US law enforcement agencies recently made a significant breakthrough in the fight against cybercrime by seizing 145 domains and cryptocurrency linked to BidenCash, a notorious darknet marketplace infamous for selling stolen credit card data and personal information. This operation, which took place on June 4, was the result of a court-approved investigation aimed at dismantling the platform’s infrastructure.
The seized domains now redirect users to a server controlled by the authorities, prominently displaying official insignias from the Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Secret Service, and Dutch High Tech Crime Unit. This move effectively shuts down BidenCash’s illegal activities and sends a clear message to other cybercriminals operating on the dark web.
In addition to seizing the domains, law enforcement officials also confiscated cryptocurrency used by BidenCash to facilitate illegal transactions. While the total amount and type of assets seized were not disclosed, on-chain data from Arkham Intelligence suggests that approximately $43,000 worth of USDT, a stablecoin issued by Tether, was confiscated.
BidenCash gained notoriety for openly selling stolen credit card data, login credentials, and personally identifiable information. Investigators estimate that the platform facilitated the trade of over 15 million compromised card records and generated at least $17 million in revenue during its operation. At its peak, BidenCash boasted a user base of over 117,000 individuals seeking to engage in illicit activities.
One of the tactics employed by BidenCash to attract criminal customers was to release millions of stolen card details for free, effectively serving as a promotional strategy. Between October 2022 and February 2023, the marketplace made 3.3 million individual stolen credit cards available for free, including sensitive information such as credit card numbers, expiration dates, CVV numbers, account holder names, addresses, email addresses, and phone numbers.
Despite the success of this enforcement operation, cybersecurity experts have identified several active domains still associated with the BidenCash network. Vmprotect, a renowned cybersecurity firm, flagged at least seven active addresses using domainhunter.pro as of the time of writing. This underscores the resilience of cybercriminal operations and the challenges faced by law enforcement agencies in completely disrupting illicit activities on the dark web.
Throughout 2025, law enforcement agencies have taken down numerous darknet-related domains and servers in an effort to combat cybercrime. However, threat actors continue to adapt and find new ways to evade detection, underscoring the ongoing battle against criminal activities in the digital realm.