Out of the Shadows—Into the Crosshairs: FBI Takes Down One of the World’s Largest Hacker Marketplaces
One of the most notorious underground marketplaces for stolen banking data—BidenCash—has been shut down following a large-scale international operation involving the U.S. Secret Service, the FBI, and foreign partners. As a result, around 145 domains—both on the clearnet and darknet—were seized, along with cryptocurrency linked to the platform.
Now, visiting the old BidenCash addresses redirects users to an official U.S. Secret Service page, notifying them that the domains were confiscated as part of a criminal investigation. The operation also involved the Dutch National Police, the nonprofit ShadowServer Foundation, and cybersecurity firm Searchlight Cyber, which specializes in threat monitoring.
Researcher g0njxa noted that even BidenCash’s .asia domain, accessible via the regular web, now leads to "usssdomainseizure.com." Some subdomains reportedly remain active, but the administrators have clearly lost control over the platform’s infrastructure.
According to the U.S. Department of Justice, since its launch in March 2022, BidenCash served over 117,000 customers and sold more than 15 million payment card numbers, along with their owners’ personal data. The site charged a commission for each transaction, generating over $17 million in revenue.
BidenCash emerged shortly after the takedown of Joker’s Stash, then the largest carding marketplace, and a series of crackdowns on other darknet platforms like Forum, Trump Dumps, and UniCC. Unlike its competitors, BidenCash sought maximum visibility—drawing attention with its provocative name and massive data leaks.
The first leak occurred in summer 2022, exposing 6,600 credit cards and millions of email addresses. By October 2022, the marketplace dumped 1.2 million cards, mostly belonging to Americans. The leaks escalated in 2023, with two additional archives containing over 4 million records, including cards with varying expiration dates and geographic origins.
BidenCash heavily relied on web skimmers—malicious code injected into online stores to steal payment details during checkout. Previously, the main method of data theft was POS malware, which infected payment terminals and extracted unencrypted card data from device memory.
While underground platforms often attempt to rebuild after takedowns, operations of this scale deal a severe blow to the cybercrime ecosystem. The Secret Service continues its fight against financial crimes, including card fraud, money laundering, crypto scams, and identity theft.
Just before the domain seizures, agents conducted raids at over 400 retail locations, inspecting terminals and ATMs for skimmers. Although only 17 devices were found, law enforcement estimates the potential damage could have exceeded $5 million.
