U.S. authorities dismantled key infrastructure behind major crypto credential thefts, seizing domains used to control malware that looted millions of wallets and logins.
DOJ Targets Crypto-Theft Network With Seizure of Data-Stealing Domains
WRITTEN BY
SHARE
DOJ Shuts off Access to Stolen Crypto Wallet Data in Federal Domain Seizure
The U.S. Department of Justice (DOJ) announced on May 21 that it has seized five domains linked to the distribution and operation of LummaC2, a widely used information-stealing malware, as part of an effort to disrupt cybercrime targeting sensitive online data, including cryptocurrency credentials. According to court filings, LummaC2 was offered as a malware-as-a-service tool that enabled cybercriminals to steal login credentials, browser-stored information, and other personal data. The seizures, which took place on May 19 and 20, dismantled infrastructure that facilitated access to stolen data and deployment of the malware.
The malware was used to extract a range of personal information, including crypto-related access credentials. Matthew R. Galeotti, head of the DOJ’s Criminal Division, explained:
Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft.
The court affidavit supporting the domain seizure described the specific kinds of data targeted, stating: “Common targets for cybercriminals using malware like LummaC2 include browser data, autofill information, login credentials for accessing email and banking services, as well as cryptocurrency seed phrases, which permit access to virtual currency wallets.” The FBI identified at least 1.7 million instances of the malware being used to harvest such data.
In parallel with the DOJ’s domain seizure, Microsoft launched a civil action to disrupt an additional 2,300 domains allegedly connected to LummaC2 operators or their affiliates. The domains seized by the DOJ functioned as “user panels,” where LummaC2 users could manage infections and stolen data. Visitors to these sites now see a federal seizure notice. The DOJ also highlighted the State Department’s Rewards for Justice program, which offers up to $10 million for information on foreign state-linked cyber activity that targets U.S. critical infrastructure, including incidents that may involve crypto-related threats.
