Tool

LeakCheck

Item: LeakCheck
Rating: 6
Author: KYC No Thanks

LeakCheck is a data-breach search engine that lets users check compromised credentials with minimal signup friction, Tor access, and cryptocurrency payments, though its logging practices and trust metrics raise serious red flags for the privacy-conscious.

6.0

out of 10

L2 Discreet

Non-custodial No email required No IP logging 5 payment options

Visit website Suggest an update

// review

Overview

LeakCheck positions itself as a data-breach search engine for individuals and companies worried about credential exposure. Operating since 2018, the platform indexes billions of records and offers email, username, keyword, domain, and even reverse password lookups. Users can run queries through a web interface, API, or Telegram bot, with tiered plans ranging from a $2.99 daily pass to a $69.99 lifetime option. An Enterprise tier starting at $179 per quarter adds bulk checking, dedicated support, and integration assistance for corporate environments.

The service distinguishes itself in the no-KYC tool space by accepting Monero, Bitcoin, and Lightning Network payments alongside fiat and cash options. It also maintains a Tor onion mirror and publishes open-source components, features that signal awareness of its privacy-focused user base. However, the platform's operational security and data-handling practices paint a more complicated picture than its marketing suggests.

Privacy & KYC

LeakCheck sits at KYC Tier L2, Discreet, meaning minimal identity verification is required: typically just an email address. Social login options (including Telegram authentication) are available, which reduces friction but potentially links activity to persistent identities. The platform does not demand government ID or extensive personal documentation, making it accessible to users seeking anonymous breach monitoring.

The critical concern is logging. LeakCheck logs IP addresses, a significant liability for a service handling sensitive breach data. Combined with email-based accounts, this creates a linkable trail between queries and real-world identity. The privacy score of 5/100 reflects this fundamental tension: a tool marketed for digital identity protection actively undermines user anonymity through aggressive telemetry. The trust score of 0/100 further amplifies alarm, suggesting either severe operational opacity, unresolved security incidents, or problematic data-sourcing practices that have damaged institutional confidence.

Minimal KYC: email-only signup with social login alternatives
IP logging enabled, no option for query isolation
Tor available but efficacy degraded if post-login behavior is tracked
Open-source components offer partial transparency, not full auditability

Supported assets & payments

LeakCheck accepts an unusually broad payment spectrum for its category: Monero (XMR), Bitcoin (BTC), Lightning Network, fiat currencies, and cash. This flexibility supports users who prioritize financial privacy, particularly Monero users seeking unlinkable transactions. The inclusion of Lightning suggests attention to Bitcoin's scalability and fee concerns, though on-chain Bitcoin remains less private than XMR for this use case.

Pricing tiers are straightforward but not cheap for casual use. The $2.99 daily Basic Plan offers 15 email lookups, sufficient for spot-checking a personal footprint. The $9.99 Monthly Plan expands to 200 daily email/username searches plus 15 keyword queries. The $69.99 Lifetime Plan doubles those limits and represents the best value for ongoing monitoring. Enterprise pricing scales from $179 quarterly with unrestricted lookups and API access. All paid tiers include developer API credentials, enabling integration into external workflows or corporate security stacks.

Security & custody

As a non-custodial information tool, LeakCheck does not hold user funds or cryptographic keys, users pay for access, not deposit assets. This eliminates exchange-style custody risks but introduces different concerns: the service stores query histories and account data, and its breach database itself contains massive quantities of stolen credentials that represent attractive targets for attackers.

Technical infrastructure shows mixed signals. The primary domain (leakcheck.io) uses valid HTTPS with Google Trust Services certificates, and Scam Detector assigns it a relatively high 86.9/100 safety rating. Yet the trust metrics from our directory's own assessment diverge sharply, indicating possible gaps between surface-level security hygiene and deeper operational integrity. The presence of stealer log data in results, confirmed by user reports, raises ethical questions about whether LeakCheck sources from malware distributions rather than strictly public breach dumps. The open-source claim offers some accountability, but without comprehensive repository audits, it functions more as marketing than verified assurance.

Who it's for, verdict

LeakCheck serves a narrow niche: privacy-aware individuals and security teams willing to trade some anonymity for breach visibility. Journalists, incident responders, and corporate defenders may find value in its API and bulk-checking capabilities, provided they access it through Tor with compartmentalized accounts. The Monero payment option and minimal KYC lower barriers for users in restrictive jurisdictions or those avoiding financial surveillance.

However, the IP logging, rock-bottom privacy score, and zero trust rating make it unsuitable for users requiring robust operational security. The contradiction at LeakCheck's core, selling identity protection while actively logging identifiers, undermines its value proposition for the no-KYC community. With an overall score of 6/10, it functions as a pragmatic, if imperfect, breach intelligence source rather than a trustworthy privacy partner. Users should treat queries as potentially linkable, rotate access credentials frequently, and prefer Monero over traceable payment methods. For those with lower risk tolerance, alternatives like Have I Been Pwned offer more transparent, less invasive checking, albeit with fewer features and no cryptocurrency payments.

Data sourced from kycnot.me

Pros

Accepts Monero, Bitcoin, and Lightning for pseudonymous payments
Tor onion mirror available for censorship-resistant access
Open-source components provide partial code transparency
Minimal KYC—email-only signup with social login options
API and Telegram bot enable automation and mobile workflows
Lifetime plan ($69.99) offers predictable long-term pricing

Cons

Logs IP addresses, severely undermining anonymity claims
Privacy score of 5/100 and trust score of 0/100 indicate serious red flags
Stealer log data in results raises ethical sourcing concerns
No clear option to disable telemetry or query logging

At a glance

Non-custodial

No email required

No IP logging

Why this score

Discreet

Minimal data, usually just an email.

Frequently asked questions

Is LeakCheck truly anonymous?

No. While signup requires only an email and cryptocurrency payments are accepted, LeakCheck logs IP addresses. Users seeking strong anonymity should access it exclusively via Tor with compartmentalized accounts and avoid linking queries to their real identity.

What cryptocurrencies does LeakCheck accept?

LeakCheck accepts Monero (XMR), Bitcoin (BTC), and payments over the Lightning Network. Monero offers the strongest financial privacy of the three options.

Can I use LeakCheck without creating an account?

Limited preview functionality exists, but full breach details and most search capabilities require registration. The free tier is minimal; meaningful use demands a paid plan.

Is LeakCheck's database sourced ethically?

This is contested. LeakCheck claims to collect exclusively from public sources, but user reports indicate stealer log data appears in results—suggesting potential inclusion of malware-exfiltrated credentials rather than strictly public breach dumps.

How does LeakCheck compare to Have I Been Pwned?

LeakCheck offers more search modalities, API access, and cryptocurrency payments, but with far worse privacy practices and lower trust metrics. Have I Been Pwned is more transparent and less invasive but less feature-rich and fiat-only for donations.

Does the Tor mirror protect my privacy on LeakCheck?

Tor helps mask your network origin, but if you log into an email-linked account or pay with traceable Bitcoin, the platform can still correlate your activity. The IP logging policy applies regardless of access method.

Update log

May 25, 2026
Clarified open-source scope—only partial components, not full platform
Mar 29, 2026
Cross-checked Scam Detector rating against internal trust metrics
Jan 31, 2026
Flagged stealer log sourcing concerns based on community report review
Dec 4, 2025
Added Enterprise tier pricing details from crawled plan page
Oct 11, 2025
Adjusted privacy score downward following IP logging policy reconfirmation
Aug 15, 2025
Updated supported-coin list after confirming Lightning Network acceptance
Jun 18, 2025
Re-verified Tor onion mirror accessibility and load times

Scores

Overall 6/10

Privacy 5/100

Trust 0/100

Accepted payments

Monero Bitcoin Lightning Fiat Cash

Features

Tor available
Open source

Visit website

Related services

Kusama Shield

kusamashield.laissez-faire.trade

9.0

/ 10

Tool Exchange

Kusama Shield is a permissionless, multi-asset privacy pool built on Kusama's decentralized infrastructure, enabling pseudonymous users to shield tokens via zero-knowledge proofs without registration or custody.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›Non-custodial

Feather Wallet

featherwallet.org

8.8

/ 10

top Tool Privacy

A lightweight, free and open-source Monero desktop wallet that requires no account, routes through Tor by default, and keeps full custody with the user.

L0 Trustless

XMR

›Non-custodial ›Open source ›Tor available

Cake Wallet

cakewallet.com

8.5

/ 10

Tool

Cake Wallet is a fully open-source, non-custodial mobile wallet that lets users store, swap, and spend Monero and Bitcoin without creating an account or verifying identity.

L0 Trustless

XMR BTC LN

›Non-custodial ›Open source