The US Department of Justice (DoJ) has announced the successful shutdown of a major cybercrime marketplace known as WT1SHOP, in collaboration with Portuguese authorities. This notorious website was a hub for the sale of stolen personal information (PII), generating millions of dollars for sellers over the years.
WT1SHOP was a prominent player in the cybercrime ecosystem, offering a vast array of stolen records for sale. With approximately six million records available, the marketplace catered to a wide range of buyers looking to purchase sensitive information. Portuguese authorities seized the website yesterday, while US authorities took down four associated domains: “wt1shop.net,” “wt1store.cc,” “wt1store.com,” and “wt1store.net.”
The DoJ revealed that among the items for sale on WT1SHOP were 25,000 scanned driver’s licenses and passports, 1.7 million e-commerce store login credentials, 108,000 bank accounts, and 21,800 credit cards. These illicit goods could be purchased using Bitcoin, with a total of 106,273 users and 94 sellers registered on the platform as of December 2021.
One of the key attractions for buyers on the marketplace was stolen credentials. By June 2020, WT1SHOP had facilitated the sale of 2.4 million credentials, generating $4 million in revenue. These credentials included logins for retailers, financial institutions, email accounts, PayPal accounts, and ID cards. Additionally, credentials for remote access to computers, servers, and network devices were also up for sale.
The alleged administrator of the site, Nicolai Colesnicov, a 36-year-old from Moldova, has been charged with conspiracy and trafficking in unauthorized access devices. The DoJ filed a complaint against Colesnicov in April, which was unsealed following the shutdown of WT1SHOP. Law enforcement authorities were able to trace Bitcoin transactions on the site, payments to the web host, email addresses linked to WT1SHOP, and login information to Colesnicov, identifying him as the operator and main administrator of the marketplace. If convicted, Colesnicov could face up to 10 years in federal prison.
This successful takedown adds to a series of law enforcement actions against cybercrime operations this year, including the closure of PII marketplace SSNDOB, Hydra Market, and RaidForums. The collaborative efforts of US and Portuguese authorities demonstrate a commitment to combating cybercriminal activities and protecting individuals from the illicit trade of stolen personal information.