The Fall of Two Major Cybercrime Marketplaces
A coordinated international law enforcement operation has dismantled Cracked.io and Nulled.to, two of the most well-known underground cybercrime forums. Together, these platforms had over 10 million users and served as one-stop shops for cybercriminals, offering everything from stolen data and malware to hacking tools and cybercrime-as-a-service (CaaS).
Authorities estimate that suspects linked to these platforms generated over €1 million in criminal profits. The takedown marks a significant step in the fight against organized cybercrime, demonstrating the increasing ability of law enforcement to disrupt illegal online economies.
Key Actions and Seizures
Between January 28 and January 30, law enforcement agencies executed a large-scale operation that resulted in:
- 2 suspects arrested
- 7 properties searched
- 17 servers and over 50 electronic devices seized
- €300,000 in cash and cryptocurrency confiscated
- 12 domains linked to Cracked.io and Nulled.to seized
Additionally, authorities shut down associated services, including:
- Sellix, a financial processing platform used by Cracked for illicit transactions.
- StarkRDP, a remote desktop protocol (RDP) hosting service promoted on both forums and allegedly operated by the same suspects.
Europol’s Role in the Operation
Europol played a key role in the investigation by providing on-the-ground operational, forensic, and analytical support. During the action day, Europol deployed a specialist and analyst to work closely with German investigators.
The operation was carried out under the framework of the Joint Cybercrime Action Taskforce (J-CAT), headquartered at Europol’s European Cybercrime Centre (EC3) in The Hague, Netherlands. This initiative serves as a hub for international law enforcement collaboration, allowing countries to share intelligence and coordinate joint actions against cybercriminals.
The Rise and Fall of Cybercrime-as-a-Service (CaaS)
The shutdown of Cracked.io and Nulled.to highlights the growing threat of Cybercrime-as-a-Service (CaaS), a business model in which cybercriminals provide:
- Pre-built hacking tools for non-technical individuals.
- Ransomware-as-a-service (RaaS) kits, allowing criminals to deploy ransomware without needing technical skills.
- Phishing toolkits and credential-stuffing software used to automate large-scale cyberattacks.
- AI-enhanced hacking tools, including scripts that scan for security vulnerabilities and generate advanced phishing campaigns.
How These Platforms Operated
Cracked and Nulled functioned as underground marketplaces, where cybercriminals:
- Bought and sold stolen credit card details, personal data, and login credentials.
- Shared security exploits and tutorials on developing malware.
- Offered botnets and DDoS-for-hire services.
- Leveraged AI-driven phishing kits to create highly personalized social engineering attacks.
These platforms lowered the barrier to entry into cybercrime, enabling individuals with minimal technical expertise to engage in large-scale cyberattacks.
Implications of the Takedown: A Cybercrime Disruption or Temporary Setback?
While this operation is a significant win for global cybersecurity, history shows that cybercriminals often regroup and relocate after such takedowns. However, law enforcement’s ability to seize infrastructure, confiscate financial assets, and arrest key operators can disrupt illicit activities long enough to slow down the spread of CaaS platforms.
Key Lessons for Cybersecurity Professionals
- Increased awareness of cybercrime ecosystems – Understanding the underground economy is essential for anticipating emerging threats.
- Advanced threat intelligence – Organizations should enhance their monitoring of deep-web and dark-web activity.
- Proactive security measures – With CaaS making hacking tools more accessible, zero-trust architectures and AI-driven threat detection are critical.
- International collaboration is key – This case reinforces the importance of global cooperation in tracking and dismantling cybercriminal networks.
Countries Involved in the Operation
This international effort was coordinated by multiple law enforcement agencies, including:
- Australia – Australian Federal Police
- France – Anti-Cybercrime Office (Office Anti-cybercriminalité)
- Germany – Federal Criminal Police Office (Bundeskriminalamt), Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center
- Greece – Hellenic Police
- Italy – State Police (Polizia di Stato)
- Romania – General Inspectorate of Romanian Police
- Spain – Guardia Civil; Spanish National Police
- United States – Department of Justice, Federal Bureau of Investigation (FBI)
The seizure of Cracked.io and Nulled.to, along with associated financial and hosting services, represents a major victory against Cybercrime-as-a-Service. However, the persistence of cybercriminals means that new platforms will emerge, and law enforcement must remain vigilant in dismantling these networks.
A Step Forward in the Fight Against Cybercrime
The seizure of Cracked.io and Nulled.to, along with associated financial and hosting services, represents a major victory against Cybercrime-as-a-Service. However, the persistence of cybercriminals means that new platforms will emerge, and law enforcement must remain vigilant in dismantling these networks.
As cybercrime continues to evolve, organizations must:
- Enhance cyber awareness and training to counteract phishing and social engineering tactics.
- Deploy AI-driven security solutions to detect threats before they escalate.
- Strengthen international cooperation to disrupt cybercrime operations at their core.
The battle against underground cybercrime economies is far from over, but each takedown sends a clear message: cybercriminals are not beyond the reach of law enforcement.
