German led operation shuts down two of the world’s largest cybercrime forums

Two suspects arrested, cash and cryptocurrency seized

Image:

Cracked and Nulled were both taken down

Two of the largest global cybercrime operations were taken offline late last week in an operation coordinated by agencies across eight countries.

International law enforcement agencies last week took down two of the world’s largest cybercrime forums, Cracked and Nulled in a coordinated international operation.

The three-day raid, concluding on 30th January was led by German authorities with support from Europol, the US Department of Justice (DoJ), and agencies across eight countries.

Prior to being tackled, Cracked and Nulled operated as hubs for trading stolen data, malware, and AI-powered hacking tools for cybercriminals. The forums reportedly served over 10 million users and raked in annual profits of approximately €1 million.

Confirming the operation, Europol said authorities seized two suspects, twelve subdomains linked to both groups, along with €300,000 in cash and cryptocurrencies, and more than 50 electronic devices during the raid.

The agency added that other cybercrime enablers tied to the group, including payment processor Sellix and a hosting service StarkRDP, which was promoted on both platforms, were also taken down.

According to the US DoJ, Cracked has operated since 2018 and has been in the business of selling stolen credentials and other hacking tools to more than four million users. Their activities are estimated to have affected 17 million US citizens.

Nulled, a similar marketplace, has been operating since 2016, selling stolen login credentials and other cybercrime-related products. According to an unsealed complaint affidavit, the platform listed more than 43 million posts advertising illicit goods. One listing on Nulled allegedly offered the names and Social Security numbers of 500,000 Americans.

The latest raid hunt follows a recent surge in global cybercrime crackdowns. A May 2024 operation codenamed “Operation Endgame” saw Europol take down over 100 servers linked to IcedID, SmokeLoader, TrickBot, and other malware gangs.

Months earlier the UK's National Crime Agency (NCA) and the FBI led the charge in an operation that dismantled LockBit’s infrastructure, including its leak site, and froze over 200 cryptocurrency accounts linked to the group.