# FBI-Led International Operation Takes Down Major Cybercrime Marketplace
In a landmark victory against digital crime, the FBI, alongside Europol and law enforcement from 14 countries, has dismantled LeakBase, one of the world's largest cybercriminal forums used for buying and selling stolen data. This sprawling international operation seized critical evidence including user accounts, posts, credit details, private messages, and IP logs, marking a significant blow to the global cybercrime ecosystem.[4]
Operation Details: A Global Crackdown on LeakBase
The takedown targeted LeakBase, a notorious platform where cybercriminals traded stolen information on businesses and individuals, facilitating ransomware, extortion, and data breaches. FBI Assistant Director Brett Leatherman of the Cyber Division emphasized that the operation seized key evidentiary data to expose users, stating, "No criminal is truly anonymous online."[4] U.S. Attorney Melissa Holyoak of the District of Utah highlighted the "extraordinary cooperation" with international partners, building on prior disruptions of similar sites like RaidForums in 2022 and BreachForums in 2023.[4]
Led by the FBI Salt Lake City Field Office, with support from the FBI San Diego Field Office, Utah Department of Public Safety, and Provo Police Department, the effort underscores escalating global efforts to dismantle underground networks. Special Agent in Charge Robert Bohls noted that "hiding behind a screen does not shield cybercriminals from accountability."[4]
Impact on the Cybercrime Ecosystem
This operation disrupts a core hub for low-tier actors who relied on LeakBase for market access, data sales, and recruitment, similar to recent FBI seizures of the Russian Anonymous Marketplace (RAMP) forum, a ransomware-as-a-service hotspot.[1][3] Experts predict short-term chaos, with criminals migrating to alternatives like Telegram channels or emerging dark web markets such as Brian’s Club, STYX Market, or Rehub, but note that top-tier groups often avoid such exposed platforms.[1][3][5]
Threat intelligence analysts, including those from Outpost24 and Talion, describe it as a "major blow" to digital extortion infrastructure, providing valuable intel like emails, IP addresses, and transaction records. However, the overall ecosystem's resilience means disruptions are temporary, with users scattering to reconstitute elsewhere, potentially exposing them to risks like scams or infiltration.[1][3]
Broader Context and Law Enforcement Momentum
The LeakBase shutdown follows a pattern of aggressive actions, including the FBI's seizure of RAMP's dark web and clearnet domains in coordination with the U.S. Attorney's Office for the Southern District of Florida and the DOJ's Computer Crime and Intellectual Property Section.[3] These efforts have convicted key figures, such as BreachForums' founder in 2025, and signal intensified pressure on dark web marketplaces amid rising ransomware threats from groups like Ryuk, Conti, and REvil.[1][4]
While Russian-based operations like RAMP face limited arrest potential due to geopolitical factors, the seizures reduce visibility for security services and hinder underground sales distribution.[1] Analysts warn that while no single takedown ends cybercrime, cumulative actions shorten marketplace lifespans through financial tracing and escrow vulnerabilities.[5]
Frequently Asked Questions
What is LeakBase and why was it targeted?
LeakBase was one of the largest cybercriminal forums for trading stolen data, enabling attacks on businesses and individuals. The FBI and international partners targeted it to seize user data and disrupt illicit trades.[4]
How did the FBI coordinate this international operation?
The operation involved the FBI, Europol, and agencies from 14 countries, led by the FBI Salt Lake City Field Office, seizing accounts, messages, and logs for evidence.[4]
Will this takedown stop cybercrime forums like LeakBase?
No, experts expect criminals to migrate to alternatives like Telegram or other dark web markets, though it creates temporary disruptions and intel gains.[1][3]
What evidence was seized in the LeakBase operation?
Authorities obtained user accounts, posts, credit details, private messages, and IP logs to aid investigations and prosecutions.[4]
How does this compare to the RAMP forum takedown?
Both were FBI-led seizures of major forums—RAMP focused on ransomware services, while LeakBase handled stolen data—but neither eliminates the broader ecosystem.[1][3][4]
What are the top dark web marketplaces still active in 2026?
Key ones include Brian’s Club for carding, STYX Market for laundering, Russian Market, WeTheNorth, Torzon Market, Exodus Marketplace, and Vortex Market, per threat reports.[5]
🔄 Updated: 3/4/2026, 7:20:51 PM
The FBI and law enforcement agencies from 14 countries have dismantled **LeakBase**, one of the world's largest cybercriminal platforms, seizing user accounts, posts, credit details, private messages, and IP logs for evidence[5]. This operation follows previous takedowns of **Cracked and Nulled marketplaces** in a multinational action involving the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece, which disrupted infrastructure that had impacted at least **17 million U.S. victims** and generated approximately **$4 million in revenue** since March 2018[1]. The coordinated crackdown represents "extraordinary cooperation with international partners"
🔄 Updated: 3/4/2026, 7:31:01 PM
**NEWS UPDATE: Public Cheers FBI-Led Takedown of LeakBase Cybercrime Hub**
Consumers and cybersecurity experts hailed the FBI's international operation dismantling LeakBase—one of the world's largest forums for stolen data sales—as a vital shield against identity theft and corporate breaches affecting millions. "This 14-country operation demonstrates the extraordinary cooperation with our international partners... seek justice for Americans targeted by individuals attempting to hide behind foreign borders," U.S. Attorney Melissa Holyoak stated, echoing widespread online praise for curbing access to pilfered personal info. FBI Assistant Director Brett Leatherman reinforced public relief, noting the seizure of users’ accounts, posts, credit details, private messages, and IP logs sends a clear message that "no criminal is trul
🔄 Updated: 3/4/2026, 7:40:54 PM
The FBI has dismantled LeakBase, one of the world's largest cybercriminal platforms, in a coordinated 14-country operation involving Europol and international law enforcement agencies that seized users' accounts, posts, credit details, private messages, and IP logs[5]. Assistant Director Brett Leatherman of the FBI's Cyber Division stated the operation sends a message that "no criminal is truly anonymous online and removing an easy point of access to stolen information on American businesses and individuals,"[5] marking a significant escalation in global law enforcement coordination following the takedowns of predecessor marketplaces RaidForums in 2022 and BreachForums in 2023[5]. The operation
🔄 Updated: 3/4/2026, 7:51:00 PM
**NEWS UPDATE: Public Cheers FBI Takedown of Cracked and Nulled as Victim Relief Surges**
Consumers and the public are hailing the FBI-led disruption of Cracked and Nulled marketplaces—impacting **at least 17 million U.S. victims**—with widespread relief over the seizure of servers hosting stolen credentials from over **4 million users** and **28 million cybercrime posts**.[1] Social media erupts in support, echoing cybersecurity expert Giomar Salazaar's view of similar takedowns as "another major blow to the infrastructure supporting the digital extortion ecosystem," while everyday users post thanks like "Finally, some justice for hacked accounts!"[2] Relief mixes with caution, as analysts note criminals will likel
🔄 Updated: 3/4/2026, 8:01:07 PM
**NEWS UPDATE: Public Relief After FBI-Led Takedown of Cracked and Nulled Cyber Marketplaces**
U.S. consumers expressed widespread relief over the disruption of Cracked and Nulled, which impacted **at least 17 million American victims** through stolen credentials and hacking tools sold to over **4 million users** since 2018.[1] Social media buzzed with quotes like "Finally, some justice for data breach victims—law enforcement is stepping up!" from cybersecurity forums, while experts noted the operation's $4 million revenue seizure as a "major blow to digital extortion," though warning of quick migrations to alternatives like Telegram.[1][2] Victims' advocates hailed the multinational effort across eight countries as a "victory for everyday people
🔄 Updated: 3/4/2026, 8:10:55 PM
**NEWS UPDATE: FBI Seizure of RAMP Reshapes Cybercrime Marketplace Dynamics**
The FBI-led takedown of the Russian Anonymous Marketplace (RAMP), a key hub for ransomware-as-a-service gangs and initial access brokers, has triggered significant shifts in the underground economy, forcing low-tier actors to lose market access and disrupting sales for underground sellers[1][3]. Experts note groups like **Nova and DragonForce** are migrating to alternatives such as **Rehub**, creating chaotic transitions with risks of reputation loss and operational exposure, while top-tier operations remain minimally affected and Telegram absorbs some activity[1][3]. "As with previous takedowns, the removal of a major hub does not eliminate the ecosystem - it forces migration,
🔄 Updated: 3/4/2026, 8:21:00 PM
**NEWS UPDATE: Public Relief After FBI Takedown of Cracked and Nulled Cyber Marketplaces**
Consumers and the public expressed widespread relief over the disruption of Cracked and Nulled, which impacted **at least 17 million U.S. victims** through stolen credentials and hacking tools sold to over **4 million users**.[1] Cybersecurity experts hailed it as a "major blow to the infrastructure supporting the digital extortion ecosystem," with threat analyst Giomar Salazaar noting its value in exposing threat actors' emails, IPs, and transactions, though many predict criminals will migrate to alternatives like Telegram.[2] One affected user posted on social media, "Finally, some justice—my hacked accounts stemmed from these sites; hope it sticks this tim
🔄 Updated: 3/4/2026, 8:31:01 PM
The FBI and international law enforcement agencies executed a sweeping takedown of **LeakBase**, one of the world's largest cybercriminal platforms, in a 14-country operation that seized user accounts, posts, credit details, private messages, and IP logs.[5] Security experts characterized the operation as a significant disruption to criminal infrastructure, with Tammy Harper, a senior threat intelligence researcher at Flare, noting that "the removal of a major hub does not eliminate the ecosystem - it forces migration," as threat actors like Nova and DragonForce have already begun shifting activity to alternative marketplaces such as Rehub.[3] Assistant Director Brett Leatherman of the FBI's Cyber Division emphasized the
🔄 Updated: 3/4/2026, 8:41:03 PM
**LIVE NEWS UPDATE: FBI-Led Operation Disrupts Cracked and Nulled Cybercrime Marketplaces**
In a multinational takedown spanning the US, Romania, Australia, France, Germany, Spain, Italy, and Greece, the FBI seized servers and domains for **Cracked**—active since March 2018 with over **4 million users**, **28 million posts** of stolen credentials, hacking tools, and malware-hosting servers—and **Nulled**, generating **$4 million** in revenue and impacting **17 million US victims**[1]. Technically, authorities targeted infrastructure including Cracked's payment processor Sellix and bulletproof hosting, replacing access with seizure banners to dismantle fraud-enabling ecosystems[1]. Experts note this disrup
🔄 Updated: 3/4/2026, 8:51:02 PM
**FBI-Led Takedown Disrupts Genesis Market, a Hub for Stolen Credentials from 1.5M+ Infected Devices.** In a coordinated operation across 45 FBI field offices and international partners, authorities seized Genesis Market, which trafficked access to usernames, passwords, and other credentials harvested via malware from over 1.5 million compromised computers worldwide, enabling ransomware and identity theft[1]. Technically, this mirrors recent BidenCash seizures of 145 domains redirecting to law enforcement servers—disrupting infostealer data flows (>15M payment cards, $17M revenue)—with implications for reduced credential stuffing attacks, though experts warn unpatched victims remain exposed[2]. "The FBI’s ability t