A serious breach has rocked the notorious LockBit ransomware gang, exposing practically 60,000 Bitcoin addresses after hackers defaced its darkish internet affiliate panels and leaked a trove of inner knowledge on-line.
The cyberattack, found on Could 7, 2025, focused LockBit’s darkish internet infrastructure, defacing affiliate admin panels and leaking a big inner information database.
What Occurred?
The attackers left behind a message—“Don’t do crime CRIME IS BAD xoxo from Prague”—together with a downloadable MySQL database dump titled paneldb_dump.zip.
Initially flagged by menace actor Rey, the breach was swiftly analysed by cybersecurity consultants, who uncovered a wealth of details about LockBit’s operations.
In keeping with Bleeping Pc report, the leaked knowledge features a huge assortment of ransomware infrastructure particulars. Most notably, it exposes 59,975 distinctive Bitcoin addresses linked to LockBit.
These addresses are believed to be related to ransom funds, every usually assigned to particular person victims as a part of LockBit’s efforts to compartmentalise and obscure the stream of illicit funds.
Nonetheless, LockBit’s operator, “LockBitSupp” confirmed the breach however insisted that no personal keys or extra delicate knowledge have been misplaced.
Extra knowledge reveals information of detailed logs of ransomware builds created by LockBit associates. These information not solely doc the technical configurations utilized in varied assaults but additionally embrace intensive chat logs, over 4,400 negotiation messages between LockBit operators and their victims.
Additionally among the many compromised knowledge have been person credentials, together with 75 admins and associates with entry to the affiliate panel, with passwords saved in plaintext.
The precise methodology used to breach LockBit’s infrastructure stays unsure. Nonetheless, Bleeping Pc suggests similarities to a current hack of the Everest ransomware group, elevating suspicions of a typical attacker or tactic.
The report famous that the server was operating PHP 8.1.2, which is thought to be weak to CVE-2024-4577, a important exploit that would have enabled distant code execution.
LockBit’s Crumbling Empire: International Crackdown Adopted By Leaked Information
The fallout from the breach is prone to be far-reaching. For legislation enforcement companies and blockchain forensic groups, the leaked Bitcoin addresses and knowledge supply a brand new alternative to hint ransomware funds and doubtlessly establish people linked to LockBit.
The breach additionally delivers a extreme reputational blow to LockBit, which has already been weakened by Operation Cronos. The coordinated crackdown led by the U.S. Division of Justice, Europol, and legislation enforcement companies worldwide in early 2024 quickly dismantled its infrastructure.
The operation has already resulted within the freezing of over 200 cryptocurrency accounts linked to LockBit’s ransomware actions.
Authorities have arrested two LockBit actors in Poland and Ukraine, whereas two associates have been apprehended and charged within the U.S. The U.S. Treasury’s OFAC additionally blacklisted ten Bitcoin and Ether addresses tied to the group, with some linked to deposits on exchanges like KuCoin, Binance, and Coinspaid. These sanctions now prohibit U.S. entities from transacting with the people or wallets concerned.
Key infrastructure utilized by LockBit, together with its websites and ransom negotiation panels, was seized in early 2024. Greater than 1,000 decryption keys have been recovered and are being distributed to victims to assist them regain entry to encrypted knowledge with out paying ransoms.
A serious developer behind LockBit’s instruments, Rostislav Panev, was arrested in Israel and awaits extradition to the U.S. Panev allegedly constructed malware and different software program for the group and acquired over $230,000 in crypto. His defence claims he was unaware of how the instruments have been used, however authorities say he performed a central position in enabling the group’s operations.
LockBit, lively since 2019, has attacked greater than 2,500 victims in 120 international locations and reportedly extorted over $120 million globally.
The publish Hack Exposes Nearly 60,000 Bitcoin Addresses Linked to LockBit Ransomware Group appeared first on Cryptonews.
Add comment