logo

Police shuts down Rydox cybercrime market, arrests 3 admins

Police raid

Albanian law enforcement has seized the Rydox cybercrime marketplace and arrested three administrators in collaboration with international partners.

Kosovo nationals Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli were arrested on Thursday by Kosovo law enforcement and Albania's Special Anti-Corruption Body (SPAK). The U.S. Justice Department indicted the first two for involvement in Rydox's operations, and they're awaiting extradition to the United States.

Ardit Kutleshi and Jetmir Kutleshi face multiple charges related to their Rydox admin roles, including two counts of identity theft, conspiracy to commit identity theft, aggravated identity theft, access device fraud, and money laundering. If convicted, each could receive five years for each charge, 10 years for access device fraud, and up to 20 years for money laundering.

Since February 2016, Rydox marketplace sellers have been involved in over 7,600 sales of credit card information, login credentials, and personal information such as social security numbers, names, and addresses stolen from thousands of U.S. citizens and various cybercrime tools and devices.

Rydox also offered for sale over 321,000 other "cybercrime products" to more than 18,000 users, including tools and materials for committing cyber crimes, such as tutorials and spam tools.

According to the indictment, registered users had to deposit a sum of cryptocurrency into their accounts before making a purchase via Perfect Money, Ethereum, Litecoin, Bitcoin ("BTC"), Monero, Ripple, Tron, or Verge payments deposited into a cryptocurrency wallet controlled by Rydox.

They could use the funds to purchase illicit products, services, tools, and programs from Rydox sellers. However, once the funds were deposited, they were under the defendants' control, who controlled the Rydox cryptocurrency wallets.

Rydox also charged registered users a one-time fee (that fluctuated between the equivalent of $200 to $500) to become authorized sellers on the marketplace. Rydox authorized sellers received 60% of the sale proceeds, while the market retained 40% from every sale.

The United States also obtained judicial authorization to seize the Rydox[.]cc domain, used to access the cybercrime marketplace's website.

Rydox seizure banner
Rydox seizure banner (BleepingComputer)

​Today, the FBI also seized servers in Kuala Lumpur that hosted the Rydox illicit marketplace with the help of the Royal Malaysian Police and took the website offline. The U.S. also received authorization to seize about $225,000 in cryptocurrency from the defendants' accounts.

The operation was carried out with the help of the FBI's Pittsburgh Office, Albania's National Bureau of Investigation (BKH), the Albanian Directorate of Cybercrime Investigation, the Kosovo Special Prosecutor's Office, the Kosovo Police, and the Malaysian Royal Police.

"The Rydox marketplace was a one-stop shop where upwards of 18,000 of its cybercriminal customers could choose from more than 300,000 cybercrime tools," said U.S. Attorney Eric G. Olshan on Thursday.

"While cybercrime often involves conduct occurring overseas and the actions of foreign nationals, its harms can be devastatingly local, with residents in our own communities suffering financial ruin as a result of the theft and misuse of their sensitive personal information."

Earlier this month, eight members of an international cybercrime network who set up fraud centers in rented Airbnb properties to steal millions of Euros from victims were arrested in Belgium and the Netherlands.

German law enforcement also shut down the country's largest online cybercrime marketplace and the Manson cybercrime market, arresting key suspects.


Free security scan for your website