19 individuals charged in xDedic cybercrime marketplace bust
xDedic's admins employed a sophisticated system to conceal the identities of buyers and sellers
The US Department of Justice (DOJ) has announced the successful conclusion of a transnational cybercrime investigation into the xDedic Marketplace, resulting in charges against 19 individuals worldwide.
The investigation, which was conducted in collaboration with law enforcement agencies from the United States, Germany, Belgium, Ukraine, and the Netherlands, led to the takedown of xDedic's infrastructure and domains in January 2019.
The xDedic Marketplace operated on the dark web, offering a range of illegal services including the sale of login credentials to servers and the illegal distribution of personally identifiable information.
xDedic's administrators employed a sophisticated system, operating servers worldwide and using cryptocurrency payments to conceal the identities of buyers, sellers and administrators.
The criminal enterprise facilitated illegal activities, including ransomware attacks and tax fraud, using over 700,000 compromised servers for sale.
The international operation, supported by Europol and Eurojust, estimated that fraudulent activities through xDedic earned $68 million through global cybercrime.
Victims of the cybercrime marketplace included state and federal government agencies, universities, hospitals, law firms, pension funds and metropolitan transport authorities.
In January 2019, the US Attorney's Office for the Middle District of Florida seized xDedic's domain names and dismantled its infrastructure, effectively halting its operations.
Following the takedown, the US Attorney's Office continued its investigations, resulting in charges against individuals at all levels of the xDedic Marketplace.
Among them, Alexandru Habasescu and Pavlo Kharmanskyi, both administrators, were apprehended.
Habasescu, the lead developer residing in Moldova, was arrested in the Canary Islands in 2022 and extradited to the United States. Kharmanskyi, based in Ukraine, was arrested at Miami International Airport in 2019. The pair were sentenced to 41 and 30 months' imprisonment, respectively.
The DOJ highlighted the role of Dariy Pankov, a Russian national, as one of the highest volume sellers on the marketplace. Pankov developed the NLBrute malware and listed credentials for more than 35,000 compromised servers, accruing more than $350,000 from his criminal activities. Pankov was captured in the Republic of Georgia in 2022 and sentenced to 60 months in federal prison.
Nigerian national Allen Levinson, a prominent buyer, targeted US-based accounting firms, filing hundreds of false tax returns seeking over $60 million in fraudulent refunds.
Levinson was arrested in the UK in 2020 and extradited to the US, receiving a 78-month prison sentence.
While challenges arose due to the foreign nationality of some defendants, the US has successfully charged and/or extradited 17 individuals to date.
Additionally, xDedic Marketplace buyers Olufemi Odedeyi and Oluwaseyi Shodipe from the UK face charges including conspiracy to commit wire fraud and aggravated identity theft, pending extradition to the US.
Shodipe also faces charges of making false claims and theft of government funds, with both individuals potentially facing a maximum penalty of 20 years in federal prison if convicted.