Law enforcement seized the carding marketplace BidenCash

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation.

The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace.

“The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximately 145 darknet and traditional internet domains, and cryptocurrency funds associated with the BidenCash marketplace.” reads the press release. “BidenCash commenced operations in March 2022. BidenCash administrators charged a fee for every transaction conducted on the website.”

Today, the FBI, along with partners at @TheJusticeDept and @SecretService, announced the seizure of cryptocurrency and ~145 domains associated with the BidenCash criminal marketplace, which generated millions in revenue by trafficking in stolen data https://t.co/CjXTxIrWkg pic.twitter.com/IBA8erItMl

— FBI (@FBI) June 4, 2025

‘BidenCash’ was launched in March 2022 and was initially considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free rapidly increased its popularity.

Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding sites was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.

The BidenCash cybercrime marketplace, with over 117,000 users, trafficked over 15M payment cards and generated $17M in revenue. Administrators also gave away 3.3M stolen cards [1, 2] to promote their services.

Between October 2022 and February 2023, the BidenCash marketplace published 3.3 million individual stolen credit cards for free to promote the use of their services.” continues the press relaase. “The stolen data included credit card numbers, expiration dates, Card Verification Value (CVV) numbers, account holder names, addresses, email addresses, and phone numbers.”

The data included full card details and personal information. Authorities have now shut down 145 related domains, redirecting them to law enforcement servers to block future criminal activity.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)