#BTCBreaks99K 60,000 Bitcoin addresses leaked after LockBit ransomware gang hack

Nearly 60,000 Bitcoin addresses linked to the LockBit ransomware were exposed after a breach in an affiliate panel.

Almost 60,000 Bitcoin addresses associated with LockBit's ransomware infrastructure were leaked after hackers breached the group's dark web affiliate panel.

The leak included a download of the MySQL database shared publicly online. It contained cryptocurrency-related information that could help blockchain analysts trace the group's illicit financial flows.

Ransomware is a type of malware used by malicious actors. It blocks the files or computer systems of its target, making them inaccessible. Attackers typically demand a ransom payment, often in digital assets like Bitcoin, in exchange for a decryption key to unlock the files.

LockBit is one of the most well-known cryptocurrency ransomware groups. In February 2024, 10 countries launched a joint operation to dismantle the group, claiming that the organization had caused billions in damage to critical infrastructures.

No private keys were leaked

Although nearly 60,000 Bitcoin wallets were leaked, no private keys were included. A user on X shared a conversation with a LockBit operator confirming the leak. However, the LockBit representative stated that no private keys or data had been lost.

Analysts from Bleeping Computer said that the database contained 20 tables, including a "builds" table. This included the individual versions of the ransomware created by the organization's affiliates. The data also identified some of the companies targeted by the versions.

The leaked database also included a "chats" table. This table contained over 4,400 negotiation messages between victims.