The Crypto Merchant leak indexed by leaksear.ch contains 1,326 records from an alleged database leak involving the hardware wallet reseller, which describes itself as a New York City based company founded in 2017 (www.thecryptomerchant.com) (leaksear.ch metadata). The metadata lists February 26, 2026 as the breach date and says the dataset includes customer emails, usernames, phone numbers, shipping addresses, hashed passwords, IP addresses, and order details (leaksear.ch metadata).
What happened
Public reporting remains limited. Brinztech published a February 26, 2026 alert saying a threat actor claimed to have exfiltrated a comprehensive e-commerce database from The Crypto Merchant, with alleged contents including personal information, shipping addresses, product purchase details, prices, order dates, and order status (www.brinztech.com).
The Brinztech page frames the item as an alleged listing and states that it does not warrant the validity of external claims, so the public details should be treated as claims rather than a confirmed incident report from The Crypto Merchant (www.brinztech.com). The leaksear.ch metadata does not identify an intrusion vector, so whether the exposure came from direct compromise, a third-party platform, scraping, misconfigured storage, or another cause remains unconfirmed (leaksear.ch metadata).
What data was exposed
Leaksear.ch indexed searchable pivots for address, country, email, hashed password, IP address, phone number, and username (leaksear.ch metadata). Other stored but non-searchable record context includes business_name, created_at, id, last_user_agent, message, source_table, and subject, and the dataset description references order details (leaksear.ch metadata). No raw records are included here.
Why this matters
Contact and shipping data tied to hardware-wallet purchases can support highly targeted phishing, fake support outreach, delivery lures, and account-recovery scams. The combination of addresses, phone numbers, usernames, IP addresses, hashed passwords, and order context also gives defenders concrete pivots for credential-risk review and fraud monitoring (leaksear.ch metadata). Ledger warns that recovery-phrase theft attempts can arrive through email, phone, text, fake apps, websites, or postal letters, and Trezor tells users not to share or digitally store their wallet backup (www.ledger.com, trezor.io). Readers who believe they may have ordered from The Crypto Merchant should check leaksear.ch for their searchable details before responding to any unsolicited wallet-related contact.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, hashed password, ip address, phone, and username.