Mastermind Behind The BlackDB.cc Dark Web Market Extradited To The US
Read also: International Police Op dismantles two major online proxy botnet services, the eXch money laundering service shut down, and more.
Thursday, May 15, 2025
Mastermind behind the BlackDB.cc Dark Web market extradited to the US
Liridon Masurica, a 33-year-old citizen of Kosovo, has been extradited to the United States to face serious federal charges linked to his alleged role in an international cybercrime operation. Known online as “@blackdb,” Masurica is accused of being the chief administrator of BlackDB.cc, a now-defunct criminal online marketplace that trafficked in stolen digital data and access credentials.
Masurica was apprehended on December 12, 2024, by law enforcement agencies in Kosovo. His arrest was part of a coordinated law enforcement operation involving raids in the cities of Pristina and Gjilan. During these operations, authorities detained a total of three individuals and seized digital and physical evidence, including cryptocurrency assets, mobile phones, laptops and desktop computers, external storage devices, and other computer-related equipment.
According to the federal indictment, Masurica operated BlackDB.cc from approximately 2018 until its recent dismantling. The platform functioned as a digital black market where users could buy and sell a wide array of stolen data, such as server login credentials, credit card numbers, and personally identifiable information (PII), including Social Security numbers and dates of birth.
Following his arrest, Masurica was extradited to the United States on May 9, 2025, under the bilateral extradition treaty between the US and the Republic of Kosovo. He is now in US custody and remains detained while awaiting trial.
Anyproxy, 5Socks online proxy botnet services dismantled, admins indicted
In an international law enforcement operation known as “Operation Moonlander,” authorities have seized two major online proxy services, Anyproxy and 5Socks, linked to a massive botnet of hacked internet-connected devices.
The US Federal Bureau of Investigation (FBI), working in tandem with the Dutch National Police (Politie), coordinated the takedown, replacing both websites with official seizure notices. Though the services claimed to offer legitimate residential proxy access, prosecutors allege the platforms were powered by thousands of compromised routers and smart devices turned into proxy nodes without users’ knowledge.
The US Department of Justice has unsealed indictments against four men accused of orchestrating the botnet: Russian nationals Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin, along with Dmitriy Rubtsov of Kazakhstan. The DOJ alleges the group exploited known vulnerabilities in outdated wireless routers to hijack devices across the globe.
Investigators say the group marketed their network on cybercrime forums and social media platforms. The illicit services reportedly generated over $46 million in profits since their inception in 2004.
German police shut down eXch money laundering service in major crypto bust
German federal authorities have dismantled the cryptocurrency-swapping platform ‘eXch,’ a service allegedly used to launder billions in illicit funds since its inception in 2014.
In a joint operation led by the Federal Criminal Police Office (BKA) and the Frankfurt am Main Public Prosecutor's Office – Central Office for Combating Internet Crime (ZIT), law enforcement seized digital assets worth €34 million ($38 million), marking the third-largest cryptocurrency seizure in the BKA’s history.
Authorities described eXch as a go-to tool for cybercriminals and money launderers, offering anonymous crypto-to-crypto transactions accessible via both the surface and Dark Web. The platform reportedly processed at least $1.9 billion in laundered assets, including funds linked to the 2025 Bybit hack allegedly carried out by the North Korean state-sponsored hackers in the largest crypto theft on record.
The takedown occurred on April 30, just one day before the platform’s operators had planned to shut down services permanently. Investigators also seized 8 terabytes of server data. No arrests have been reported so far.
A suspected DoppelPaymer ransomware operator arrested in Moldova
Moldovan authorities, with assistance from Dutch law enforcement, have arrested a 45-year-old foreign national suspected of involvement in the DoppelPaymer ransomware attacks. The unnamed individual is accused of participating in ransomware campaigns, extortion, and money laundering targeting Dutch organizations, including a major 2021 cyberattack on the Dutch Research Council (NWO), which caused an estimated €4.5 million in damages.
During the arrest, officials seized laptops, storage devices, bank cards, and €84,800 in cash. The NWO incident involved data theft and encryption; after the organization refused to pay the ransom, stolen documents were leaked online.
DoppelPaymer, which has been active since 2019, is believed to be operated by the cybercriminal group TA505 (also known as Evil Corp). It has been linked to numerous high-profile attacks on sectors such as healthcare and infrastructure. A previous attack on a German hospital even contributed to a patient’s death.
The arrest is part of broader international efforts to dismantle the group, including coordinated operations by authorities in Germany, Ukraine, the US, and the Netherlands, resulting in a major 2023 raid. The suspect is currently in custody and awaits extradition to the Netherlands.
Former DoorDash driver pleads guilty in $2.5 Million dollar fraud scheme
A former DoorDash driver, Sayee Chaitanya Reddy Devagiri, pleaded guilty to charges related to an elaborate scheme that defrauded the company of millions of dollars. According to officials, Devagir was part of a group of co-conspirators who manipulated the platform's software to pocket fraudulent payments over several years.
Devagiri and his group created fake DoorDash customer accounts and placed high-cost orders. They then manipulated the system by reassigning those orders to fraudulent driver accounts controlled by the group. After falsely marking the orders as “delivered,” they prompted DoorDash to issue payments for non-existent deliveries. Devagiri would then return to the platform to change the status of these orders from “delivered” back to “in-process,” allowing the perpetrators to start the fraud cycle again.
Devagiri has pleaded guilty to one count of conspiracy to commit wire fraud. His accomplice, Manaswi Mandadapu, also pleaded guilty to similar charges on May 6. Both men now face up to 20 years in prison and a $250,000 fine. Devagiri is scheduled for a preliminary hearing in September before sentencing.
The scam, which ran from 2000 through 2021, involved a total of four suspects. In addition to Devagiri and Mandadapu, Tyler Thomas Bottenhorn, a former DoorDash employee, pleaded guilty in November 2023 for providing the gang with the necessary credentials. Federal prosecutors say the group’s fraudulent activities resulted in over $2.5 million in stolen payments from the San Francisco-based company.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.