- A major data breach has exposed LockBit’s internal systems, including 60,000 Bitcoin addresses.
- The leak includes plaintext passwords, ransomware build data, and chats showing LockBit’s extortion tactics.
- This incident follows mounting global pressure, including G7 crackdowns and the seizure of laundering platforms.
LockBit, a long-feared global ransomware group, has suffered a significant breach of its own. The incident, which defaced its dark web infrastructure and leaked substantial internal data, could permanently damage its reputation and operational effectiveness, offering an unprecedented look into its workings.
LockBit Breach: Database Leaked, Operations Exposed
A threat actor named “Rey” first flagged the breach, which included the release of a MySQL database archive titled “paneldb_dump.zip”.
The exposed archive contains 20 database tables linked to LockBit’s affiliate operations–ranging from Bitcoin wallet addresses and ransomware configurations to user credentials and private negotiations with victims.
A defacement message left behind on LockBit’s admin panels mocked the group and linked directly to the leaked data.
The attack’s tone and method mirror a recent takedown of the Everest ransomware group. This similarity sparks speculation that a vigilante or a rival threat actor might be responsible.
Leaked Data Reveals Scale and Security Lapses
Analysis of the leaked database has uncovered numerous insights. Nearly 60,000 Bitcoin addresses were listed–presumably linked to ransom payments or laundering schemes.
Configuration tables detailed how LockBit affiliates customized malware builds, including targeting preferences and instructions to bypass certain systems.
Perhaps most revealing are over 4,400 chat logs. These logs cover negotiations between LockBit and its victims from December 2024 to April 2025.
Related: Solana Fixes Critical Zero-Day Bug That Could Have Enabled Unlimited Token Theftc
The messages show not only the vast scale of LockBit’s operations but also its aggressive tactics, as it pressured companies for ransoms from a few thousand dollars to over $100,000.
The breach also exposed login credentials for 75 users, including affiliates and administrators. Shockingly, all passwords were stored in plaintext—a fundamental security failure that severely undermines LockBit’s claims of technical sophistication.
Related: Bybit’s Ben Zhou Provides Update on $1.4 Billion Hacked ETH/BTC Whereabouts
Passwords reportedly included unprofessional and even humorous entries, suggesting a surprisingly casual or arrogant internal security posture.
Although LockBit’s representative confirmed the breach in private chats, they downplayed its impact, claiming that no private decryption keys were leaked and that operational continuity wasn’t compromised.
Breach Coincides with Wider Crypto Crime Crackdown
The breach also coincides with intensifying law enforcement activity against crypto-enabled crime.
German authorities recently seized €34 million ($38 million) in crypto from eXch, a platform allegedly used to launder funds from the massive Bybit exchange hack earlier this year. The platform reportedly facilitated $1.9 billion in illicit transactions without implementing anti-money laundering measures.
On a broader scale, G7 nations are preparing to address the role of cryptocurrency in cybercrime during their upcoming summit. A key focus will be North Korea’s cyber operations, which have used stolen digital assets to support weapons programs.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/lockbits-own-medicine-ransomware-kingpin-hacked-secrets-spilled/