Card Not Present Fraud,
Cybercrime,
Fraud Management & Cybercrime
BidenCash Notorious for Distributing Stolen Card Data
A prominent online carder marketplace has been taken offline as a result of a coordinated operation by U.S. and Dutch law enforcement agencies. The website, known as BidenCash, had gained notoriety since its launch in March 2022, attracting 117,000 users and facilitating the trade of over 15 million payment card numbers along with personally identifiable information (PII), according to the U.S. Department of Justice.
Authorities seized 145 associated domains on both the dark web and open web, as well as the cryptocurrency accounts linked to BidenCash operators. Reports indicate that the platform generated more than $17 million in revenue, highlighting the scale of its operations.
BidenCash was particularly known for its practice of distributing card details at no cost to users, although cybercriminals often questioned the practicality of such offerings. To commemorate its first anniversary, the marketplace released a dump of two million payment card details, many of which were expired or potentially compromised due to security alerts, as indicated by threat intelligence firm Flashpoint.
Comparing the leaked information to grocery store samples, Flashpoint noted that while the site purportedly published 3.3 million individual stolen credit card numbers for free, the actual utility for fraudsters was limited. A December 2023 analysis by Visa examined a tranche of 1.9 million cards released by BidenCash, discovering that 556,000 were at risk. Notably, half of those had already been flagged for potential compromise through enumeration attacks, a tactic where fraudsters generate card numbers algorithmically to identify valid combinations.
The rise of the BidenCash marketplace filled a significant gap in the carder underground left by the shutdown of other prominent dark web sites like Joker’s Stash in early 2021, as well as a crackdown on carding operations by Russian authorities in February 2022.
From a cybersecurity perspective, this incident raises important considerations regarding initial access tactics employed by such platforms. Cybercriminals frequently leverage social engineering and phishing techniques to compromise target networks, which aligns with the MITRE ATT&CK framework that emphasizes initial access, persistence, and privilege escalation. Business owners should remain vigilant regarding their cybersecurity measures as adversaries continue to exploit weaknesses in payment systems and personal data storage practices.
