Russia arrests suspected owner of LeakBase cyber‑crime forum

RUSSIA ARRESTS SUSPECTED OWNER OF LEAKBASE CYBERCRIME FORUM

Russian police in the Rostov region have arrested a resident of Taganrog believed to be the owner and administrator of LeakBase, a prominent online forum used by cybercriminals to trade stolen data, hacking tools, and related services. The unnamed suspect is also accused of creating the LeakBase platform itself, according to officials cited by a state news agency. The arrest marks a new milestone in the coordinated crackdown on criminal marketplaces that operate across borders.

LeakBase emerged in 2021 as a project linked to the notorious ARES threat group, gradually expanding its user base to more than 142,000 members after a well-known hacking forum named Breached shut down in March 2023. The site was free to join and served as a marketplace for selling stolen databases, data leaks, and exploits, while also hosting spaces dedicated to programming, social engineering, cryptography, and operational security guides. By design, LeakBase fostered a community where illicit actors discussed techniques, shared tools, and collaborated on cybercriminal ventures.

In March 2026, an international law enforcement operation known as “Operation Leak” culminated in the takedown of the LeakBase forum by the FBI and authorities in 14 other countries. The effort was coordinated by Europol and involved a broad range of actions aimed at disrupting the platform and its user ecosystem. Investigators carried out search warrants, conducted interviews, and conducted arrests across the United States and several other jurisdictions, including Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom. The operation reflected a broader push by police agencies to dismantle major cybercrime marketplaces that once served as central hubs for illicit trade.

Following the takedown, the LeakBase website, accessible at leakbase.la, displays a notice indicating that the site has been seized by the FBI as part of an international law enforcement operation. The seizure banner notes that the platform’s database and its contents, including private messages and IP logs, will be preserved and used as evidence in ongoing and future investigations. Europol described the actions on March 3 as coordinated enforcement across multiple jurisdictions, with around 100 actions worldwide and targeted measures against 37 of the platform’s most active users. By March 4, authorities had moved to the technical disruption phase, seizing the domain and replacing it with a law enforcement splash page. The operation is described as entering a prevention phase designed to deter further criminal activity and raise awareness about the consequences of cybercrime.

LeakBase did not exist in isolation. It followed earlier closures of other major hacker forums that left a vacuum in the underground marketplace landscape. RaidForums, one of the largest forums of its kind, was shut down in 2022, and BreachForums followed in 2023. The current crackdown signals intensified cross-border cooperation and a willingness by law enforcement to pursue not only individual offenders but also the broader networks and infrastructures that sustain cybercrime economies.

The seizure and the ongoing investigations underscore the rising importance of data integrity, international cooperation, and digital forensics in prosecuting cybercriminal activity. As authorities move forward, prosecutors will rely on seized data, including user records, communications, and IP logs, to build cases against suspects and to dismantle the operational frameworks that enabled large-scale data theft and monetization. The LeakBase case illustrates how law enforcement is increasingly pursuing not just the violent or destructive aspects of cybercrime, but the organized ecosystems that enable it to flourish across borders.