Police seizes Cracked and Nulled hacking forum servers, arrests suspects

Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users.

Even though some of their members are also engaged in ethical hacking discussions, these hacking forums are best known for focusing on cybercrime, password theft, cracking, and credential-stuffing attacks and were widely regarded as a hub for cybercriminal activity,

They also hosted hacking tools, such as AI-based tools and scripts that help scan for security vulnerabilities and optimize attacks, “configs” used by credential-stuffing attack tools (e.g., OpenBullet and SilverBullet), and other illicit activities, including content related to software cracks and a “combo lists” marketplace with stolen credentials or databases.

The U.S. Justice Department says Cracked claimed over four million users, 28 million ads for cybercrime tools, generated roughly $4 million in revenue, and impacted 17 million victims in the U.S., while Nulled had over five million users, with 43 million ads for hacking tools, and around $1 million in annual revenue.

“Both of these underground economy forums offered a quick entry point into the cybercrime scene. These sites worked as one-stop shops and were used not only for discussions on cybercrime but also as marketplaces for illegal goods and cybercrime-as-a-service, such as stolen data, malware or hacking tools,” Europol said.

“Throughout the course of the action day, 12 domains within the platforms Cracked and Nulled were seized. Other associated services were also taken down; including a financial processor named Sellix which was used by Cracked, and a hosting service called StarkRDP, which was promoted on both of the platforms and run by the same suspects.”

Authorities also searched seven properties between January 28 and January 30 and seized over 50 electronic devices and around €300,000 in cash and cryptocurrency.

“The seized data, such as e-mail addresses, IP addresses and communication channels of the approximately 10 million registered user accounts, will be the basis for further international investigations against criminal sellers and users of the platforms,” added Bundeskriminalamt, Germany’s central criminal investigation agency.

Spanish National Police arrested the two suspects linked to the Cracked and Nulled seizures in Valencia. According to the U.S. DOJ, Spain also unsealed charges against 28-year-old Lucas Sohn, one of Nulled’s administrators who performed escrow functions on the website. However, there is no information about whether he was one of the two arrested suspects.

If convicted, Sohn faces a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years for access device fraud, and 15 years for identity fraud.

As GeekFeed first reported on Wednesday, seizure banners were added to the cracked[.]io, cracked[.]to, nulled[.]to, starkrdp[.]io, mysellix[.]io, and sellix[.]io domains, confirming that they had been seized in a joint law enforcement action dubbed “Operation Talent” that included law enforcement authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and Romania.

“This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners,” the banners read.

**Operation Talent seizure banner (GeekFeed)**

The FBI seized the forums’ domains and changed their name servers from their previous Cloudflare name servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov.

The U.S. law enforcement agency also seized domains used by:

StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider promoted on both hacking forums and run by the same suspects and
SellIX (sellix.io and mysellix.io), a financial processor that was also used by Cracked members.

Cracked’s staff also released a statement on Telegram confirming that police had seized the hacking forum’s cracked.io domain.

“Now that everyone has more clarity on the situation, Cracked.io has been seized under operation talent with specific reasons being undisclosed,” they said.

“We are still waiting for the official court documentation from the data centre and the domain host. We will inform you guys further on those details once we have it. A sad day indeed for our community.”

However, German law enforcement says SellIX and StarkRDP were shut down as they were “directly part of the platforms’ economic network.”

Updated January 30, 12:56 EST: Added charges and revenue information shared by the U.S. Justice Department.