DOJ Seizes BidenCash Marketplace Domains and Cryptocurrency in Global Cybercrime Crackdown

On Wednesday, the U.S. Department of Justice (DoJ) announced the successful seizure of cryptocurrency assets and approximately 145 clearnet and dark web domains connected to BidenCash, an underground marketplace dedicated to the trafficking of stolen credit card data and personal information.

The coordinated law enforcement operation, involving U.S. and international partners, marks another major blow to global cybercrime networks focused on identity theft, financial fraud, and unauthorized system access.

What Was BidenCash?

BidenCash emerged in March 2022, positioning itself as a replacement for now-defunct illicit forums such as Joker’s Stash and UniCC. It provided a centralized marketplace for cybercriminals to buy and sell stolen credit card data, banking credentials, and other forms of personally identifiable information (PII).

According to the DoJ, the marketplace administrators charged a fee for every transaction, acting as both facilitators and profit-makers in the global trade of stolen digital assets.

Key statistics from BidenCash’s operation:

• Over 117,000 users

• More than 15 million compromised payment card records trafficked

• At least $17 million in illicit revenue generated

Promoting Fraud Through Free Data Dumps

To attract new users and build its reputation, BidenCash engaged in promotional data dumps. Between October 2022 and February 2023, the site released 3.3 million stolen credit card records for free, allowing would-be cybercriminals to test the platform’s services.

These records included:

• Credit card numbers and expiration dates

• CVV (Card Verification Value) codes

• Names, addresses, phone numbers, and email addresses

A February 2023 dump involved 2.1 million credit cards, half of which were linked to U.S.-based individuals or businesses, according to threat intelligence firm Flashpoint.

Beyond Credit Cards: Access for Sale

In addition to financial data, BidenCash offered services for unauthorized system access. Buyers could acquire compromised credentials for various systems, including:

• Remote desktop access

• SSH (Secure Shell) connections

• Server vulnerability information

A report by CloudSEK in May 2023 highlighted that BidenCash was advertising SSH services for as little as $2. The platform also bundled tools to assess a server’s computing power, security vulnerabilities, and other exploitable information. These services created substantial risks, enabling attackers to:

• Deploy ransomware

• Exfiltrate sensitive data

• Launch brute force attacks

• Mine cryptocurrency using stolen infrastructure

Law Enforcement Action and International Cooperation

While the DoJ has not publicly identified the individuals behind BidenCash or disclosed the value of the confiscated cryptocurrency, the seizure banner confirms an extensive international law enforcement collaboration.

Agencies involved include:

• U.S. Secret Service

• Federal Bureau of Investigation (FBI)

• Dutch Politie (Police)

• Shadowserver Foundation

• Searchlight Cyber

This operation follows recent takedowns of other cybercriminal platforms, such as domains offering counter-antivirus (CAV) and crypting services used to obfuscate malware and evade detection.

Broader Context: Global Crackdown on Financial Cybercrime

The BidenCash operation is part of a growing effort by global agencies to disrupt cybercrime infrastructures. Notably:

• Just days earlier, four CAV domains were seized by U.S. and European authorities.

• A Ukrainian national was arrested for illegally accessing over 5,000 customer accounts at a hosting provider. He deployed cryptojacking tools to mine cryptocurrency, causing $4.5 million in damages. The suspect faces up to 15 years in prison.

These developments highlight the evolving tactics used by cybercriminals—blending financial fraud, unauthorized access, and resource exploitation—and the growing international resolve to shut them down.

Conclusion

The takedown of BidenCash serves as a stark reminder that cybercrime marketplaces, whether on the dark web or clearnet, are not beyond the reach of law enforcement. By targeting infrastructure and financial assets, international authorities are raising the cost and risk of participating in illicit digital economies.

As cybercriminal techniques continue to evolve, so must the security practices of businesses and individuals—especially when it comes to securing financial data and monitoring for signs of identity theft or system compromise.