In a significant victory for global cybersecurity efforts, the FBI and Europol have successfully shut down LeakBase, a notorious online forum facilitating the trade of stolen credentials and cybercrime tools. This operation marks a pivotal moment in the ongoing battle against cybercrime, as LeakBase was one of the largest platforms of its kind.
According to the U.S. Department of Justice, the forum boasted over 142,000 members and hosted more than 215,000 exchanges of illicit information. Visitors to the site, previously located at ‘leakbase[.]la’, are now met with a notice from the U.S. Federal Bureau of Investigation, indicating the site’s seizure as part of a coordinated international law enforcement initiative.
Seizure and Preservation of Data
The comprehensive operation involved securing all content within the forum, including user accounts, shared messages, and sensitive data like credit card details and IP logs. This action ensures that all evidence is preserved for future legal proceedings, highlighting the thoroughness of the law enforcement approach.
LeakBase was notorious for offering hacked databases containing millions of account credentials and financial information. The forum provided a marketplace for cybercriminals to exploit these data troves, facilitating numerous account takeovers and financial frauds.
Chucky and the LeakBase Network
LeakBase was operated by an individual known as Chucky, who is also identified by aliases such as Chuckies and Sqlrip. This individual has been linked to the distribution of extensive collections of compromised databases, often containing sensitive information from global organizations. SOCRadar and other cybersecurity entities have tracked Chucky’s activities extensively.
In early reports by SpyCloud, the forum experienced downtime, with Chucky seeking a new hosting provider. Other key figures involved in running LeakBase included administrators known as BloodyMery, OrderCheck, and TSR.
Operation Leak: A Coordinated Global Effort
The operation to dismantle LeakBase, codenamed Operation Leak, took place on March 3 and 4, 2026. Law enforcement agencies executed search warrants, conducted arrests, and interviewed suspects across multiple countries, including the U.S., Australia, and several European nations.
In a statement, Europol highlighted that LeakBase specialized in selling stealer logs, which are archives of credentials obtained through malware attacks. These logs were instrumental in conducting account takeovers and fraudulent activities globally. The operation resulted in approximately 100 enforcement actions, targeting 37 of the forum’s most active users.
Assistant Director Brett Leatherman of the FBI’s Cyber Division emphasized the significance of this global effort, noting that the takedown of LeakBase represents a critical step in reducing cybercrime activities worldwide. This operation underscores the importance of international collaboration in combating the ever-evolving landscape of cyber threats.
