A significant law enforcement initiative has led to the shutdown of **LeakBase**, one of the largest cybercriminal forums globally, where illicit transactions involving stolen data and cybercrime tools were rampant.
As reported by the U.S. Department of Justice (DoJ), the LeakBase forum boasted a membership exceeding 142,000, with over 215,000 interactions recorded among users as of December 2025. Those attempting to visit the site, previously available at “leakbase[.]la,” are now met with a seizure notice indicating the site has been confiscated by the FBI as part of a coordinated international operation.
The seizure notice highlights that all data from the forum, including user accounts, postings, financial details, personal messages, and internet protocol (IP) logs, has been secured for evidentiary purposes. The domain provided a platform in English, accessible through the clearnet, where users could purchase hacked databases containing vast quantities of sensitive information, including account details and financial records.
A report from Flare published in April 2023 noted that LeakBase explicitly forbade the sale or publication of Russian databases, likely to avoid drawing unwanted attention. This underground marketplace had been operational since June 2021.
Investigative entities like SOCRadar have linked LeakBase’s administration to an individual known as Chucky, active in various underground forums under numerous aliases. Chucky is recognized for distributing extensive collections of databases, often containing critical information from global organizations. Recent insights from SpyCloud indicated that the forum experienced temporary downtime shortly before its seizure as Chucky sought a new hosting solution.
During a major operation dubbed **Operation Leak** that spanned March 3 and 4, 2026, law enforcement agencies executed search warrants and conducted arrests across the U.S., Australia, Belgium, and several other nations, effectively targeting the forum’s infrastructure. Europol confirmed that LeakBase specialized in the distribution of “stealer logs,” archives of credentials pilfered via infostealer malware, which could be weaponized for further cyber intrusions.
Approximately 100 enforcement actions occurred worldwide, including significant measures against 37 highly active users of the platform. Assistant Director Brett Leatherman of the FBI’s Cyber Division confirmed the comprehensive takedown of one of the largest online platforms facilitating cybercrime, emphasizing the importance of the operation in preventing future attacks.
Identity of LeakBase Administrator Revealed
Following the seizure, KELA’s analysis has connected the forum’s administrator to the alias Chucky, who has utilized multiple identities, including “beakdaz,” in underground circles since at least 2013. Investigative efforts identified social media profiles and a VK account associated with a person from Taganrog, Russia. This investigation links the individual to a wealth of past data breaches, further illustrating the risks posed by such cybercriminal networks.
LeakBase Emerges on New Domain
Just days following the law enforcement operation, the LeakBase forum resurfaced online using the new domain “leakbase[.]bz,” suggesting that the infrastructure for these types of criminal activities remains resilient in the face of systemic crackdowns.
This incident serves as a stark reminder to business owners about the persistent threats in the cyber landscape. The tactics employed by actors such as the ones behind LeakBase align with the MIITRE ATT&CK framework, particularly regarding initial access techniques, credential theft, and data exfiltration, highlighting the need for robust cybersecurity measures in detecting and mitigating such risks.