Connect with us

Hi, what are you looking for?



US Says 19 People Charged Following 2019 Takedown of xDedic Cybercrime Marketplace

Justice Department says 19 people involved in the xDedic cybercrime marketplace have been charged to date following its 2019 takedown.

Hacker arrested

The US Justice Department announced on Thursday that 19 people involved in the management and use of the xDedic cybercrime marketplace have been charged following its takedown in 2019.

The xDedic Marketplace was a site on the dark web where users sold and bought stolen server credentials and personal information. Authorities said over 700,000 credentials associated with servers housed by government, healthcare, transportation, higher education, financial and other types of organizations from around the world were offered on the website.

An international law enforcement operation dismantled the cybercrime enterprise in 2019 and investigators have since been working on identifying and prosecuting xDedic administrators, buyers and sellers.

The United States has charged 19 individuals, including Moldovan national Alexandru Habasescu and Ukrainian national Pavlo Kharmanskyi, who were the website’s administrators.

Habasescu was arrested in 2022 in the Spanish Canary Islands and Kharmanskyi was arrested in 2019 as he was trying to enter the United States. They were later sentenced to 41 and 30 months in prison, respectively.

A top seller in terms of server credential volume, who made more than $350,000, was Russian national Dariy Pankov. He was sentenced to 60 months in prison after being extradited from the Republic of Georgia, where he was arrested in 2022.

Nigerian national Allen Levinson, described by authorities as a top buyer, was sentenced to 78 months in prison. He used information obtained from hacked accounting firm servers to file false tax returns with the US government, attempting to obtain over $60 million. 

The remaining cybercriminals are from Ukraine, UK, Nigeria, and the states of California, Oklahoma, Georgia, Illinois, New York, and Texas. 

Advertisement. Scroll to continue reading.

They have received sentences ranging between 5 years probation and 78 months in prison. Sentencing is pending for five individuals. 

In addition, two suspects who face up to 20 years in prison, should soon be extradited from the United Kingdom for charges related to their roles in the cybercrime scheme. 

Related: 4 Nigerians Arrested in Europe Over US Charges Involving Hacking, Fraud

Related: Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.