60,000 Addresses Linked to LockBit Ransomware Group Exposed

60,000 Addresses Linked to LockBit Ransomware Group Exposed

By cryptogod-1 | CryptoGod-1 : Crypto & Blockchain | 9 May 2025

Good day everyone,

I hope you are all having a good day, welcome to CryptoGod-1's blog on all things crypto. In this post I will be looking at the news of the LockBit Ransomware Group having 60,000 Bitcoin addresses exposed.

 

 

60,000 Addresses Linked to LockBit Ransomware Group Exposed

One of the world's most notorious and feared ransomware networks, LockBit, has gotten a taste of its own medicine as a major cybersecurity breach took place exposing internal data, Bitcoin addresses, and affiliate credentials. This critical data has sent shockwaves throughout the infamous LockBit ransomware gang as almost 60,000 Bitcoin addresses were exposed.

Hackers managed to deface LockBits dark web affiliate panels and leak the internal data online. The cyberattack was discovered on the 7th of May and it targeted LockBit’s dark web infrastructure. Affiliate admin panels were defaced which led to the leaking of a substantial internal records database. A message was left behind by the attacks reading “Don’t do crime CRIME IS BAD xoxo from Prague” along with a downloadable MySQL database dump titled paneldb_dump.zip.

Cybersecurity experts have analysed the hack after it was initially flagged by threat actor Rey. According to Bleeping Computer report, the leaked data includes a massive collection of ransomware infrastructure details. Most notably, it exposes 59,975 unique Bitcoin addresses linked to LockBit. These Bitcoin addresses are supposedly linked to ransomware payments and each was typically assigned to individual victims as part of LockBit’s efforts to compartmentalise and obscure the flow of illicit funds.

https://x.com/ReyXBF/status/1920245719434231900

 

The leak could assist blockchain analysts in tracing LockBit’s financial activity instead of leaving such transactions untracked. While the scale of the brach is enormous, there were no private keys or additional sensitive data lost in the leak, according to LockBit’s operator, “LockBitSupp.” The exposed data included 20 tables, such as one labelled ‘builds’ that contained details about ransomware created by affiliates and their targeted companies. These records not only document the technical configurations used in various attacks but also include extensive chat logs which includes over 4,400 negotiation messages between victims and LockBit operators. Interestingly this has given a rare insight into the inner workings of ransomware extortion tactics.

Among the compromised data were user credentials, including 75 admins and affiliates with access to the affiliate panel, with passwords stored in plaintext. Some analysts believe the hack may be connected to a separate breach of the Everest ransomware site, as both featured identical messages, hinting at a possible link. While the exact method used to breach LockBit’s infrastructure remains uncertain there are certainly similarities between the two hacks.

It was also noted into the Bleeping Computer report that the server was running PHP 8.1.2, which is known to be vulnerable to CVE-2024-4577, a critical exploit that could have enabled remote code execution. The hack itself is likely to have far-reaching implications as law enforcement agencies and blockchain forensic teams work through the leaked Bitcoin addresses and data. There is the potential to now trace ransomware payments and even identify individuals connected to LockBit. The hack has once again shown how cryptocurrency is used in the ransomware economy, with each victim generally given a unique address for payments, making tracking difficult.

b228c596f6941af6a421e3016ef56e187adc25dc9f0f719861d384ead7700574.jpg

 

This is not the first time LockBit have been weakened, and not just in a reputational sense, as back in early 2024 a coordinated crackdown led by the U.S. Department of Justice, Europol, and law enforcement agencies worldwide saw LockBit temporarily dismantled. That was known as Operation Cronos and it led to the freezing of over 200 cryptocurrency accounts linked with LockBit's ransomware activities.

Authorities even arrested two LockBit actors in Poland and Ukraine, while two affiliates were apprehended and charged in the U.S. Ten Bitcoin and Ether addresses tied to the group were blacklisted by the U.S. Treasury’s OFAC and some of these addresses had been linked to deposits on exchanges like KuCoin, Binance, and Coinspaid. These sanctions now prohibit U.S. entities from transacting with the individuals or wallets involved. LockBit have been active since 2019 and have attacked more than 2,500 victims in 120 countries and reportedly extorted over $120 million globally.

 

 

 

Have a great day.

Peace. CryptoGod-1.

 

Referral Links and Follow Me:

Linktree

Resources

  1. https://cryptonews.com/news/hack-exposes-nearly-60000-bitcoin-addresses-linked-to-lockbit-ransomware-group/
  2. https://cryptoslate.com/lockbit-breach-exposes-60000-bitcoin-addresses-offers-bounty-for-hackers-identity/
  3. https://dig.watch/updates/lockbit-ransomware-bitcoin-addresses-exposed
  4. https://www.scworld.com/brief/data-breach-exposes-lockbit-ransomware-gang
  5. https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi123hFizsrKjjmt0OklULPAbwtsqb1c-0AHxqxQ-4EhwzhMPZrCr5EA8YlFZbuFYRnXuRNUx_FJR3RIlgZNfMZibGK_EAU2ojwiSsB1nqq827QSHncziwQIouNHfc5HH7bpBHbxMgTRQJge4-i-nJcQaoSw7ER2c7sj2rKQjrb5T1BWXE8urnx6Iya/s728-rw-e
Cryptocurrency Bitcoin (BTC) Crypto Blockchain Crypto News

How do you rate this article?

38
cryptogod-1
cryptogod-1

Writer, designer, creator, and life enthusiast. I love to read and write and enjoy sharing my passion for crypto, sports, literature and everything and anything I can enjoy in life.

CryptoGod-1 : Crypto & Blockchain
CryptoGod-1 : Crypto & Blockchain

Enthusiast here looking to share my ideas, thoughts, analysis, and experience when it comes to all things crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
EXPERIMENT - Tracking 2025 Top Ten Cryptocurrencies – Month Five - Down -13% EXPERIMENT - Tracking 2025 Top Ten Cryptocurrencies – Month Five - Down -13%
starthere

starthere

16 Jun 2025
5 minute read

3DOS Airdrop on SUI – The Next Big DePIN Explosion You Don’t Want to Miss! 3DOS Airdrop on SUI – The Next Big DePIN Explosion You Don’t Want to Miss!
MakeItReal

MakeItReal

7 hours ago
4 minute read

Crypto Trading Update : Around $5 Recovered By Taking Risk Crypto Trading Update : Around $5 Recovered By Taking Risk
shohana1

shohana1

6 hours ago
1 minute read