On June 4th, authorities dealt a significant blow to the world of cybercrime by seizing several domains belonging to BidenCash, a well-known and controversial dark web marketplace where stolen credit cards, personal data, and even SSH access credentials were sold.
Now, anyone attempting to access the site will be redirected to a U.S. Secret Service page clearly stating that the domain has been seized due to its involvement in criminal activities.
An official banner displays the notice: BidenCash's domain has been confiscated by U.S. authorities as part of an international operation led by the Secret Service and the FBI.
They did not act alone. The operation also involved the Dutch National Police, the nonprofit organization The ShadowServer Foundation, and the cybersecurity firm Searchlight Cyber, which specializes in real-time attack surface monitoring.
BidenCash’s dark web domain redirects to the USSS domain
Apparently, BidenCash’s site on the traditional web (which used the .asia domain) was also redirected to the official U.S. Secret Service portal, where domain seizures related to illegal activities are announced. However, reports suggest that some other domains associated with the marketplace remain active—for now.
According to a statement from the Department of Justice, the operation resulted in the seizure of approximately 145 domains, along with cryptocurrencies linked to the market’s operations on both the clearweb and the darknet.
BidenCash operated like an online crime store: administrators collected a commission from each transaction, and since its launch in 2022, the marketplace generated over \$17 million in revenue.
The same statement revealed that the site had over 117,000 registered users and facilitated the sale of more than 15 million credit and debit card numbers, along with the personal data of the cardholders.
Read more: 10 Most Active Dark Web Markets in 2025
BidenCash and Its Massive Card Data Leaks
The world of illegal credit card shops is nothing new—they’ve been around for over two decades. In the early days, data was primarily stolen using malware installed on point-of-sale terminals (the well-known POS systems). These malicious programs would infiltrate the device’s memory and capture the payment information right at the moment the transaction was processed.
Over time, the methods evolved. Web skimmers emerged—malware installed on online stores to steal payment data during the checkout process.
That’s where BidenCash comes in, a marketplace that appeared in March 2022, right after the infamous Joker’s Stash had shut down and other popular shops like Forum, Trump Dumps, and UniCC had been taken down by Russian authorities. BidenCash essentially stepped in to fill that void.
From the outset, the administrators of this shop aimed to stand out—and they certainly did. Not only did they choose a provocative name, but they also began leaking large volumes of card data for free to gain visibility and attract new “customers.”
In June 2022, they released their first leak: a database containing 6,600 credit card numbers. Most strikingly, it was accompanied by millions of email addresses.
Then in October of that same year, they raised the stakes, releasing a batch of 1.2 million cards as a way to promote their “service.”
Most of the leaked cards belonged to users in the United States, with expiration dates ranging from 2023 to 2026, and were distributed across the country. But they didn’t stop there. In 2023, they leaked two more databases, pushing the total number of exposed cards beyond 4 million.
.webp?width=1083&height=879&name=text(1).webp)
Leak of 1.9 Million Credit Cards from BidenCash
Read more: The Best Telegram Channels for Stealer Logs
How Authorities Are Closing In on Credit Card Fraud
Although administrators of these illegal marketplaces often try to get everything back online after a seizure, operations like these significantly disrupt their activities and make it much harder for them to continue.
The U.S. Secret Service doesn’t just protect the president—it also plays a major role in combating financial fraud, including credit card scams, money laundering, cryptocurrency fraud, and identity theft.
In fact, at the end of May, together with local and state police, the agency visited over 400 businesses to search for devices used to clone cards—such as the infamous skimmers installed on ATMs, gas pumps, or point-of-sale terminals.
Although they only found 17 illegal devices, that intervention likely prevented losses exceeding $5 million. Not bad for a single operation.
