Target users with or "cracked" software that specifically searches for local Exodus wallet files to drain funds. Recommended Actions
Send (phishing) that claim your wallet is suspended to trick you into entering your 12-word recovery phrase.
: The leak is frequently used by threat actors for credential stuffing (trying these passwords on other sites) and targeted phishing campaigns. Recent Resurgence (2024–2026) Exodus.com database leaked 20 April 2021.txt
: Never digitize your 12-word recovery phrase. Storing it in cloud notes (like LastPass or Evernote) has led to significant losses for users whose credentials were leaked.
: Check if your email appears in this breach using Have I Been Pwned. Target users with or "cracked" software that specifically
: Exodus will never email you to "verify" or "validate" your wallet. Official updates are only handled through the application or the official website .
: Security researcher Troy Hunt added this breach to Have I Been Pwned in April 2021. : Exodus will never email you to "verify"
Reports from HEROIC Cybersecurity indicate a major resurgence of this specific 2021 data on dark web forums and Telegram channels as recently as late 2024 and 2025. Attackers use this older data to: