Skip to content
All about finance.TechnologyEcosystemCybersecurityBitcoinJabUncoveringRansomwareBlockchainCryptocurrencyTablesFinance

Stolen Bitcoin Addresses of LockBit Ransomware Gang Exposed, Amounting to around 60,000 Bitcoins

Leak of around 60,000 Bitcoin wallets tied to LockBit ransomware, following a hack of their dark web platform, provides an unusual opportunity to trace transactions.

 and  Administrator
3 min read
Bitcoin addresses associated with LockBit ransomware, numbering approximately 60,000, were leaked...
Bitcoin addresses associated with LockBit ransomware, numbering approximately 60,000, were leaked following a breach of their dark web management system. This incident presents an uncommon opportunity to trace cryptocurrency payments related to the malware.

Stolen Bitcoin Addresses of LockBit Ransomware Gang Exposed, Amounting to around 60,000 Bitcoins

A jaw-dropping hack has the cybercrime world reeling! A whopping 60,000 Bitcoin addresses associated with the LockBit ransomware gang splashed across the internet, thanks to a dark web breach of their affiliate panel. This massive exposé is giving law enforcement and blockchain experts a golden opportunity to dig into the gang's financial dealings.

The hackers weren't just nosy parkers. They left a snarky note: "Don't do crime, CRIME IS BAD xoxo from Prague." Ouch! That's some harsh criticism coming from the digital sidekicks of the group that's been causing global havoc. Time to pay the piper, LockBit!

What's Inside the Leak?

The hack left nothing to the imagination. A MySQL database dump was published, revealing 20 tables packed with intriguing information about LockBit's operations. Here are some juicy tidbits:

  • Affiliate Programs: A table listing ransomware programs built by the group's affiliates.
  • Negotiations Chronicles: Over 4,400 messages exchanged between victims and LockBit during ransom talks.
  • Bitcoin Addresses: Over 60,000 unique Bitcoin addresses used by the group (fortunately for LockBit, no private keys were exposed, keeping their wallets safe from a direct drain).

An anonymous user on X (erstwhile Twitter) even shared a chat with a LockBit operator, who confirmed the breach but assured no sensitive data like private keys was exposed. But given the scale of the leak, it's tough to believe the damage was contained.

Why This Matters

LockBit, like most ransomware groups, uses a special Bitcoin address for each victim, making it harder to trail the funds. Now, with nearly 60,000 addresses in the open, investigators can trace those payments and connections, potentially unraveling the intricate web of the global ransomware network. A golden opportunity to follow the money trail!

Who Did This?

The identity of the hackers remains a mystery, but cybersecurity analysts believe the message left behind mirrors the one used in a previous Everest ransomware group hack. Some have speculated that the same group could be behind both attacks.

LockBit has been under the spotlight for some time, with a coalition of ten countries launching an extensive operation in February 2024 to dismantle the group, tied to billions of dollars' worth of damages. Targets range from hospitals to government agencies to large corporations.

Crypto's Role in Ransomware

The leak reinforces the growing link between cryptocurrency and cybercrime. For years, Bitcoin has been the payment of choice for ransomware gangs, thanks to its pseudo-anonymity. However, the transparency of the blockchain fosters the tracking of funds, provided investigators know where to look.

With 60,000 Bitcoin addresses out in the open, this leak could be a turning point in the battle against cryptocurrency-backed ransomware. Here's hoping it serves as a lesson for LockBit and other shadowy figures in the cyber-underworld: nobody's invincible!

Also Read: Curve Finance X; Account Hacked to Peddle Fake CRV Airdrop

References:

  1. Krebs on Security (2025). LockBit Clan's Dark Web Affiliate Panel Breached, 60,000 Bitcoin Wallets Exposed [online] Available at: https://krebsonsecurity.com/2025/05/lockbit-clans-dark-web-affiliate-panel-breached-60000-bitcoin-wallets-exposed/
  2. BleepingComputer (2025). LockBit Ransomware's Affiliate Panel Breached, Over 60,000 Bitcoin Addresses Exposed [online] Available at: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-affiliate-panel-breached-over-60000-bitcoin-addresses-exposed/
  3. Wired (2025). Nearly 60,000 Bitcoin Addresses Tied to LockBit Ransomware Exposed in Data Breach [online] Available at: https://www.wired.com/story/nearly-60000-bitcoin-addresses-tied-to-lockbit-ransomware-exposed-in-data-breach/
  4. ZDNet (2025). The LockBit ransomware affiliate program linked to 60,000 Bitcoin addresses is leaked to the dark web [online] Available at: https://www.zdnet.com/article/the-lockbit-ransomware-affiliate-program-tied-to-60000-bitcoin-addresses-is-leaked-to-the-dark-web/
  5. The Hacker News (2025). Largest Leak of Bitcoin Wallets Linked to the Lockbit Ransomware [online] Available at: https://thehackersnews.com/2025/05/lockbit-ransomware-wallet-leak.html
  • The leak has exposed over 60,000 unique Bitcoin addresses associated with the LockBit ransomware group, offering a glimpse into their cryptocurrency ecosystem in the finance world.
  • The breach also disclosed 20 tables filled with information about LockBit's operations, including negotiations chronicles and Bitcoin addresses used during ransom talks.
  • The anonymity of cryptocurrency, especially Bitcoin, has long been a preference for ransomware groups, but the blockchain's transparency enables investigators to potentially uncover connections and money trails.
  • The deliberate exposure of these Bitcoin addresses could be a significant step in the cybersecurity community's efforts to dismantle the global ransomware network linked to LockBit.
  • This incident underscores the intricate relationship between cryptocurrency, technology, and cybercrime, emphasizing the need for enhanced cybersecurity measures to safeguard the ecosystem from such breaches.

Read also:

    Related

    Latest