Lockbit, a longtime global ransomware group, suffers from a major violation of itself. This incident, which tainted a dark web infrastructure and leaked substantial internal data, could permanently damage its reputation and operational effectiveness and provide unprecedented work.
Lockbit Breakdown: Database leaked, operation published
A threat actor named “Rey” first flagged the violation. This includes the release of the MySQL database archive entitled “Paneldb_dump.zip”.
The exposed archive contains 20 database tables linked to Lockbit’s affiliate operations, ranging from Bitcoin wallet addresses to ransomware configurations to private negotiations with victims.
The fouling messages left in Lockbit’s admin panel mimicked the group and linked directly to the leaked data.
The tone and method of attack reflects the recent takedown of Ewe Restaurant Somewhere Group. This similarity hampers speculation that vigilantes and rival threat actors could be held responsible.
Leaked data reveals scale and security lapses
Analysis of leaked databases revealed many insights. Almost 60,000 Bitcoin addresses were listed. This is probably linked to ransom payment or laundry schemes.
It targets targeting preferences and procedures for bypassing a particular system, including how to build customized malware in Lockbit Affiliates.
Perhaps most obvious is over 4,400 chat logs. These logs cover negotiations between Rockbit and its victims from December 2024 to April 2025.
Related: Solana fixes a critical zero-day bug that could enable unlimited token theftc
The message not only shows the enormous scale of Lockbit’s operations, but also proactive tactics as they put pressure on businesses for ransoms ranging from thousands to over $100,000.
The violation made its login credentials public to 75 users, including affiliates and administrators. To my surprise, all passwords were stored in plain text. This is a fundamental security obstacle that seriously undermines the claims of Rockbit’s technical refinement.
Related: Bybit’s Ben Zhou provides the latest updates on where $1.4 billion hacked ETH/BTC is
The password reportedly contained both professional and humorous entries, suggesting an incredibly casual or arrogant internal security attitude.
Lockbit representatives have confirmed a violation of private chat, but they downplayed the impact and claimed that the private decryption key has not been leaked and operational continuity has not been compromised.
Violations coincide with wider cryptic crime crackdown
This violation coincides with strengthening law enforcement activities against crypto-enabled crimes.
German authorities recently seized 34 million euros ($38 million) of code from the exchange, a platform that is allegedly used to wash funds for a massive Bibit exchange hack earlier this year. The platform reportedly promoted $1.9 billion of illegal transactions without implementing anti-money laundering measures.
On a wider scale, G7 Nations is preparing to address the role of cryptocurrency in cybercrime during the upcoming summit. The key focus is North Korea’s cyber operations, which use stolen digital assets to support weapons programs.
Disclaimer: The information contained in this article is for information and educational purposes only. This article does not constitute any kind of financial advice or advice. Coin Edition is not liable for any losses that arise as a result of your use of the content, products or services mentioned. We encourage readers to take caution before taking any actions related to the company.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
