Ransomware gang LockBit has been on the receiving end of a data leak of its own, exposing 59,975 Bitcoin addresses, public keys, and 4,442 negotiation messages with victims following a recent hack.
LockBit is a notorious cybercriminal group that runs a Ransomware-as-a-Service operation, developing tools and infrastructure for affiliates who carry out attacks. Like most ransomware groups, it demands payment in cryptocurrencies — typically Bitcoin (BTC) or Monero (XMR) — with victims instructed to send funds to designated wallet addresses to receive decryption keys or avoid data leaks. Affiliates often launder the proceeds using mixers, cross-chain swaps, or privacy coins, attempting to evade detection.
LockBit’s dark web affiliate panels were defaced and replaced with a message linking to a database dump, which stated, “Don’t do crime CRIME IS BAD xoxo from Prague,” cybersecurity publication Bleeping Computer reported.
First noted by the threat actor, Rey, BleepingComputer’s analysis of the leaked LockBit database found 20 tables, with some revealing details. One table lists nearly 60,000 Bitcoin addresses, likely a mix of addresses used by the gang’s affiliates and infrastructure, while another shows ransomware builds linked to specific targets. There are also configuration details for attacks, such as which servers to skip or files to encrypt. A chat log includes over 4,400 messages between the ransomware operation and victims, and a user table names 75 admins and affiliates — with passwords stored in plain text, including examples like “Weekendlover69” and “Lockbitproud231.”
No private keys were leaked
A LockBit operator known as “LockBitSupp” confirmed the breach to Rey, stating that no private keys were leaked.
According to Bleeping Computer, the database appears to have been dumped around April 29, based on the MySQL timestamp and the latest chat record. While it’s unclear who carried out the breach or how, the defacement message matches one used in a recent attack on Everest ransomware’s dark web site, suggesting a possible link. The server was also running PHP 8.1.2, which is vulnerable to CVE-2024-4577 — a critical flaw that can allow remote code execution, the outlet said.
In February 2024, Operation Cronos — an international law enforcement effort — dismantled LockBit’s infrastructure, seizing 34 servers, stolen data, cryptocurrency addresses, 1,000 decryption keys, and its affiliate panel. Although LockBit later rebuilt and resumed operations, the group suffered another major setback in May last year, when U.S. authorities unmasked and indicted its ringleader, Dmitry Khoroshev, on 26 criminal counts. Alleged to have earned $100 million from ransom payments, Khoroshev faces sanctions, asset freezes, and a $10 million U.S. bounty for his arrest.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
