Russia Takes Down 4 Carding Sites With Over $260 Million in Crypto Turnover

Law enforcement in Russia has blocked major sites on the dark web, including a carding market leader. The platforms have been seized amid ongoing investigations into hacking groups, with Russian authorities ramping up efforts to dismantle the cybercrime rings and detain their members.
Interior Ministry of Russia Hits Stolen Credit Cards Market
The Ministry of Internal Affairs of the Russian Federation (MVD) has brought down four prominent websites operating on the dark web, blockchain forensics firm Elliptic has revealed. The sites have been blocked by Directorate “K”, MVD’s unit combatting computer-related crime.
The seized platforms are the Sky-Fraud forum, Trump’s Dumps, UAS Store, and Ferum Shop, which became the leading market for stolen credit cards after the largest marketplace in the niche, Unicc, was taken offline in January, the report details.

According to Elliptic’s estimate, the sites have collectively made more than $263 million in crypto sales denominated in bitcoin (BTC), ether (ETH), and litecoin (LTC) before they were shut down. Ferum accounts for the bulk of that amount with $256 million in bitcoin generated, or 17% of the carding market.
Trump’s Dumps, another website distributing compromised card data, has allegedly made around $4.1 million since its launch in 2017. Both sites were advertised on the on Sky-Fraud forum, where carding techniques and money laundering tips were among the main topics. Directorate “K” has apparently left a message in its source code, reading: “Which one of you is next?”

[#Russia] SKY-FRAUD & FERUM, famous Russian #carding forums closed by Russian authorities.
Authorities left an easter egg on the code source saying “WHICH ONE OF YOU IS NEXT?”#cybercrime #takedown #infosec #banking pic.twitter.com/RbNTkWPHIc
— Soufiane Tahiri (@S0ufi4n3) February 7, 2022

The fourth blocked website, UAS Store, was a platform offering stolen remote desktop protocol credentials that cybercriminals use to gain access to victims’ accounts from other devices. These breaches have increased during the Covid-19 pandemic as more employees are now working from home. Since late 2017, UAS Store has made around $3 million in cryptocurrency.

Elliptic notes that the latest seizures have been executed after the previous top carding marketplace, Unicc, and its affiliate proxy market Luxsocks, became inaccessible in mid-January. The seizures also came after the subsequent arrest of Unicc’s suspected administrator by the Russian Federal Security Service (FSB). Researchers claim the crypto proceeds of the two platforms reached $372 million.
Meanwhile, the MVD has sought through a Moscow court the arrest of six unidentified hackers accused of “illegal circulation of means of payment.” Whether the group is linked to the closed-down dark web sites is not clear yet. Last month, FSB and MVD busted the notorious Revil ransomware group on a U.S. request, detaining 14 of its suspected members.
Do you think Russia will continue to crack down on dark web platforms and hacking groups? Tell us in the comments section below.