The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday.
According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen personal databases to be traded since 2021.
In addition, technical equipment and other items of evidentiary value were confiscated during a search of the suspect’s residence.
“The platform hosted hundreds of millions of user accounts, bank details, usernames, and passwords, as well as corporate documents obtained through hacking,” said Irina Volk, an official spokesperson for the Russian Ministry of Internal Affairs. “More than 147,000 users registered on the forum could buy and sell this data, as well as use it to commit fraudulent acts against citizens.”
LeakBase was dismantled in a law enforcement operation earlier this month. The U.S. Department of Justice (DoJ) said the cybercrime forum was one of the world’s largest hubs for cybercriminals to buy and sell stolen data and cybercrime tools.
This included hundreds of millions of account credentials and financial information such as credit and debit card numbers, banking account and routing information, usernames, and associated passwords that could be abused to conduct account takeover attacks.
The platform had over 142,000 members and more than 215,000 messages between members as of December 2025. Visitors to the clearnet site were greeted with a seizure banner that said “All forum content, including users’ accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes.”
 |
| LeakBase seizure notice issued by Russia’s Ministry of Internal Affairs (MVD) |
LeakBase is the work of a threat actor who goes by the online aliases Chucky, beakdaz, Chuckies, and Sqlrip. In reports published following the takedown of the forum, KELA and TriTrace Investigations linked Chucky to a 33-year-old individual from Taganrog.
Days after the website was seized, LeakBase came back online on the domain “leakbase[.]bz” with DDoS protection provided by DDoS-Guard, per information shared by a TriTrace Investigations representative with The Hacker News. DDoS-Guard is a Russian provider of bulletproof hosting services.
Visitors to the site are now greeted by a message that states: “During a special operation by the Russian Ministry of Internal Affairs’ Bureau of Special Technical Events, the LeakBase forum was permanently closed. Illegal acts in the field of computer information, as well as infringements on the constitutional rights and freedoms of individuals and citizens, entail criminal liability in accordance with Russian law.”
About The Author
Original post here
