BidenCash Marketplace Seized by U.S. Law Enforcement

The BidenCash Takedown

The notorious dark web marketplace BidenCash has been seized this week by the U.S. government. Searchlight Cyber provided technical capabilities to support the operation, which was a collaboration among several government and law enforcement departments. Once again, this successful takedown demonstrates that the dark web is no longer a safe haven for cybercriminal activities.

What was BidenCash?

The BidenCash marketplace was launched in 2022 and operated on both the dark web and the regular clear web. Its peculiar name and branding was probably a reference to “Trump’s Dumps”, a predecessor that used former President Donald Trump’s likeness and was estimated to have made about $4.1 million before being seized by Russian authorities in February 2022. BidenCash was launched later that month.

Biden was a type of marketplace known as an “autoshop”, which specialize in the sale of digital products – such as financial data, login credentials, remote access, and cookies. In BidenCash’s case, it focused on the sale of stolen credit card information, personal data, and Secure Shell Protocol (SSH) credentials.

It was a popular market for cybercriminals looking to commit financial fraud and has gained notoriety through a series of data leaks that it posted for free to promote the site. Often these leaks would include the card details of millions of users.

For example, in March 2023 BidenCash published two million credit card details on a Russian hacking forum to “celebrate” its birthday. The leak included cardholders’ full names, card numbers, bank details, expiration dates, card verification value (CVV) numbers, home addresses, and more than 500,000 email addresses.

As part of its seizure statement, the U.S. Department of Justice released figures on the activity of the marketplace. According to their press release, the BidenCash marketplace had more than 117,000 customers and facilitated the trafficking of more than 15 million payment card numbers and personally identifiable information. It generated more than $17 million in revenue during its three years of operations.

About the operation

BidenCash was seized by the U.S. Government in a coordinated law enforcement operation that included the U.S. Secret Service’s Cyber Investigative Section, the U.S. Secret Service’s Frankfurt Resident Office, and the FBI Albuquerque Field Office.

The operation involved the seizure of 145 dark web and traditional internet domains, and cryptocurrency funds associated with the marketplace. According to the U.S. Department of Justice, the BidenCash marketplace domains are no longer operational and will redirect to a U.S. law enforcement-controlled server, preventing future criminal activity on these sites.

The Department of Justice also thanked the Dutch National High Tech Crime Unit, The Shadowserver Foundation and Searchlight Cyber for their assistance with the investigation.

Searchlight Cyber’s dark web investigation tools are used by law enforcement and government agencies around the world to support operations against cybercriminals who use the anonymity of the dark web to mask their identities in an attempt to evade justice.

For more information on our work with law enforcement, check out THIS PAGE or GET IN TOUCH.