Authorities Take Down Prolific WT1SHOP Cybercrime Marketplace

The US and Portuguese authorities have shut down a notorious cybercrime marketplace that made sellers of stolen personal information (PII) millions of dollars over the years, according to the US Department of Justice (DoJ).

WT1SHOP was one of the largest websites of its kind, offering in the region of six million records for sale.

It was seized by Portuguese authorities yesterday, while their counterparts in the US shuttered four associated domains: “,” “,” “,” and “”

Among the records up for sale on the marketplace were 25,000 scanned driver’s licenses and passports, 1.7 million login credentials for e-commerce stores, 108,000 bank accounts and 21,800 credit cards, the DoJ said.

These could be bought from sellers on the forum using Bitcoin. There were 106,273 users and 94 sellers registered on the site as of December 2021.

Stolen credentials were a big draw for buyers. As of June 2020, the marketplace had facilitated the sale of 2.4 million credentials at a cost of $4m, including logins for retailers, financial institutions, email accounts, PayPal accounts and ID cards. Also for sale were credentials to remotely access and operate computers, servers and network devices, the DoJ said.

The alleged site administrator, Nicolai Colesnicov, 36, of Moldova was charged with conspiracy and with trafficking in unauthorized access devices, in a complaint filed in April and unsealed yesterday.

Law enforcers apparently traced Bitcoin sales on the site, payments made to WT1SHOP’s web host, email addresses linked to WT1SHOP, and related login information from these accounts to Colesnicov. Based on this intelligence, they deduced that he was the operator and main administrator of WT1SHOP.

If convicted, the Moldovan faces a maximum of 10 years in a federal prison, although it is unclear whether he is currently at large.

The latest law enforcement success comes on the back of several takedowns this year, including PII marketplace SSNDOB, Hydra Market, and RaidForums.

What’s Hot on Infosecurity Magazine?