Credit card
Image: Ales Nesetril via Unsplash

Leader of darknet credit card marketplace pleads guilty

An Illinois man accused of operating a darknet carding site and selling information from tens of thousands of stolen credit cards pleaded guilty Tuesday in a Missouri courtroom.

Michael Mihalo, 40, of Naperville, Illinois was allegedly a prominent “carding” vendor on darknet sites — selling stolen credit card information on various marketplaces — before he and two alleged co-conspirators decided to set up their own market in 2016.

That platform, Skynet Market, promised the “BEST CVV’s CVV2, Fresh cards updated daily,” according to a 2022 indictment. The three also allegedly set up a mirror site on a publicly available page as well as a forum for discussing “fraud-related activities.”

For nearly four years, until October 2019, Mihalo and his associates conducted tens of thousands of transactions exceeding $1 million total, according to the indictment.

They were also allegedly vendors on the darknet markets AlphaBay, Wall Street and Hansa. One of the trio’s customers, however, turned out to be law enforcement agents working in Kansas City.

“Mihalo personally possessed, sent, and received the information associated with 49,084 stolen payment cards with the intent that the payment card information would be trafficked on darknet sites, all in furtherance of the conspiracy,” a Justice Department announcement said.

One of the alleged accomplices, Taylor Ross Staats, pleaded guilty last December to conspiracy to commit access fraud for his role as an alleged “card-checker” — verifying that credit cards are still active and that the information is legitimate. He faces five years in prison.

Mihalo pleaded guilty to one count of conspiracy to commit access device fraud, which carries up to five years in prison, as well as one count of access device fraud and six counts of money laundering, each of which carry up to 10 years of jail time.

This month, U.S. authorities shut down a popular Russian platform, Try2Check, used to confirm the legitimacy of stolen credit card information. They indicted its owner and operator, Denis Kulkov, who allegedly made some $18 million off the site since it went live in 2005.

In March, another Russian language dark web site dumped nearly 2 million credit card details as a promotional tool. Researchers ultimately found that the vast majority were already available on the dark web and were likely to expire within the year.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.