Europol, FBI and Global Partners Shut Down Major Cybercrime Forum LeakBase
An unprecedented coordinated operation involving law‑enforcement agencies from 14 nations has taken the notorious hacker marketplace LeakBase offline, curbing a platform that facilitated the trade of stolen personal data and cyber‑crime tools.
The operation
On the night of 3 – 4 March 2026, investigators from the United States Federal Bureau of Investigation (FBI), Europol and a coalition of partner agencies executed a synchronized takedown of LeakBase, once counted among the largest illicit forums on the dark web.
The raid resulted in:
- The immediate removal of the site’s public interface and its replacement with seizure notices.
- The confiscation of user accounts, private messages, credit‑card details and IP‑address logs for evidentiary use.
- Arrests and search‑warrant executions in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain and the United Kingdom, among others.
Brett Leatherman, assistant director of the FBI’s Cyber Division, said the operation “seized users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes.” Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division added that the takedown “disrupts a major international platform that cyber‑criminals use to obtain and profit from the theft of sensitive personal, banking and account credentials.”
Scale of LeakBase
- Membership: Over 142 000 registered users.
- Activity: More than 215 000 forum posts in the months preceding the raid.
- Geographic reach: Contributors and buyers spanned multiple continents, reflecting the forum’s role as a global hub for cyber‑crime commerce.
Implications for the cryptocurrency ecosystem
Although LeakBase was not primarily a cryptocurrency‑focused marketplace, its predecessor, the 2022‑shut‑down Raidforums, famously uploaded a database containing roughly 272 000 records of Ledger wallet users. The pattern underscores a broader trend: illicit forums are increasingly serving as secondary markets for crypto‑related data breaches.
Recent incidents that illustrate this trend include:
| Date | Incident | Relevance to Crypto |
|---|---|---|
| May 2025 | Hackers bribed overseas customer‑service agents to infiltrate Coinbase’s internal systems | Exposed personal data useful for social‑engineering and extortion attempts. |
| Early 2025 | Leak of ~60 000 Bitcoin addresses tied to the LockBit ransomware infrastructure | Highlighted the convergence of ransomware and crypto laundering. |
| 23 Feb 2026 | Threats against a trader (TraderSZ) involving personal data published for ransom | Demonstrates how personal data breaches can be weaponised against crypto traders. |
These episodes, together with the LeakBase takedown, illustrate a rising “data‑as‑currency” dynamic: stolen personal or financial credentials become a commodity that fuels further attacks, including crypto theft, phishing, and ransomware campaigns.
Analysis
-
Coordinated international enforcement is now the norm. The involvement of 14 countries reflects an evolving, border‑less approach to cyber‑crime. This model reduces safe‑havens for operators and may deter the formation of similarly sized forums.
-
Disruption of data‑exchange ecosystems hurts cyber‑criminal revenue streams. By seizing user data and communication logs, authorities are not only removing a marketplace but also gathering intelligence that can lead to downstream investigations and arrests.
-
Crypto firms must anticipate indirect exposure. While LeakBase was not a dedicated crypto forum, the historical link to Raidforums and the recent wave of crypto‑related leaks signal that any large‑scale data breach in the broader cyber‑crime ecosystem can eventually impact cryptocurrency users and service providers.
- The threat landscape is shifting from pure ransomware to data‑driven extortion. The emergence of “data‑leak extortion”—threatening to publish personal or financial records unless a ransom is paid—creates new vectors for attackers to target crypto holders, whose assets are often stored in online wallets linked to the compromised data.
Key takeaways
- Law‑enforcement success: The coordinated raid demonstrates that even the most entrenched cyber‑crime platforms can be dismantled when agencies act in concert.
- Data remains a high‑value target: The seizure of millions of personal records underscores the continued profitability of buying and selling stolen data, including information that can be leveraged for crypto scams.
- Crypto industry vigilance required: Firms should reinforce internal security, monitor dark‑web chatter for leaked credentials related to their users, and enhance incident‑response protocols for data‑leak extortion attempts.
- Future operations likely to increase: The precedent set by the LeakBase takedown suggests that similar multinational operations may become more frequent, especially as cyber‑criminal forums evolve to incorporate newer services such as crypto‑mixing and DeFi exploitation.
The information in this article is based on statements released by the U.S. Department of Justice, Europol and associated law‑enforcement agencies. Cointelegraph adheres to its editorial policy of independent and transparent journalism; readers are encouraged to verify details independently.
Source: https://cointelegraph.com/news/europol-fbi-leakbase-cybercrime-shut-down?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
