The dark web site lost control of its affiliate panel, resulting in the breach
A recent breach of LockBit’s dark web infrastructure has exposed nearly 60,000 Bitcoin addresses, raising new questions about the group’s financial network and operations. The leak came after hackers reportedly gained access to LockBit’s affiliate panel, a backend system used to manage the ransomware group’s activities.
So LockBit just got pwned … xD pic.twitter.com/Jr94BVJ2DM
— Rey (@ReyXBF) May 7, 2025
The stolen data includes a MySQL database containing crypto wallet addresses, negotiation chats, and technical information about the group’s ransomware builds. Although no private keys were included, the exposure still gives analysts a valuable look at how the organization functions. Blockchain investigators could use the leaked addresses to trace previous ransom payments and build clearer links between transactions and the group’s digital footprint.
Among the database contents was a table named “builds,” which included details about specific ransomware packages developed by LockBit affiliates. Another section labeled “chats” featured over 4,000 negotiation messages between victims and attackers, offering a closer look into how the group handles ransom demands and communication.
LockBit has been one of the most active ransomware operations in recent years. Authorities from ten countries tried to dismantle the group in early 2024, claiming it had caused billions in damage to public and private infrastructure. Despite these efforts, LockBit has remained a major threat, and this recent breach appears to come from outside their usual law enforcement pursuers.
There’s also some speculation about a possible connection between this breach and a separate one involving Everest ransomware. Analysts noticed the same message used in both hacks, though it’s unclear if the same individuals were behind each incident.
With the exposed Bitcoin addresses now public, law enforcement agencies and cybercrime researchers may have a new path to investigate LockBit’s financial activity. While the group claims no private data was lost, the breach could still lead to deeper insights into how ransomware gangs manage and move their cryptocurrency.
