital criminals around the world increasingly target platforms that trade crypto assets. They hold voluminous sensitive credentials of users alongside direct access to financial assets. For bad actors, it’s a one-stone-two-bird opportunity, fueling larger criminal operations such as the $2 billion in crypto laundered through mainstream exchanges by Russian dark web markets.

The Iranian financial services sector faces more major vulnerabilities than any other financial market across the world. This is mainly due to the restrictions imposed by international sanctions, as well as the limited resources available for Protection Against Cyber Criminals for regional platforms compared to their global counterparts in other parts of the world. The cybercriminals know this and will always target the platforms they believe will have weaker protection measures.

The timing is also very important. January 2026 will be a time when global demand for cryptocurrencies continues to grow, and upon growth, there will be more cryptocurrency users and, therefore, more crypto transactions going on within the crypto space.

As the number of users grows, the amount of data stored will also grow. This represents a higher volume of data available for cybercriminals; therefore, a higher chance of cybercriminals successfully breaching a platform and obtaining the user data.

As a user of Almaex, you must take immediate action after learning of the hack and breach of Almaex. Cybercriminals can use the exposed user data to commit identity theft, financial fraud, and targeted phishing attacks against you. Cybercriminals not only obtain, store, or look at the data they steal. They turn your data into Weapons against you, often selling access to compromised accounts for a pittance on underground forums.

You should change the passwords for your Almaex account and any other platforms where you have used similar identification credentials. Ensure you have Two Factor Authentication (2FA) enabled on every single platform where this is possible! You should also monitor your accounts for suspicious activity.