In a significant crackdown on cybercrime, authorities from the Netherlands and the United States have dismantled VerifTools, an illicit online marketplace specializing in the sale of counterfeit identity documents. This operation led to the seizure of two primary domains—verif[.]tools and veriftools[.]net—as well as an associated blog. Visitors to these sites are now redirected to a notice indicating that the U.S. Federal Bureau of Investigation (FBI) executed the seizure under a warrant issued by a United States District Court. The servers hosting these domains were confiscated in Amsterdam.
Despite this enforcement action, the operators of VerifTools have swiftly reestablished their services on a new domain, veriftools[.]com. A Telegram message dated August 28, 2025, announced the relaunch. According to DomainTools, this domain was originally registered on December 10, 2018. The identities of the individuals managing the platform remain unknown.
The U.S. Department of Justice (DoJ) has highlighted the platform’s role in producing and distributing counterfeit driver’s licenses, passports, and other identification documents. These fraudulent documents enable users to circumvent identity verification systems, thereby gaining unauthorized access to online accounts. The FBI’s investigation, initiated in 2022, uncovered that VerifTools was instrumental in a criminal scheme that exploited stolen identities to access cryptocurrency accounts. The platform offered counterfeit identification documents for all 50 U.S. states and various foreign countries, with prices starting as low as $9. The FBI estimates that VerifTools generated approximately $6.4 million in illicit proceeds.
VerifTools attempted to disclaim responsibility by stating on their website: Legal usage of the service is your responsibility. By using the service, you must be aware of the local, state, and federal laws in your jurisdiction and take sole responsibility for your actions.
Following the takedown, a Reddit user named Powda_reaper reported receiving a message from the site’s operators indicating that the website was down due to significant issues but would be restored by August 29. The message also assured users that their funds were secure.
Acting U.S. Attorney Ryan Ellison emphasized the commitment to combating such cybercriminal activities, stating, The internet is not a refuge for criminals. If you build or sell tools that let offenders impersonate victims, you are part of the crime. We will use every lawful tool to disrupt your business, take the profit out of it, and bring you to justice. No one operation is bigger than us together.
The Dutch National Police described VerifTools as one of the largest providers of false identity documents. In addition to seizing two physical servers, authorities confiscated more than 21 virtual servers. The entire infrastructure has been secured and copied for further analysis. In the Netherlands, offenses such as forgery, presenting false proof of identity, and using counterfeit payment instruments each carry a maximum prison sentence of six years.
The Dutch police highlighted the broader implications of such platforms, noting that many companies and agencies employ Know Your Customer (KYC) verification processes that often require only an image of an ID. By utilizing services like VerifTools, criminals can bypass these KYC controls, facilitating fraudulent activities such as bank helpdesk fraud and phishing.
This case underscores the ongoing challenges law enforcement agencies face in combating cybercrime, particularly as perpetrators rapidly adapt and relocate their operations. The swift reestablishment of VerifTools on a new domain highlights the resilience and resourcefulness of cybercriminal networks, necessitating continuous vigilance and international cooperation to effectively address these threats.
