LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Summary

Russian law enforcement arrested the alleged administrator of LeakBase, a major dark web marketplace for stolen credentials and hacking tools that operated since 2021. The forum hosted over 142,000 members trading hundreds of millions of user account credentials, financial information, and corporate documents. The U.S. Department of Justice coordinated the takedown, which resulted in seizure of the platform and confiscation of technical equipment from the suspect's residence in Taganrog.

Full text

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace Ravie LakshmananMar 25, 2026Cybercrime / Dark Web The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen personal databases to be traded since 2021. In addition, technical equipment and other items of evidentiary value were confiscated during a search of the suspect's residence. "The platform hosted hundreds of millions of user accounts, bank details, usernames, and passwords, as well as corporate documents obtained through hacking," said Irina Volk, an official spokesperson for the Russian Ministry of Internal Affairs. "More than 147,000 users registered on the forum could buy and sell this data, as well as use it to commit fraudulent acts against citizens." LeakBase was dismantled in a law enforcement operation earlier this month. The U.S. Department of Justice (DoJ) said the cybercrime forum was one of the world's largest hubs for cybercriminals to buy and sell stolen data and cybercrime tools. This included hundreds of millions of account credentials and financial information such as credit and debit card numbers, banking account and routing information, usernames, and associated passwords that could be abused to conduct account takeover attacks. The platform had over 142,000 members and more than 215,000 messages between members as of December 2025. Visitors to the clearnet site were greeted with a seizure banner that said "All forum content, including users' accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes." LeakBase is the work of a threat actor who goes by the online aliases Chucky, beakdaz, Chuckies, Sqlrip. In reports published following the takedown of the forum, KELA and TriTrace Investigations linked Chucky to a 33-year-old individual from Taganrog. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Cybercrime, cybersecurity, dark web, data breach, digital forensics, identity theft, law enforcement, Threat Intelligence Trending News FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Popular Resources Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures

Indicators of Compromise

• malware — LeakBase