An international law enforcement operation involving the Federal Bureau of Investigation, Europol and several other agencies has taken down one of the internet’s most notorious cybercrime forums, LeakBase.
The platform served as a marketplace where hackers bought and sold stolen data and cybercrime tools. Over time, it accumulated more than 142,000 registered members and over 215,000 messages.
“The FBI, Europol and law enforcement partners worldwide carried out a coordinated takedown of LeakBase, one of the largest online cybercriminal platforms, seizing user accounts, posts, credit card details, private messages and IP logs for evidentiary purposes,” said Brett Leatherman, assistant director of the FBI’s cyber division, in a statement on Wednesday.
LeakBase takedown spanned 14 countries
The coordinated operation took place on March 3 and 4 and involved law enforcement officers across 14 countries taking simultaneous action against the forum and its users.
Following the crackdown, authorities replaced the website with seizure banners, issued prevention notices to its members and gathered additional evidence as part of the investigation.
Authorities also carried out search warrants and arrests across several countries, including the United States, Australia, Belgium, Poland, Portugal, Romania, Spain and the United Kingdom.
“The takedown of this cyber forum disrupts a major international platform that cybercriminals used to obtain and profit from stolen personal, banking and account credentials,” said A. Tysen Duva, assistant attorney general for the Criminal Division of the U.S. Department of Justice.
Although the operation did not specifically reference crypto-related accounts, the forum’s predecessor, RaidForums, which was shut down in 2022, previously hosted leaked data containing roughly 272,000 detailed records tied to users of crypto wallet company Ledger.
Crypto industry sees rise in data leaks
Over the past year, the crypto sector has experienced a rise in leaked exchange credentials, insider data exposure and social engineering attempts.
In May 2025, cybercriminals reportedly bribed overseas customer service contractors to gain access to internal systems at Coinbase. The breach allowed attackers to obtain personal data that could potentially be used in social engineering scams or even physical extortion schemes.
Around the same period, nearly 60,000 Bitcoin addresses linked to the ransomware group LockBit were exposed after hackers breached the group’s dark web affiliate panel.
More recently, on Feb. 23, a trader known as TraderSZ claimed that a former employee of Revolut threatened to reveal his identity and private information unless a ransom was paid, and reportedly contacted members of his family as part of the attempt.
