In a coordinated international effort, Europol and the FBI have dismantled Cracked.io and Nulled.to, two of the world's largest cybercrime forums, seizing their domains and shutting down associated services. The underground platforms, which had over 10 million users, were major hubs for selling stolen data, malware, and hacking tools. The takedown, dubbed Operation Talent, was led by German authorities with law enforcement agencies from eight countries, marking a significant strike against cybercrime-as-a-service.
Between January 28 and 30, 2025, authorities executed raids across multiple locations, resulting in:
- Two arrests
- Seven property searches
- Seizure of 17 servers and over 50 electronic devices
- Confiscation of approximately €300,000 in cash and cryptocurrency
The investigation, which began in March 2024, identified eight individuals suspected of operating the criminal platforms Cracked.io and Nulled.to, including two German citizens, aged 29 and 32, residing in Schleswig-Holstein, Germany, and Valencia, Spain. These two defendants face charges under Section 127 of the German Criminal Code, which carries a sentence of six months to ten years for commercially operating illegal trading platforms. The remaining six suspects, aged 21 to 29, are under investigation by authorities in the United States, Spain, Greece, and Italy, where they will face legal proceedings under local laws.
A total of 12 domains related to Cracked.io and Nulled.to were taken down, along with additional services linked to these platforms. Among them were Sellix, an illicit online payment processor used by Cracked.io, and StarkRDP, a hosting provider that cybercriminals used for attacks. The FBI officially seized the domains on January 29, replacing them with banners announcing the law enforcement action.
Global cybercrime havens
Cracked.io and Nulled.to were not just discussion forums—they operated as full-fledged marketplaces for cybercrime. These platforms provided stolen credentials and databases through “combo lists,” hacking tools and automated scripts for cyberattacks, AI-powered phishing tools for sophisticated scams, and software cracks and key generators to bypass licensing restrictions.
They also facilitated credential stuffing attacks, a method where attackers use stolen username-password combinations to break into accounts on various services. Tools like OpenBullet and SilverBullet, often discussed and sold on these forums, enabled even unskilled individuals to carry out such attacks with ease.
While some users engaged in discussions around ethical hacking, the vast majority of activity revolved around fraud, hacking, and data theft. Europol estimates that criminals operating on these platforms generated at least €1 million in illicit profits.
The takedown is part of a broader strategy to disrupt cybercrime-as-a-service, a growing trend where criminals offer hacking tools and services to customers with little technical expertise. These platforms not only distributed malware but also provided step-by-step guides and tutorials on cybercrime, lowering the barrier for entry.
Following the seizure, Cracked.io's administrators confirmed on Telegram that law enforcement had taken control of their domain but claimed they were still awaiting official legal documentation. Initially, the forum's staff blamed a data center issue, misleading users into thinking the site's downtime was temporary.
Meanwhile, Sellix and StarkRDP—both tied to cybercriminal operations—were also taken down. Sellix allowed users to sell stolen data, cracked software keys, and compromised accounts, while StarkRDP provided remote desktop access for illicit activities.
The FBI took control of the forums' domains, changing their name servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov, signaling the sites were officially under federal control. Visitors to the domains now encounter law enforcement seizure notices.
Speedio Reportedly Suffers Data Breach Exposing 62M Records
Leave a Reply