LockBit Ransomware Group Suffers Major Data Breach

Coin WorldFriday, May 9, 2025 3:45 pm ET
1min read

A significant breach has exposed the internal systems of LockBit, a notorious global ransomware group, revealing a trove of sensitive information. The incident, which compromised LockBit’s dark web infrastructure, has leaked substantial internal data, including 60,000 Bitcoin addresses, plaintext passwords, ransomware build data, and chat logs detailing the group’s extortion tactics. This breach comes amidst mounting global pressure on cybercrime, including crackdowns by G7 nations and the seizure of laundering platforms.

The breach was first flagged by a threat actor named “Rey,” who released a MySQL database archive titled “paneldb_dump.zip.” This archive contains 20 database tables linked to LockBit’s affiliate operations, including Bitcoin wallet addresses, ransomware configurations, user credentials, and private negotiations with victims. A defacement message left on LockBit’s admin panels mocked the group and provided a direct link to the leaked data. The attack’s method and tone bear a striking resemblance to a recent takedown of the Everest ransomware group, leading to speculation that a vigilante or a rival threat actor might be responsible.

Analysis of the leaked database has provided numerous insights into LockBit’s operations. The nearly 60,000 Bitcoin addresses listed are presumed to be linked to ransom payments or laundering schemes. Configuration tables detailed how LockBit affiliates customized malware builds, including targeting preferences and instructions to bypass certain systems. Over 4,400 chat logs, covering negotiations between LockBit and its victims from December 2024 to April 2025, reveal the vast scale of LockBit’s operations and its aggressive tactics in pressuring companies for ransoms ranging from a few thousand dollars to over $100,000.

The breach also exposed login credentials for 75 users, including affiliates and administrators. Shockingly, all passwords were stored in plaintext, a fundamental security failure that severely undermines LockBit’s claims of technical sophistication. The passwords reportedly included unprofessional and even humorous entries, suggesting a surprisingly casual or arrogant internal security posture. Despite the breach, LockBit’s representative confirmed the incident in private chats but downplayed its impact, claiming that no private decryption keys were leaked and that operational continuity wasn’t compromised.

This breach coincides with intensifying law enforcement activity against crypto-enabled crime. German authorities recently seized €34 million ($38 million) in crypto from eXch, a platform allegedly used to launder funds from the massive Bybit exchange hack earlier this year. The platform reportedly facilitated $1.9 billion in illicit transactions without implementing anti-money laundering measures. On a broader scale, G7 nations are preparing to address the role of cryptocurrency in cybercrime during their upcoming summit, with a key focus on North Korea’s cyber operations, which have used stolen digital assets to support weapons programs.

Comments



Add a public comment...
No comments

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.