US Authorities Take Down Dark Web Site That Used Free Data Dumps to Recruit Hackers

The US government has taken down 145 domains and seized cryptocurrency assets linked to BidenCash, a dark web marketplace accused of trafficking in millions of stolen credit cards and personal data.

U.S. Government seizes approximately 145 criminal marketplace domains https://t.co/h8l7tCkn4r

— U.S. Attorney EDVA (@EDVAnews) June 4, 2025

Launched in March 2022, BidenCash operated as a centralised hub for cybercriminals to trade compromised payment details, login credentials, and server access.

According to the US Attorney’s Office for the Eastern District of Virginia, the platform supported over 117,000 users and facilitated more than 15 million transactions, generating upwards of $17 million in illicit revenue over two years.

🚨 The US has seized crypto and 145 domains tied to the dark web marketplace 'BidenCash,' which served 117K users and sold over 15M stolen credit cards and personal data.

The crackdown highlights the ongoing clash between crypto and crime. 💰🔒 #Crypto #CyberCrime #Regulation pic.twitter.com/IbYsGVdS3P

— TradeDucky (@tradeducky) June 5, 2025

As part of the enforcement action, all seized domains now redirect to law enforcement-controlled servers, effectively cutting off access and halting further criminal activity.

Prosecutors also confirmed that the government obtained legal authority to seize crypto assets tied to the marketplace.

Dark Web Crackdown Intensifies as Authorities Target Crypto-Fuelled Crime Rings

Throughout its two-year run, BidenCash operated by charging transaction fees while facilitating the sale of stolen financial and personal data, including access credentials to compromised servers.

In an effort to grow its user base and build credibility in criminal circles, the marketplace frequently published massive troves of stolen information as free giveaways.

Between October 2022 and February 2023, BidenCash released 3.3 million stolen credit card records—including card numbers, CVVs, account holder names, email addresses, and physical addresses.

These data dumps, according to cybersecurity firm SOCRadar, were timed to counteract disruptions such as distributed denial-of-service (DDoS) attacks, which can overwhelm and shut down online platforms.

The site’s takedown marks yet another strike in an expanding wave of global law enforcement efforts aimed at dismantling crypto-fuelled dark web operations.