The United States Department of Justice (DOJ) announced on June 10 2021 that a multinational operation has taken down Slilpp Market, the largest dark web marketplace of stolen login credentials.
The operation involved law enforcement agencies from the United States, Germany, the Netherlands, and Romania were involved in the operation. They seized servers used to host Slilpp’s marketplace infrastructure and its domain names.
The marketplace’s websites have been replaced with a seizure banner on the clear web and an invalid address error on the dark web onion.
The FBI worked with prosecutors and investigators from multiple jurisdictions worldwide, during the international operation.
The agencies involved in Slilpp’s the take down include Germany’s Bundeskriminalamt, the Netherlands’ National High Tech Crime Unit, and Romania’s Directorate for the Investigation of Organized Crime and Terrorism.
United States Seizure Banner
According to Advanced Intelligence CEO Vitali Kremez, “Slilpp is the largest marketplace of compromised accounts ever seen in the criminal underground,”
“The marketplace was responsible for major inflows of compromised data resulting in millions of dollars of illicit profits to the administrators.”
Slilpp has been running since 2021 and hackers used it to sell and buy stolen login credentials for bank, online payment, retailer, mobile phone, and different types of online accounts.
The Customers who bought the credentials from the vendors on Slilpp used them in unauthorized transactions (e.g., wire transfers), and more than a dozen individuals have already been charged or arrested by US law enforcement following investigations into the Slilpp marketplace.
The Unitred States DOJ said, “According to the affidavit, a fraction of the victimized account providers have calculated losses so far; based on limited existing victim reports, the stolen login credentials sold over Slilpp have been used to cause over $200 million in losses in the United States. The full impact of Slilpp is not yet known,”.
According to reports, before the marketplace was seized, more than 80 million stolen login credentials were being sold by vendors, they belong to users of more than 1,400 companies, and many of them are high-profile.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” added Acting Assistant Attorney General Nicholas L. McQuaid of the United States Justice Department’s Criminal Division.
While Slilpp has been taken down, other large marketplaces still remain online to provide hackers with stolen credentials.
While Slilpp is gone, there are still may marketplaces operating.