Kingpin of xss.is Cybercrime Forum Arrested in Ukraine After Europol-Led Sting
Ddos 
Image: Europol
A joint operation led by the French Police and Paris Prosecutor, in close cooperation with Ukrainian authorities and Europol, has resulted in the arrest of the suspected administrator of xss.is—one of the world’s most notorious Russian-speaking cybercrime forums. The arrest, which took place in Kyiv, Ukraine, on 22 July, marks a turning point in a long-running investigation into a platform that has fueled the global cybercrime ecosystem for years.
“The forum, which had more than 50 000 registered users, served as a key marketplace for stolen data, hacking tools and illicit services,” Europol reported. “It has long been a central platform for some of the most active and dangerous cybercriminal networks.”
Launched nearly two decades ago, xss.is evolved into a trusted hub for cybercriminals to advertise malware, trade stolen credentials, and coordinate ransomware attacks. Unlike ordinary forums, xss.is offered “guaranteed services,” with the administrator acting as an arbitrator of criminal disputes and operator of thesecure.biz, a secure messaging service tailored to underground transactions.
“Acting as a trusted third party, he arbitrated disputes between criminals and guaranteed the security of transactions,” according to Europol. “He is also believed to have run thesecure.biz.”
Authorities estimate that the administrator made over €7 million through advertising fees and transaction facilitation—profits derived from fostering trust and security in a world built on digital deception.
The investigation, launched by the French Police in 2021, entered its operational phase in Ukraine in September 2024. French investigators deployed to Kyiv, working alongside Ukrainian law enforcement and Europol’s cybercrime division. A virtual command post was established to coordinate intelligence, map digital infrastructure, and track the administrator’s links to other high-level cybercrime syndicates.
“Europol provided essential operational and analytical support throughout the investigation, facilitating information exchange and coordination,” the press release noted.
During the arrest operation, Europol deployed a mobile office in Kyiv to assist with live coordination and forensic data collection. This real-time support ensured that vital digital evidence was preserved and immediately integrated into ongoing investigations across Europe and beyond.
Related Posts:
- Key Group Ransomware: A Growing Threat Using Off-the-Shelf Tools
- Europol took down a largest DDoS-for-hire website
- Europol arrested hacker that used malware to steal $1.2 billion from the bank
- Phishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network
- Evolving Cybercrime: Inside the Russian-Speaking Underground
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
