LockBit Ransomware Group Hacked, Exposing 60,000 Bitcoin Addresses
LockBit ransomware has been compromised, resulting in the leak of a database containing sensitive data, including around 60,000 Bitcoin addresses. This incident occurred on May 7 and represents a significant setback for the group known for targeting crypto firms with ransomware attacks.
Incident Details
- LockBit typically locks files or systems, demanding ransom payments for access restoration.
- The recent exploit led to a defiant message displayed on LockBit's dark websites: “Don’t do crime CRIME IS BAD xoxo from Prague.”
- A file named “paneldb_dump.zip,” which includes a MySQL database dump, was also made available.
The leaked information may assist security firms in tracking LockBit's illicit financial activities. A joint operation by ten countries last year aimed to reduce ransomware operations, correlating with a potential drop in extortion payments.
Database Contents
- No Bitcoin private key was compromised according to discussions with a LockBit operator.
- The leaked database had 20 tables, including one showing over 4,400 negotiation messages between victims and LockBit.
- Another table listed individual ransomware builds and potential companies targeted.
The attacker behind this breach remains unidentified, but similarities in messaging hint at possible connections to other ransomware incidents, such as Everest.
Broader Crypto Security Concerns
In related news, TRON DAO’s X account experienced unauthorized access, leading to phishing attempts through misleading posts and DMs. TRON clarified that they do not send unsolicited messages and encouraged users to delete any received DMs from their account. Founder Justin Sun urged the exchange OKX to freeze potentially linked funds.
As crypto scams increase, experts recommend heightened caution among users during social and financial interactions.