Global Cybercrime Forums Cracked and Nulled Shut Down in International Sting Operation

NEW DELHI: Two of the world’s largest cybercrime forums, Cracked and Nulled, have been dismantled following a coordinated international law enforcement operation.

The forums, which collectively boasted over 10 million users, served as hubs for illegal activities, including the sale of stolen data, hacking tools, and cybercrime-as-a-service offerings. Authorities have arrested two suspects, seized millions in assets, and shut down multiple domains associated with the platforms.

A Growing Threat: Cybercrime-as-a-Service

Cracked and Nulled were not just forums for discussion; they operated as full-fledged marketplaces for cybercriminals. Europol, the European Union’s law enforcement agency, highlighted the growing trend of “cybercrime-as-a-service,” where criminals offer tools, infrastructure, and expertise to less technically skilled individuals.

Registrations Open for FutureCrime Summit 2025: India’s Largest Conference on Technology-Driven Crime

“These platforms enabled even novice criminals to carry out sophisticated attacks,” said a Europol spokesperson. “They provided AI-based tools to scan for security vulnerabilities, optimize attacks, and develop advanced phishing techniques. Some of these tools used AI to create highly personalized and convincing messages, making them even more dangerous.”

The forums were also known for hosting discussions on the latest hacking techniques, sharing malware, and offering stolen data for sale. Authorities estimate that the organizers of these platforms earned at least €1 million in criminal profits.

The Takedown: Arrests, Seizures, and Domain Shutdowns

The operation, which culminated at the end of January, involved law enforcement agencies from multiple countries. Two suspects were arrested, and seven properties were searched across Europe. During the raids, authorities seized 17 servers, over 50 electronic devices, and approximately €300,000 in cash and cryptocurrencies.

ALSO READ: SEBI Cancels Registration of Four Stock Brokers for Regulatory Violations

In addition to the arrests, 12 domains associated with Cracked and Nulled were seized. Among these were critical services that supported the platforms’ operations, including Sellix, a financial processor used by Cracked, and StarkRDP, a hosting service promoted on both forums.

The takedown marks a significant milestone in the fight against cybercrime, as these platforms had been operational for years, facilitating millions of illegal transactions and impacting countless victims worldwide.

Cracked: A Marketplace for Stolen Data and Hacking Tools

Cracked, which had been active since March 2018, was one of the largest cybercrime marketplaces on the dark web. With over four million users, the platform listed around 28 million posts advertising stolen login credentials, hacking tools, and servers for hosting malware. According to the U.S. Justice Department, Cracked generated approximately $4 million in revenue and impacted at least 17 million victims in the United States alone.

One of the most alarming products advertised on Cracked was access to “billions of leaked websites.” This product was allegedly used in a recent sextortion case, where a woman in New York was harassed and blackmailed using stolen personal information.

Nulled: A Hub for Identity Fraud and Cybercrime

Nulled, which had been operating since 2016, was equally notorious. With more than five million users, the platform listed over 43 million posts advertising stolen login credentials, identification documents, and hacking tools. Nulled generated around $1 million in revenue annually, making it a lucrative operation for its administrators.

One of the most disturbing products advertised on Nulled claimed to contain the names and Social Security numbers of 500,000 American citizens. Such data could be used for identity theft, financial fraud, and other malicious activities.

Charges have been filed against one of Nulled’s administrators, Lucas Sohn, a 29-year-old Argentinian national living in Spain. Sohn faces severe penalties if convicted, including up to five years in prison for conspiracy to traffic in passwords, 10 years for access device fraud, and 15 years for identity fraud.

The Impact on Cybercrime

The takedown of Cracked and Nulled is a major victory for law enforcement, but it also highlights the evolving nature of cybercrime. These platforms were not just marketplaces; they were ecosystems that enabled and normalized illegal activities.

“Cybercrime is becoming increasingly accessible,” said a cybersecurity expert. “Platforms like Cracked and Nulled lower the barrier to entry, allowing even those with minimal technical skills to carry out devastating attacks. The use of AI and automation in these forums is particularly concerning, as it makes attacks more efficient and harder to detect.”

ALSO READ: AI-Powered Cyber Threats: Hackers Exploit Google’s Gemini

What Happens Next?

The cases against the suspects and the seized assets are now under investigation. Visitors to the Cracked and Nulled domains are now greeted with a banner notifying them that the sites have been seized by law enforcement.

While the takedown is a major step forward, experts warn that cybercriminals are likely to adapt and migrate to new platforms.

The dismantling of Cracked and Nulled sends a clear message to cybercriminals worldwide: law enforcement agencies are increasingly capable of tracking, infiltrating, and shutting down illegal operations.

For the millions of victims affected by these platforms, the takedown offers a measure of justice. However, it also serves as a reminder of the importance of cybersecurity vigilance. As cybercrime continues to evolve, individuals and organizations must remain proactive in protecting their data and systems.

Follow The420.in on

 Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube