LockBit Ransomware Gang Gets a Taste of Its Own Medicine—60K Bitcoin Addresses Leaked
Hackers who made millions extorting victims just got hacked themselves—irony tastes better with a side of schadenfreude.
Subheader: The Breach That Cut Both Ways
LockBit’s infrastructure was compromised by an unknown party, exposing 60,000 Bitcoin addresses tied to ransom payments. The gang’s own playbook—encrypt first, ask questions later—got flipped against them. Who says crime doesn’t pay? (Except, well, the victims.)
Subheader: Crypto’s Transparency Paradox
Blockchain’s immutability means these addresses are now forever tainted—trackable but not always recoverable. A brutal reminder that even criminals can’t outrun math.
Closer: Maybe they should’ve diversified into Monero—or better yet, Treasury bonds.
LockBit Tastes Its Own Medicine
LockBit has plagued several crypto firms for the longest term, introducing malicious bugs to their victims’ protocols in epic ransomware attacks. It usually locks its target’s files or computer systems, making them inaccessible for as long as it wishes. After a while, it demands a ransom payment for a decryption key to unlock the files and restore access.
It is worth noting that ransom is often used in crypto scams involving assets like Bitcoin. By leveraging this approach, LockBit ransomware has been responsible for losing a lot of money in cryptocurrencies.
Unfortunately for LockBit, the recent incident gave it a taste of its own medicine. Anyone who tries to visit LockBit’s dark websites is now greeted with a defiant message: “Don’t do crime CRIME IS BAD xoxo from Prague”. This is in addition to a LINK to download a file named “paneldb_dump.zip” containing a MySQL database dump.
So LockBit just got pwned … xD pic.twitter.com/Jr94BVJ2DM
— Rey (@ReyXBF) May 7, 2025
There was also crypto-related information that could help security firms and blockchain analysts trace the illicit financial flows that LockBit ransomware has recorded. Last year, 10 countries launched a joint operation to curtail their operations, possibly leading to a drop in extortion and ransomware payments.
Any Bitcoin Private Key at Risk?
According to a conversation between an X user and a LockBit operator shared by the former, no Bitcoin private key was jeopardized due to the hack.
However, analysts from Bleeping Computer claimed that the leaked database contained 20 tables. Amongst these tables was a “builds” table that included individual ransomware builds created by the organization’s affiliates.
This table also displays potential companies for the builds. A “chats” table showed more than 4,400 negotiation messages passed between victims and LockBit ransomware.
For now, nothing is known about the perpetrator of the attack or how they achieved the breach. Meanwhile, Bleeping Computer has identified a semblance in the message used in the Everest ransomware site breach and the one used in LockBit. With this information, there are speculations that both incidents may be connected somehow.
Crypto Hack Still on the Rise
A few days ago, TRON DAO’s X account was attacked by a hacker who Leveraged unauthorized access to publish a post with a contract address. The hacker also sent Direct Messages (DMs) to several accounts and followed many others on X without authorization. The intent here was likely to scam users.
“TRON DAO will never post contract addresses or send unsolicited DMs. If you received a DM from our account on May 2, please delete it and consider it the work of the attacker,” the protocol clarified.
TRON founder Justin Sun acted immediately, urging cryptocurrency exchange OKX to freeze funds believed to be linked to the exploit. With crypto scams still growing, security experts continue to advise users to exercise utmost caution in social and financial interactions.
nextCrypto Scam: LockBit Ransomware Gang Hacked, 60,000 Bitcoin Addresses Exposed
