- 784
- 211
One of the most famous underground places to sell stolen bank data, the BidenCash marketplace, has ceased operations after a large-scale international operation carried out with the participation of the US Secret Service, the FBI, and foreign partners. As a result, about 145 domains were confiscated - both on the regular Internet and on the darknet, as well as cryptocurrency associated with this platform. Now, the official page of the US Secret Service opens at the old addresses of the resource, informing that the domains were seized as part of a criminal investigation. The Dutch National Police, the non-profit organization The ShadowServer Foundation, and the company Searchlight Cyber, which monitors cyber threats, also joined the operation. Researcher g0njxa noted that even the BidenCash domain in the .asia zone, accessible through the regular web, now leads to the page "usssdomainseizure.com". Some subdomains, according to him, are still active, but global control over the resource's infrastructure has clearly been lost by the administrators. According to the US Department of Justice, BidenCash has served over 117 thousand clients and sold over 15 million payment card numbers along with the personal information of their owners since its launch in March 2022. The administration charged a commission for each transaction on the site, and the total income exceeded $17 million. BidenCash appeared shortly after the closure of the largest market at that time, Joker's Stash, and a series of purges of other darknet markets, including Forum, Trump Dumps, and UniCC. Unlike its competitors, the platform initially sought to have a loud presence: it attracted attention with a provocative name and massive data leaks. The first leak took place in the summer of 2022 - a database of 6,600 cards and millions of email addresses got online. In October of the same year, the marketplace published 1.2 million cards, mostly American ones. In 2023, there were even more leaks: two additional archives contained over 4 million records, including cards with different expiration dates and geographies. BidenCash actively used web skimmers - malicious code on the pages of online stores that intercepts payment information during checkout. Previously, the main method of collecting data was viruses that infect POS terminals and extract unencrypted cards from the device's RAM. Although underground platform operators often try to restore operations after blocking, large-scale operations like the current one seriously undermine the shadow business. The Secret Service continues to fight financial crimes, including card fraud, money laundering, cryptocurrency scams, and identity theft.
On the eve of the seizure of the domains, the agency's agents, together with the police, conducted raids at more than 400 retail outlets, checking terminals and ATMs for skimmers. Although only 17 devices were found, the possible damage, according to law enforcement, would have amounted to more than $5 million.
On the eve of the seizure of the domains, the agency's agents, together with the police, conducted raids at more than 400 retail outlets, checking terminals and ATMs for skimmers. Although only 17 devices were found, the possible damage, according to law enforcement, would have amounted to more than $5 million.