Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2025, 10:21 AM
Artifact's Avatar

Artifact Artifact is offline
Administrator
Join Date: Jan 2024
Posts: 0
Default





FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.



The crypto was seized on April 15, 2025, and was traced to an affiliate named "Hors," who is suspected of launching the attacks against the companies.



"The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as 'Hors,' who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere," reads the FBI's announcement.



"As the result of the actions, 20.2891382 BTC was seized (now valued at over $2.3 million) from cryptocurrency address bc1q5d8af0crjhlnepjq08muhh55899rf2ktye3sxd on April 15, 2025."







The U.S. Department of Justice released an announcement informing that, on July 24, 2025, it filed a civil complaint seeking the forfeiture of the amount the FBI seized, which is now valued at over $2,400,000.



Civil forfeiture allows the government to file a complaint directly against the property, seeking to take permanent ownership of assets believed to be connected to criminal activity, in this case, ransomware.



Chaos ransomware revival



The cryptocurrency was seized from the relatively new Chaos ransomware operation that is believed to be a rebrand of the BlackSuit ransomware group.



Although the name is the same as a low-tier ransomware variant whose builder has been used by cybercriminals since mid-2021, the new Chaos gang has no links to this older variant.



The new Chaos ransomware operation stems from the notorious Conti ransomware gang, which suffered a data breach and shut down in June 2022. Its members then splintered into numerous other ransomware gangs.



In January 2023, the Royal (Quantum) ransomware gang was launched, which was believed to be the direct successor to the notorious Conti operation.



In June 2023, after feeling pressure from law enforcement for the attack on the City of Dallas, Texas, the Royal ransomware operation began testing a new BlackSuit encryptor, eventually rebranding as BlackSuit.



Cisco Talos researchers believe the new Chaos ransomware is a rebrand of BlackSuit based on similarities in the encryption, ransom note structure, and the toolset used in the attacks.



While the U.S. DOJ and FBI have not explicitly distinguished which Chaos group 'Hors' belonged to, BleepingComputer confirmed that the Bitcoin seizure is linked to the new Chaos operation.



As the BlackSuit ransomware operation had its dark web extortion sites seized by law enforcement last week, it's possible that the law enforcement investigation uncovered this cryptocurrency wallet as part of the operation.



@ BleepingComputer
Reply

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 07:39 PM.

Contact Us - Carder.life - Archive - Top