Binance has strengthened its position in institutional trading at the start of 2026, posting a notable increase in over-the-counter (OTC) transaction volume. While the world’s largest cryptocurrency exchange has seen accelerating engagement from large investment firms and professional traders, a recent wave of data exposure incidents has raised new questions about its capacity to safeguard retail users’ information.
Institutional growth drives OTC gains
The first two months of 2026 marked a period of exceptional activity for Binance’s OTC desk, with January and February volumes already accounting for a quarter of the platform’s entire 2025 total. This growth is seen as an indication of how market maturity and expanding institutional participation are reshaping the way cryptocurrencies are traded at scale.
Binance CEO Richard Teng has highlighted that institutional clients increasingly prioritize access to deep liquidity through private block trades, aiming to minimize price disruption and reduce the risk of slippage. The OTC platform facilitates these requirements, giving institutional buyers and sellers a direct pathway to execute large-volume trades away from the public order book.
Binance, headquartered in Malta, operates a comprehensive digital asset exchange serving both retail customers and professional investors globally. Richard Teng, the CEO since 2023, previously led regulatory compliance initiatives and oversees the company’s rapid global expansion in digital finance.
Scraping attack exposes 1.5 million users
Recent findings from cybersecurity group VECERT revealed that a hacker using the alias PexRat is selling a database containing information tied to 1.5 million Binance users. This discovery triggered widespread alarm in cryptocurrency security circles, as the dataset was reportedly being offered privately for purchase.
Leaked information from the incident includes users’ full names, email addresses, phone numbers, KYC verification data, and, more worryingly, sensitive authentication details such as last-login IP, device fingerprints, and two-factor authentication (2FA) status. These details could enable sophisticated social engineering attacks or expose victims to SIM-swapping threats.
VECERT’s technical review concluded there was no direct compromise of Binance’s core servers. Instead, attackers appear to have carried out credential stuffing attacks, exploiting weaknesses in client-side security and automating login attempts by circumventing or abusing Captcha mechanisms.
“The evidence suggests that the attacker managed to bypass or abuse security mechanisms (such as Captcha) in the login interface or some platform API, allowing a constant flow of unblocked requests,” VECERT’s investigators detailed in their report.
This incident follows an earlier case this year, when cybersecurity researcher Jeremiah Fowler pointed to 420,000 Binance-related credentials leaked via infostealer malware. Together, these developments have sparked concern regarding Binance’s protocols for protecting user data from automated and targeted cyber threats.
Industry observers say the situation presents an ongoing test for Binance’s cybersecurity posture, as similar attacks using advanced scraping and credential-stuffing tactics continue to pose risks to user privacy and trust.
