LockBit Onion website has been hacked

Posted on 2025-05-08 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Hack the cybercriminals seems to be the motto. The Onion website of the LockBit ransomware group appears to have been successfully attacked. The attackers captured the LockBit database with sensitive information about the group's operations.

Advertising

The LockBit ransomware group

Lockbit is a Russian-speaking group that operates Ransomware-as-a-Service (RaaS). In this model, the ransomware and infrastructure are made available to other cybercriminals, known as affiliates, who then carry out the attacks. The group is held responsible for numerous cyber incidents.

In 2024, the servers of the LockBit ransomware group were hacked and taken over by the FBI. I reported on the seizure of the LockBit infrastructure by law enforcement agencies (including the British National Crime Agency (NCA) and FBI ) in the article Operation Cronos: FBI & Co. seized infrastructure of the Lockbit ransomware gang and provided some details.

However, this appears to have been a short-lived success – the LockBit ransomware group has set up new servers and appears to be back in business.

Hack of the LockBit Onion site

News is now circulating that the LockBit Group's Onion site, which is used to negotiate with victims, has probably been hacked by an actor.

LockBit Onion site hacked

Advertising

The hacker left a note saying "Don't do crime, crime is bad xoxo from Prague". The hacker allegedly extracted and leaked the database. The database contained Bitcoin wallet addresses, private keys, chat logs of the groups and information about their partners.

This leaked dump appears to be the backend database of LockBit's blog/negotiation panel. Included were:

  • 246 victim portals
  • 819 SegWit BTC ransom wallets
  • 617 public RSA keys
  • 1 affiliate (ID 25) behind all

The chat logs date back from December 19, 2024 to April 29, 2025. The dump of the database can be accessed on GitHub.

Similar articles
Operation Cronos: FBI & Co. seized infrastructure of the Lockbit ransomware gang
LockBit ransomware group back? And new findings
FBI recovers 7,000 LockBit keys; ransomware victims could contact the FBI

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).