An international law enforcement operation has seized the website and domains for WT1SHOP, a criminal marketplace that sold stolen credit cards, I.D. cards, and millions of login credentials.
WT1SHOP was one of the largest criminal marketplaces of PII data commonly used by threat actors to buy credentials for account takeovers, credit cards used for online purchases, and government I.D. cards for identity theft.
“The WT1shop was one of the turnkey account shop selling compromised accounts and personally identifiable information since the Slilpp takedown,” AdvIntel CEO Vitali Kremez told BleepingComputer.
“It catered primarily to the carders and fraudsters focused on account takeover activity and offering its service on many underground crime communities.”
The representatives of WT1SHOP commonly promoted the marketplace on Russian hacking forums and Reddits that catered to online criminal activity.
Servers and domains seized by law enforcement
Today, the Department of Justice announced that Portuguese authorities seized the WT1SHOP website, and the U.S. seized four Internet domains used to access the criminal marketplace, including wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net.
Other domains used by the website are wt1store.biz, wt1store.me, wt1store.xyz, and wt1store.org, which do not appear to be seized now. However, as the website is seized, visiting any of these domains no longer allows access to the store.
The operation was conducted by the U.S. Attorney’s Office of the District of Maryland and the FBI, who said the site sold the personal information of millions of users, including stolen login credentials, bank accounts, credit cards, and scanned government identification, such as passports and driver’s licenses.
“Law enforcement’s review of WT1SHOP in December 2021 showed that the number of users and sellers on the website had increased to approximately 106,273 users and 94 sellers with a total of approximately 5.85 million credentials available for sale,” reads the DOJ announcement.
The Dutch police estimated in June 2020 that the site had $4 million in sales paid in bitcoin.
The DOJ announcement says law enforcement traced the bitcoin payments, email addresses, and admin accounts for WT1SHOP back to Nicolai Colesnicov, age 36, of the Republic of Moldova. Colesnicov is suspected to be the administrator and operator of the criminal marketplace.
Colesnicov is charged with conspiracy and trafficking in unauthorized access devices and faces a maximum sentence of 10 years in federal prison if found guilty.