Global Crackdown Dismantles LeakBase, Major Hub for Stolen Data Trade
In a significant blow to cybercrime, an international coalition of law enforcement agencies has successfully dismantled LeakBase, a prominent online forum notorious for facilitating the trade of stolen data and cybercrime tools. This operation underscores the global commitment to combating digital criminal activities and protecting individuals’ personal information.
The Rise and Fall of LeakBase
Established in June 2021, LeakBase rapidly evolved into a central marketplace for cybercriminals. By December 2025, the forum boasted over 142,000 members and had accumulated more than 215,000 messages exchanged among users. Operating openly on the clearnet and primarily in English, LeakBase provided access to vast repositories of hacked databases. These databases contained sensitive information, including hundreds of millions of account credentials, credit and debit card numbers, banking details, and login information. Such data is invaluable to cybercriminals for executing account takeovers, financial fraud, and other malicious activities.
Law Enforcement’s Coordinated Effort
The takedown, dubbed Operation Leak, was executed on March 3 and 4, 2026. This coordinated effort involved authorities from the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. The operation encompassed executing search warrants, making arrests, and conducting interviews across these nations. Individuals attempting to access LeakBase’s website (leakbase[.]la) are now met with a seizure banner from the U.S. Federal Bureau of Investigation (FBI), indicating the forum’s confiscation as part of this international law enforcement initiative. The banner also assures that all forum content, including user accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes.
The Role of ‘Chucky’ and Forum Administration
Central to LeakBase’s operations was an individual known by the alias ‘Chucky,’ who also operated under the monikers ‘Chuckies’ and ‘Sqlrip’ across various underground forums. According to cybersecurity firm SOCRadar, Chucky has a history of disseminating extensive collections of databases containing sensitive information from global entities. Other notable administrators and moderators of LeakBase included individuals known as ‘BloodyMery,’ ‘OrderCheck,’ and ‘TSR.’ These figures played pivotal roles in managing the forum’s activities and facilitating the exchange of illicit data.
LeakBase’s Operations and Offerings
LeakBase specialized in the sale of ‘stealer logs,’ which are archives of credentials harvested through infostealer malware. These logs are particularly dangerous as they can be exploited to conduct account takeovers, commit fraud, and execute other cyber intrusions. The forum’s explicit prohibition against peddling or publishing Russian databases suggests an attempt to avoid scrutiny from Russian authorities, a common tactic among cybercriminal platforms to evade local law enforcement.
Global Impact and Law Enforcement Actions
Europol highlighted that LeakBase was instrumental in the sale of stealer logs, emphasizing the forum’s role in facilitating cybercriminal activities on a global scale. As part of the disruption exercise, approximately 100 enforcement actions were conducted worldwide. This included taking unspecified measures against 37 of the most active users of the platform. The collaborative effort underscores the importance of international cooperation in tackling cybercrime, as these illicit activities often transcend national borders.
Statements from Authorities
Assistant Director Brett Leatherman of the FBI’s Cyber Division stated, The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users’ accounts, posts, credit details, private messages, and IP logs for evidentiary purposes. This statement reflects the comprehensive nature of the operation and the commitment of global law enforcement to disrupt and dismantle platforms that facilitate cybercrime.
The Broader Context of Cybercrime Forum Takedowns
The dismantling of LeakBase is part of a broader trend of law enforcement agencies targeting cybercrime forums. In April 2022, an international operation led to the seizure of RaidForums, another major hacking forum known for selling access to hacked personal information. The operation, dubbed Tourniquet, involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, and resulted in the arrest of the forum’s administrator in Croydon, England. Similarly, in May 2024, the FBI seized control of BreachForums, a platform notorious for peddling stolen data, marking the second such action within a year. These operations highlight the ongoing efforts to disrupt the infrastructure that supports cybercriminal activities.
The Significance of LeakBase’s Takedown
The successful takedown of LeakBase represents a significant victory in the fight against cybercrime. By dismantling a major hub for the trade of stolen data, law enforcement agencies have disrupted a critical component of the cybercriminal ecosystem. This action not only prevents the further dissemination of sensitive information but also serves as a deterrent to other cybercriminals who may consider establishing similar platforms.
Looking Ahead: The Future of Cybercrime Enforcement
While the dismantling of LeakBase is a notable achievement, it also underscores the evolving nature of cybercrime and the continuous need for vigilance. Cybercriminals are adept at adapting to law enforcement actions, often migrating to new platforms or developing more sophisticated methods to evade detection. Therefore, ongoing international cooperation, investment in cybersecurity infrastructure, and public awareness are essential to stay ahead of these threats.
Conclusion
The international operation that led to the dismantling of LeakBase is a testament to the effectiveness of coordinated law enforcement efforts in combating cybercrime. By targeting and taking down platforms that facilitate the trade of stolen data, authorities send a clear message about their commitment to protecting individuals and organizations from digital threats. However, the fight against cybercrime is far from over, and continued collaboration and innovation are necessary to address the ever-changing landscape of cyber threats.
