Police take down two large cybercrime forums, arrest suspects

An international operation has shut down two of the world's largest cybercrime forums — Cracked and Nulled — which had about 10 million users and earned millions of dollars in profits, authorities said on Thursday.

Cybercriminals used the sites to trade illegal goods and services, such as stolen data, malware and hacking tools. The forums also offered scripts to automatically scan victims' systems for security vulnerabilities, making cyberattacks more effective, Europol said in a statement.

Notices posted on the seized websites included the logos of multiple law enforcement agencies, including the FBI as well as police in Spain and Germany.

Nulled and Cracked had been operating since 2015 and 2018, respectively, each with around five million registered user accounts. Police said they were closely linked — both administratively and technically. 

Cracked “generated approximately $4 million in revenue, and impacted at least 17 million victims from the United States,” the U.S. Department of Justice said. 

Nulled “listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue,” the department said.

Other services associated with the forums were also taken down, including Sellix, a financial processor used by Cracked, and StarkRDP, a hosting service promoted on both platforms and run by the same suspects.

During the operation, which took place earlier this week, police arrested two suspects — a man and a woman — in Valencia, according to Spanish police.

The U.S. said it unsealed criminal charges against Lucas Sohn, 29, an Argentinian national residing in Spain who allegedly served as an administrator for Nulled. The accusations are related to unlawful trafficking in stolen passwords and computer access, as well as identity theft with the intent to commit crimes.

Law enforcement also confiscated over $300,000 in cash, dozens of electronic devices, and cryptocurrency assets during searches of their properties, authorities said.

🚩Detenidos 2⃣ ciberdelincuentes en #Valencia durante un macrooperativo policial internacional

➡️Neutralizados dos grandes foros de #cibercrimen con millones de usuarios y miles de publicaciones

➡️En una operación de la @policia y la @guardiacivil, coordinada por @Europol pic.twitter.com/LRg0hVS3fa

— Policía Nacional (@policia) January 30, 2025

The investigation, ongoing since March, has identified eight people allegedly directly involved in operating the platforms, including two German citizens aged 29 and 32, according to the German police.

Cracked also said on Telegram that police had seized its domain. “A sad day indeed for our community,” the channel’s operators said.

Recent police actions against cybercrime operations have included a takedown of the PopeyeTools market; seizure of a distributed denial-of-service (DDoS) platform; and the disruption of MATRIX, an encrypted chat service used by criminals. Last May, the FBI led an operation against the large BreachForums cybercrime site.

Editor's Note: Story updated 1:35 p.m. Eastern U.S. time with additional information from the U.S. Department of Justice.