Feds seize 145 domains associated with BidenCash cybercrime platform

Federal authorities on Wednesday announced the seizure of about 145 domains and cryptocurrency funds linked to BidenCash, a cybercrime marketplace for stolen credit cards, compromised credentials and other personal information. 

BidenCash was used by more than 117,000 customers, resulting in the trafficking of more than 15 million credit card numbers and personally identifiable information, the Justice Department said. Administrators of the cybercrime platform, which charged a per-transaction fee, generated more than $17 million in illicit revenue since its formation in March 2022, authorities said.

Domains associated with BidenCash now redirect to a server controlled by U.S. law enforcement and display seizure notices. The U.S. Attorney’s Office for the Eastern District of Virginia, which is leading the case, said it seized cryptocurrency funds the BidenCash marketplace used to receive illicit proceeds from its operations.

Authorities did not disclose the value of those seized cryptocurrency funds or identify the physical location of the administrators and infrastructure used by BidenCash. The U.S. Attorney’s Office for the Eastern District of Virginia did not immediately respond to questions. 

The coordinated seizures mark a continuation of a flurry of ongoing efforts to disrupt cybercrime. In the past two weeks, global law enforcement authorities have disrupted the counter antivirus service AVCheck, the prolific Lumma Stealer infostealer operation, DanaBot’s malware-as-a-service operations, and dismantled hundreds of domains and servers used by leading malware strains.

The law enforcement action against BidenCash followed an investigation by the Secret Service and FBI with assistance from the Dutch National High Tech Crime Unit, the Shadowserver Foundation and Searchlight Cyber, the DOJ said.