FBI Disrupts Rydox Cybercrime Marketplace

The U.S. government has shut down an illicit marketplace called Rydox and three administrators for the marketplace were arrested

Author

Newsroom
December 13, 2024

The U.S. government announced Thursday it has shut down the illicit Rydox marketplace, which sold stolen personal information, access devices, and cybercrime and fraud tools. Additionally, three administrators linked to the marketplace have been arrested.

Key Details: 

  • Kosovo nationals Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, were arrested in Kosovo, and Kosovo national Shpend Sokoli, was arrested in Albania. The former two will be extradited to the U.S, while Sokoli will be charged and prosecuted in Albania

  • The U.S. obtained judicial authorization to seize the domain that hosted and facilitated the access to the Rydox website

  • The U.S. said that the seizure of this domain will block third parties from using the site for buying and selling illicit cybercrime tools and personal information - they will now instead see a banner telling them the domain was seized as part of law enforcement action

Image Credit: Justice Department

Why It Matters: Rydox has been around since 2016, and over the years the marketplace has served as a hub for cybercriminals looking to buy stolen personal identifiable information, credit card information and login credentials belonging to thousands of U.S. victims. 

The government’s seizure of the website will prevent cybercriminals looking to make these types of illicit purchases on this specific marketplace - but unfortunately many other marketplaces exist outside of Rydox. Still, the U.S. government has cracked down on many marketplaces driving illicit sales over the years, from Hydra in 2022 to PopEyeTools just last month.

By the Numbers:

  • The DoJ divulged that the site has generated at least $230,000 in revenue driven by 7,600 sales over the last eight years 

  • The site offered at least 321,372 cybercrime products for sale, including PII, access devices (like stolen credentials and credit card info) and tools like scam pages, spamming logs and tutorials for spam attacks

  • The Rydox marketplace had over 18,000 users over the years

  • In addition to the domain seizure, the U.S. government has seized $225,000 worth of cryptocurrency from accounts controlled by the administrators

The Next Steps: Two of the alleged administrators, Ardit Kutleshi and Jetmir Kutleshi, are charged with two counts of identity theft, one count of conspiracy to commit identity theft, one count of aggravated identity theft, one count of access device fraud, and one count of money laundering. These charges stem from their roles as administrators of Rydox.