The UD Department of Justice (DoJ) has confirmed that the notorious cybercrime marketplace WT1SHOP has been taken down by the US and Portuguese authorities for its involvement in nefarious activities.

According to the federal criminal complaint against the marketplace, it made millions of dollars by selling PII (personally identifiable information) over the years. This was one of the largest cybercrime marketplaces and offered around 6 million records for sale.

Complaint Details

According to the complaint filed on 21 April 2022, WT1SHOP was operated by a 36-year-old national of the Republic of Moldova identified as Nicolai Colesnicov. The marketplace offered vendors stolen information including around 1.7 million login credentials like PII, approx. 25,000 scanned passports, driver’s licenses, 108,000 bank accounts, and 21,800 credit cards – Buyers could buy the records using Bitcoin.

WT1SHOP Cybercrime Market Seized by US and Portuguese Authorities
Screenshot of WT1SHOP’s homepage

The website had 106,273 registered users and 94 registered sellers as of December 2021. By June 2020, WT1SHOP had sold 2.4 million credentials for $4 million. This included retailers’ and financial institutions’ login credentials, email credentials, PayPal accounts, and ID card details. Moreover, it also sold credentials for remote access and control of computers, network devices, and servers.

Shutting Down of WT1SHOP

Authorities traced Bitcoin sales on the marketplace, and payments were made to its web host and email IDs. The login information was identified to be linked to Colesnicov. WT1SHOP was seized by Portuguese authorities, and four domains (wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net) were taken down by their counterparts in the USA.

After the website and its domains were seized, the DoJ unsealed the website seizure and criminal complaint. It was announced by the US Attorney for the District of Maryland, Erek L. Barron, and FBI’s Washington Field Office, Criminal Division’s Special Agent in Charge, Wayne Jacobs. 

Colesnicov has been charged with trafficking in unauthorized access devices and conspiracy. He could get a maximum penalty of ten years in federal prison if convicted.

  1. Hundreds of Sites and Piracy Apps Seized in US and Brazil
  2. Dark Web’s only Finnish language market Sipulimarket seized
  3. SSNDOB Cybercrime Marketplace Seized in Intl. Coordinated Op
  4. Domain, server of DoubleVPN used by ransomware gangs seized
  5. $3.6 billion Bitcoin seized from crooks tied to 2016’s Bitfinex hack
  6. FBI Seizes RaidForums, Arrests Alleged Founder Diogo Santos Coelho

Posted by Charlie