DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

60K BTC Wallets Tied to LockBit Ransomware Gang Leaked

Posted on May 8, 2025May 9, 2025 by Dissent
Defacement message left on LockBit’s darkweb site with dump of internal data. Image: DataBreaches.net.

CoinPedia reports:

“Don’t do crime. CRIME IS BAD. xoxo from Prague.”

That’s the message left behind after hackers gave LockBit – a ransomware gang known for extorting millions. Yes, they just got a brutal taste of their own medicine. In a surprising breach, nearly 60,000 Bitcoin wallet addresses tied to LockBit’s operations were leaked online.

The attackers broke into LockBit’s dark web affiliate panel and dumped a full MySQL database for the world to see. Inside? Thousands of ransomware builds, private negotiation chats, and crypto wallet addresses used in past attacks.

Read more at CoinPedia.

As also noted by others, the defacement message is the same message we saw on Everest Team’s leak site several weeks ago. DataBreaches is not aware of any group publicly claiming credit for these defacements and hostile actions.

Over on X[.]com,  “Rey” from Hellcat posted a screenshot of their Tox chat with LockBitSupp, who confirmed the attack, but downplayed it somewhat.

BleepingComputer provides an analysis of the contents of the SQL dump:

  • A ‘btc_addresses‘ table that contains 59,975 unique bitcoin addresses.
  • A ‘builds‘ table contains the individual builds created by affiliates for attacks. Table rows contain the public keys, but no private keys, unfortunately. The targeted companies’ names are also listed for some of the builds.
  • A ‘builds_configurations‘ table contains the different configurations used for each build, such as which ESXi servers to skip or files to encrypt.
  • A ‘chats‘ table is very interesting as it contains 4,442 negotiation messages between the ransomware operation and victims from December 19th to April 29th.
  • A ‘users‘ table lists 75 admins and affiliates who had access to the affiliate panel, with Michael Gillespie spotting that passwords were stored in plaintext. Examples of some of the plaintext passwords are ‘Weekendlover69, ‘MovingBricks69420’, and ‘Lockbitproud231’.
Category: HackMiscellaneous

Post navigation

← UK: Legal Aid Agency hit by cyber security incident
Georgia hospital defeats data-tracking lawsuit →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.