LockBit Hacked, Internal Chats and Wallets Leaked

LockBit, one of the world’s most active ransomware groups, has suffered a major breach after attackers defaced its dark web infrastructure and leaked a trove of sensitive internal data. The breach, disclosed on May 7, exposed a MySQL database containing operational details, including 60,000 Bitcoin wallet addresses and over 4,400 negotiation messages between LockBit operators and victims.

The hacked site displayed a message reading, “Don’t do crime CRIME IS BAD xoxo from Prague,” linking to the leaked data. Among the contents were plaintext passwords for 75 administrators and affiliates, as well as records of custom ransomware builds.

Security researchers confirmed the data’s authenticity, calling it a “goldmine” for law enforcement. LockBit claimed the breach involved a “light panel” and said no decryptors or stolen company data were compromised. The intrusion follows February’s Operation Cronos and may be linked to a PHP 8.1.2 vulnerability also used in a similar attack on Everest ransomware.