Almost 60,000 Bitcoin addresses tied to LockBit’s ransomware infrastructure were leaked after hackers breached the group’s dark web affiliate panel.
The leak included a MySQL database dump shared publicly online. It contained crypto-related information that could help blockchain analysts trace the group’s illicit financial flows.
Ransomware is a type of malware used by malicious actors. It locks its target’s files or computer systems, making them inaccessible. The attackers typically demand a ransom payment, often in digital assets like Bitcoin (BTC), in exchange for a decryption key to unlock the files.
LockBit is one of the most notorious crypto ransomware groups. In February 2024, 10 countries launched a joint operation to disrupt the group, saying that the organization had caused billions in damages to key infrastructure.
No Bitcoin private keys leaked
While almost 60,000 Bitcoin wallets were leaked, no private keys were included. One X user shared a conversation with a LockBit operator, confirming the breach. However, the LockBit person said no private keys or data were lost.
Despite this, analysts at Bleeping Computer said the database contained 20 tables, including a “builds” table. This included individual ransomware builds created by the organization’s affiliates. The data also identified some of the target companies for the builds.
In addition, the leaked database also included a “chats” table. This table contained over 4,400 negotiation messages between victims and the ransomware organization.
Related: Crypto crime in 2024 likely exceeded $51B, far higher than reported: Chainalysis
LockBit hack tied to Everest ransomware breach
It’s unclear who was behind the breach and how they got into LockBit’s operations, but Bleeping Computer analysts said the message used in the Everest ransomware site breach matched the one used in LockBit. The analysts suggested that there may be a link between the two incidents.
The breach highlighted the role that crypto plays in the ransomware economy. Each victim is usually assigned an address to pay their ransom, allowing the affiliates to monitor payments while attempting to obscure ties to their main wallets.
The exposure of the addresses allows law enforcement and blockchain investigators to track patterns and potentially link past ransom payments to known wallets.
Magazine: Adam Back says Bitcoin price cycle ’10x bigger’ but will still decisively break above $100K
