The illegal marketplace Rydox (“rydox[.]ru” and “rydox[.]cc”), which sold stolen personal data, access devices, and other tools for committing fraud and cybercrime, was shut down, the U.S. Department of Justice (DoJ) stated Thursday.
Three Kosovo nationals and service administrators, Shpend Sokoli, Jetmir Kutleshi, and Ardit Kutleshi, have also been taken into custody. It is anticipated that Jetmir and Ardit Kutleshi would be extradited to the United States. The country will charge and prosecute Sokoli, who was captured in Albania on December 12, 2024.
“The Rydox marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, which generated at least $230,000 in revenue since its inception in or around February 2016,” according to the Department of Justice.
This includes login credentials and credit card details that were taken from thousands of victims who lived in the US. Additionally, Rydox is accused of advertising up to 321,372 cybercrime products to more than 18,000 people, including scam pages, spam logs, and spamming lessons.
According to court documents, in order to buy or sell the illicit goods and services, users had to create an account and deposit money into it. The funds were then transferred to a wallet under the defendants’ control.
In order to become an authorised seller, Rydox also required a one-time payment from registered users, which could be anywhere between $200 and $500. Rydox kept the remaining 60% of each sale made on the marketplace, with these vendors receiving 60%.
According to the indictment document, an FBI undercover source opened a Rydox account, made a $300 cryptocurrency deposit, and bought roughly 40 “fullz,” which are packages that comprise people’s financial and personal data.
This included the full names, dates of birth, phone numbers, residence addresses, email addresses, Social Security numbers, and driver’s license numbers of the victims.
To take down the website, the Royal Malaysian Police and FBI seized servers in Kuala Lumpur in tandem with the measures. Additionally, cryptocurrency valued at about $225,000 has been taken from defendant-controlled accounts.
According to Albanian officials, as part of their investigation into Sokoli’s detention, they have separately seized one computer unit, six laptops, five cell phones and other storage devices, papers, and financial assets in cryptocurrency.
Two counts of identity theft, one count of conspiracy to conduct identity theft, one count of aggravated identity theft, one case of access device fraud, and one count of money laundering have been brought against Ardit and Jetmir Kutleshi, respectively. Both of them could be sentenced to a maximum of 37 years in jail if found guilty.