Feds Seize BidenCash Carding Market and Its Crypto Profits
BidenCash cybercrime market seized by global authorities; 145 domains linked to stolen credit card sales taken offline in a major crackdown.
In major news from the cybercrime world, BidenCash, one of the internet’s most notorious marketplaces for stolen credit card data, has been seized and taken offline in a coordinated law enforcement operation involving U.S. and Dutch authorities.
The takedown, officially confirmed on June 4, 2025, involved the seizure of 145 domains connected to the market. Visitors to the once-active URLs now land on a seizure banner posted by the US Department of Justice, FBI, U.S. Secret Service, and Dutch National Police, announcing the end of BidenCash’s online presence, at least for now.
Launched in March 2022, BidenCash quickly made a name for itself in cybercrime circles by doing what most dark web marketplaces avoided: operating in the open. The platform did not require a Tor browser for access and was indexed on the surface web, an intentional strategy to maximize traffic and lure low-skilled cybercriminals.
But what set BidenCash apart was its aggressive self-promotion on multiple occasions in which the site’s administrators leaked millions of stolen credit card numbers for free, as part of marketing campaigns designed to draw in new users.
As reported by Hackread.com in March 2023, BidenCash leaked over two million valid credit cards as part of its birthday anniversary promotion, most of these cards belonged to users in the United States, China, Mexico, India, Canada, and the United Kingdom.
In December 2023, the marketplace administrators leaked 1.6 million credit card details in plaintext. Most recently in April 2025, BidenCash leaked 1 million payment card numbers along with their CVVs, and expiry dates.
Authorities say that over its three-year run, the site had more than 117,000 registered users and facilitated the sale of over 15 million payment card records, generating an estimated $17 million in illicit revenue.
According to US DoJ’s press release, the operation resulted in the seizure of 145 dark web and clear web domains, cryptocurrency wallets and assets and disruption of “critical infrastructure” supporting the marketplace. Authorities have already begun working on identifying and arresting administrators and affiliates.
Here are the seized dark web and clear net domains used by BidenCash. The dark web domains now redirect users to Bidencash.usssdomainseizure.com with the same takedown notice:
https://bidencash.bid
https://bidencash.asia
http://biden3veilozweo2xubiusixn4kbfbbih23s6xsd35bzsuaz2weiz4yd.onion
http://biden3veilozweo2xubiusixn4kbfbbih23s6xsd35bzsuaz2weiz4yd.onion
http://bidencjap2u4hmzh3vtqsyqc54uevcariczl56y7jah4lgof4xzxb5qd.onion
http://bidencjap2u4hmzh3vtqsyqc54uevcariczl56y7jah4lgof4xzxb5qd.onion
The global takedown also had private sector support from cybersecurity organizations including Searchlight Cyber and The Shadowserver Foundation, who helped law enforcement map out BidenCash’s infrastructure and activity over time.
BidenCash Victims Remain VulnerableWhile the takedown is a win for cybersecurity, the impact won’t be immediate for victims. Many of the cardholders whose data was sold or dumped on BidenCash are likely still vulnerable, especially if they haven’t changed their banking details or been notified of exposure.
It is advised that consumers and businesses monitor their accounts closely, use two-factor authentication, and freeze credit if possible, particularly if they suspect any prior compromise.
BidenCash may be gone, but its users, and its model, are not. For now, the BidenCash seizure shows that cybercrime isn’t invisible. And for a market that gained attention with public data dumps, its end came just as publicly with victims having the last laugh.
HackRead
