Cybercrime

Feds Seize Password Database Used in Massive Bank Account Takeover Scheme

The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing.

web3adspanels seized

The US Justice Department announced on Monday the seizure of a web domain and a password database used by a cybercrime group to steal millions of dollars from bank accounts.

According to the DOJ, the seized domain, web3adspanels.org, hosted a backend web panel used by the cybercriminals to store and manipulate thousands of stolen bank login credentials.

The threat actor conducted a massive bank account takeover scheme that involved malicious ads on search engines such as Google and Bing in an effort to lure users to fake bank websites.

These phishing sites tricked victims into handing over their login credentials, which the cybercriminals could then use to access and drain their bank accounts.

The FBI has identified nearly 20 victims in the US, including two companies, and has determined that the cybercriminals attempted to steal roughly $28 million, with the actual losses estimated at approximately $14.6 million. 

Estonian law enforcement, which also took part in the operation, “preserved and collected data from servers hosting the phishing pages and the stolen login credentials used in furtherance of the scheme,” the DOJ said.

Advertisement. Scroll to continue reading.

The Justice Department has not mentioned any arrests or charges. 

The announcement comes less than a month after the FBI reported that cybercriminals engaging in account takeover schemes have caused over $262 million in losses since January 2025.

The DOJ’s announcement also comes shortly after Troy Hunt, the administrator of the Have I Been Pwned (HIBP) data breach notification service, revealed that the FBI had provided a collection of 630 million compromised passwords for analysis.

HIBP enables users to learn whether their credentials have been compromised in a data breach, based on their email address. The service has cataloged more than 17 billion credentials. 

Hunt’s analysis showed that the passwords provided by the FBI likely did not come from a single breach, but from various sources, such as cybercrime marketplaces and infostealer malware. Approximately 46 million of the passwords, representing 7.4% of the total, had not been in the HIBP database.

It’s unclear if the passwords analyzed by Hunt are in any way related to the DOJ’s Monday announcement. 

Related: 574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings

Related: ATM Hackers Using ‘Ploutus’ Malware Charged in US

Related: Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US

Related Content

Cybercrime

Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.

Cybercrime

Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release. 

Malware & Threats

Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.

Cybercrime

26-year-old Abdellah Belmili faces up to 30 years in prison for allegedly operating the marketplaces Market0Day and Spoxy.

Cybercrime

Using a custom sniffer, the threat actor has captured over 110 million credentials since at least February 2026.

Malware & Threats

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.

Cybercrime

Oleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang.

Phishing

The platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version