Article Details

BidenCash carding market domains seized in international operation. Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. The illegal shop’s domain on the dark web now redirects to the Secret Service’s domain for seizing websites involved in illegal activities. An official banner informs visitors that the BidenCash domain has been seized by U.S. law enforcement as part of an international operation led by the United States Secret Service (USSS) and the Federal Bureau of Investigation. The two U.S. agencies were supported in the operation by the Dutch National Police (Politie), the nonprofit security organization The ShadowServer Foundation, and the real-time attack surface visibility company Searchlight Cyber. According to security researcher g0njxa, the clear web domain on the .asia TLD for the carder marketplace also redirects to the Secret Service's usssdomainseizure.com domain. Some domains are still online, according to some reports. BleepingComputer has reached out to the U.S. Secret Service for more details about the operation but a statement was not immediately available. BidenCash's card data leaks Illegal card shops have been around for more than two decades. Initially, card data was typically collected in large amounts from PoS malware, which harvested the temporarily unencrypted card data from the memory of a point-of-sale (PoS) terminal. More recently card information was stolen using web skimmers - malware planted on online shops to collect payment details from customers at checkout. BidenCash started in April 2022 to fill the void left by the shutdown of Joker’s Stash card market about a year earlier and the Russian authorities seizing multiple card shops that included Forum, Trump Dumps, and UniCC. Since the beginning, the administrators of BidenCash tried to attract attention, not just through the name of the card shop but also by leaking large amounts of card information. They started with a small leak in June 2022 of a database with just 6,600 credit cards but included millions of email addresses. A few months later, in October, BidenCash leaked a set of 1.2 million credit cards in an effort to promote their services. Most of the cards were from users in the U.S., expiration dates varied between 2023 and 2026, and covered a wide geography. In 2023, the marketplace leaked two additional databases [1, 2] that cumulatively counted more than 4 million credit cards. Although administrators of such services often try to restore their operations, these seizures have a significant impact on illegal activities. The U.S. Secret Service is actively involved in fighting financial fraud that involves credit cards, money laundering, cryptocurrency scams, or identity theft operations. At the end of May, the agency and multiple state and local law enforcement partners visited more than 411 businesses in search of illegal skimming devices at ATMs, gas pumps, and point-of-sale (PoS) terminals. While just 17 skimmers were recovered, it is estimated that the action prevented a potential loss of more than $5 million. Why IT teams are ditching manual patch management Manual patching is outdated. It's slow, error-prone, and tough to scale. Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.