Dark Web Marketplaces for Stolen Credit Cards

A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory.

To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump's Dumps, and UAS, were confiscated and plastered with a banner that warned "theft of funds from bank cards is illegal." Also embedded into the HTML source code was a message asking, "Which one of you is next?"

The seizures were orchestrated by the Department "K," a division of the Ministry of Internal Affairs of the Russian Federation that focuses primarily on information technology-related crimes, according to Flashpoint. In a related development, state-owned news agency TASS said that six Russian individuals were being charged with "the illegal circulation of means of payment."


The four platforms are collectively said to have made over an estimated $263 million across Bitcoin, Litecoin, and Ether, blockchain analytics company Elliptic said. Ferum Shop, active since October 2013, made as much as $256 million in Bitcoin from stolen card sales, accounting for nearly 17% of the stolen credit card market.

The UAS Store, a popular seller of stolen remote desktop protocol (RDP) credentials and operational since November 2017, netted around $3 million in cryptocurrency proceeds, with carding store Trump's Dumps making around $4.1 million since setting up shop in October 2017.

Dark Web Marketplaces for Stolen Credit Cards

The crackdown on illicit carding forums marks the third time cybercrime groups operating in the country have been dealt a blow by authorities since the start of the year. It all kicked off with the arrests of 14 members associated with the REvil ransomware gang responsible for numerous cyberattacks worldwide.

Then on January 25, the FSB arrested Andrey Sergeevich Novak, the alleged leader of the now-defunct Infraud Organization, in Moscow, along with three others for running a criminal enterprise that dabbled in the large-scale acquisition, sale, and distribution of stolen identities, compromised debit and credit cards, personal data, computer malware, and other contraband.

The latest high-profile action also comes close on the heels of the law enforcement shutdown of Canadian HeadQuarters (aka CanadianHQ), a darknet marketplace that was involved in the purchase and sale of spam services, phishing kits, stolen credential data dumps, and access to compromised machines.


What's more, recent months have been plagued by the closures of a number of dark web marketplaces like White House Market, Cannazon, ToRReZ, DarkMarket, Monopoly, and UniCC in a move that's perceived as a major blow to the carding industry after the collapse of the infamous Joker's Stash in January 2021.

"Closures and seizures of carding sites in 2022 have so far accounted for almost 50% of sales in the dark web stolen credit card market," Elliptic said. "Darknet markets remain highly lucrative enterprises, and if anything, the retirements could give operators the confidence that they can operate a successful market and make their fortunes – without being apprehended."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.