On Wednesday, March 4, the Federal Bureau of Investigation (FBI) and the European law enforcement agency Europol collaborated to shut down LeakBase, one of the world’s largest hacker forums.
According to a press release from the US Department of Justice, LeakBase had over 142,000 members, and its database contained “hundreds of millions” of stolen account information. US law enforcement agencies worked with Europol to seize LeakBase’s database and take control of its two domain names.
LeakBase was known as an online platform for selling and hosting user information stolen in past data breach incidents. It emerged in 2021 and could be accessed on the open web through domains like leakbase[.]ws and leakbase[.]la.
From Tuesday to Wednesday (3rd to 4th), law enforcement officers from 14 countries, including the United States, took synchronized actions against LeakBase and its users under the coordination of Europol in The Hague.
After joint operations in the US and Europe, the two aforementioned domain names displayed seizure notices.
The US Department of Justice stated that as of December 2025, LeakBase had registered users exceeding 142,000, with around 32,000 posts published, over 215,000 private messages sent, highlighting its scale and global impact.
Europol confirmed they have taken action against “37 of the most active users,” including “arrests, searches of residences, and ‘knock and talks’.” These coordinated activities took place in the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.
Investigators revealed that the forum hosted extensive databases, including “hundreds of millions of account credentials” obtained from past data breaches and malicious software, becoming valuable resources for cybercriminals.
The US Department of Justice stated: “Leakbase allowed forum users to sell information obtained from stolen databases, including data illegally obtained from US companies and individuals, providing credit card and debit card numbers, bank account and routing information, usernames, and related passwords, which could assist in further account theft and access other sensitive commercial and personal identity information.”
Currently, investigators have de-anonymized the identities of “several users” on LeakBase who are likely active cybercriminals.
Security researchers have long suspected that LeakBase’s origin is in Russia, indicating that its administrators may still be at large.
Europol pointed out: “An important internal rule of the forum prohibits the sale or publication of any data related to Russia.”
Brett Leatherman, Assistant Director of the FBI’s Cyber Crime Division, stated that this operation “sends a message: no criminal is truly anonymous.”