FBI and Europol Dismantle LeakBase Forum in Major Cybercrime Crackdown

The FBI and Europol have successfully dismantled LeakBase, one of the world's largest online forums used by cybercriminals to trade stolen data and cybercrime tools. The joint operation, which took place on March 3 and 4, 2026, involved law enforcement agencies from the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K.

Massive Scale of the Operation

According to the U.S. Department of Justice, LeakBase had over 142,000 members and more than 215,000 messages exchanged between members as of December 2025. The forum operated on the clearnet, making it accessible to anyone with an internet connection, and was available in English.

When users attempt to access the forum's website (leakbase[.]la), they are now greeted with a seizure banner stating that the site was confiscated by the FBI as part of an international law enforcement effort. The banner reads: "All forum content, including users' accounts, posts, credit details, private messages, and IP logs, has been secured and preserved for evidentiary purposes."

What LeakBase Offered

LeakBase specialized in providing hacked databases containing hundreds of millions of account credentials and financial information. This included:

• Credit and debit card numbers
• Banking account and routing information
• Usernames and associated passwords
• Various other forms of personally identifiable information

This data could be abused to facilitate account takeovers, financial fraud, and other cyber intrusions. The forum was particularly known for selling "stealer logs" - archives of credentials harvested through infostealer malware.

The Mastermind Behind LeakBase

LeakBase operated under the alias of "Chucky," who also used the monikers "Chuckies" and "Sqlrip" across various underground forums. According to cybersecurity researchers at SOCRadar, Chucky has a track record of sharing vast collections of databases containing sensitive information from global entities.

Interestingly, a 2023 report by Flare noted that LeakBase explicitly prohibited users from peddling or publishing Russian databases, likely in an attempt to avoid scrutiny from Russian authorities.

Forum Administration

Beyond Chucky, the forum had several known administrators and moderators, including:

• BloodyMery
• OrderCheck
• TSR

The forum had been active since 2021 and had recently experienced downtime, with Chucky reportedly seeking a new hosting provider in early 2026.

Operation Leak: The Takedown

As part of Operation Leak, authorities executed search warrants, made arrests, and conducted interviews across multiple countries. Europol reported that approximately 100 enforcement actions were conducted worldwide.

The operation specifically targeted 37 of the most active users of the platform, though the exact nature of the measures taken against them was not specified.

Impact on Cybercrime Ecosystem

Assistant Director Brett Leatherman of the FBI's Cyber Division emphasized the significance of the takedown: "The FBI, Europol, and law enforcement agencies from around the world executed a takedown of LeakBase, one of the largest online cybercriminal platforms, seizing users' accounts, posts, credit details, private messages, and IP logs for evidentiary purposes."

This operation represents a major blow to the underground cybercrime economy, as LeakBase served as a central marketplace for stolen credentials and cybercrime tools. The seizure of user data, including IP logs and private messages, provides law enforcement with valuable intelligence for ongoing investigations.

The takedown demonstrates the increasing effectiveness of international cooperation in combating cybercrime and sends a clear message to other underground forum operators about the risks of operating such platforms.

For organizations concerned about credential theft and account takeover, this operation underscores the importance of implementing robust security measures, including multi-factor authentication, regular password changes, and continuous monitoring for compromised credentials on the dark web.