LockBit Hacked: Tens of Thousands of Bitcoin Addresses and Victim Conversations Published
Date: 2025-05-09 Author: Henry Casey Categories: BUSINESS
Hackers have penetrated the LockBit system and have made nearly 60,000 Bitcoin addresses, over four thousand victim conversation sessions, and detailed cyberattack configurations publicly available. The leak was reported by Bleeping Computer.
The attackers left a message on forums associated with the group:
"Don't commit crimes. CRIME IS BAD xoxo from Prague."
According to a researcher under the pseudonym Rey, the published database contains:
Tables with Bitcoin wallet addresses presumably belonging to LockBit participants and technical infrastructure;
- Attack settings, including lists of target servers and files for encryption;
- Ransom demand chat archives;
- Data of 75 administrators and partners with passwords saved in unencrypted form.
The administrator and one of the LockBit developers, known as LockBitSupp (his real name is Dmitry Khoroshev), admitted the hack in a conversation with Rey. At the same time, he emphasized that the private keys to the cryptocurrency wallets remained safe.
Bleeping Computer experts conducted their own investigation and found that the compromise occurred on April 29. LockBit servers, as it turned out, were running on a vulnerable version of PHP 8.1.2, which most likely allowed the attackers to carry out a successful attack.
An interesting detail was the coincidence of the hackers' signature with the one used in the attack on the Everest darknet platform in April. This gives reason to assume that the same people may be behind both incidents.
It is worth recalling that in February 2024, the British NCA agency carried out a successful operation against LockBit, partially seizing the group's infrastructure and confiscating about 200 cryptocurrency wallets associated with its activities.
