Target users with or "cracked" software that specifically searches for local Exodus wallet files to drain funds. Recommended Actions
Reports from HEROIC Cybersecurity indicate a major resurgence of this specific 2021 data on dark web forums and Telegram channels as recently as late 2024 and 2025. Attackers use this older data to:
The file titled "" refers to a verified data breach involving approximately 2.9 million records that originally resurfaced or was first indexed in early April 2021 . While the Exodus wallet itself is self-custodial and does not store user funds or private keys on its own servers, this leak contains user credentials primarily associated with their marketing or support databases. Key Details of the Leak Total Records : 2,989,954. Exodus.com database leaked 20 April 2021.txt
: The leak is frequently used by threat actors for credential stuffing (trying these passwords on other sites) and targeted phishing campaigns. Recent Resurgence (2024–2026)
: Primarily Email Addresses and Password Hashes (SHA-1) . Target users with or "cracked" software that specifically
: If you reused the password found in this leak on any other platform (exchanges, email, etc.), change it immediately and enable Two-Factor Authentication (2FA) .
Send (phishing) that claim your wallet is suspended to trick you into entering your 12-word recovery phrase. While the Exodus wallet itself is self-custodial and
: Exodus will never email you to "verify" or "validate" your wallet. Official updates are only handled through the application or the official website .
