• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

Recommended Posts

  • Administrator
Joker's stash

The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums.

The takedown happened last week on December 17.

The operators of Joker's Stash operate several versions of the platform, including Blockchain proxy server domains — .bazar, .lib, .emc, and .coin — that are responsible for redirecting users to the actual website and two other Tor (.onion) variants.


Joker's Stash implemented the use of Blockchain DNS via a Chrome browser extension in 2017.

These Blockchain websites make use of a decentralized DNS where the top-level domains (e.g., .bazar) are not owned by a single central authority, with the lookup records shared over a peer-to-peer network as opposed to a DNS provider, thus bringing in significant advantages like bulletproof hosting.

Joker's stash

This also means the move is not expected to have a lasting impact, as the top-level domain itself cannot be seized, but rather only the IP address of the server it points to.

According to cybersecurity firm Digital Shadows, which disclosed the development, the Tor versions of the site are still accessible, meaning this action is unlikely to pose a major threat to their operations.

The actors behind Joker's Stash took to Russian-language carding forum Club2CRD stating that no card dumps were stored on the servers and transition plans were already underway to move the content hosted on the busted site to a new blockchain version of the portal.

"I am setuping (sic) and moving to the new servers right now, blockchain links will [be] back to work in a few days," the site's representative said in a forum post, adding "use Tor links, bros!"

Interestingly, it is not immediately clear if the law enforcement agencies are indeed behind the coordinated takedown.


Although last week, the affected .bazar version of the site began displaying a note that the US Department of Justice and Interpol had seized the site, Digital Shadows said the four blockchain sites are now showing a "Server Not Found" banner.

Joker's Stash is particularly infamous for advertising the breach of US-based convenience store chain Wawa last December, with the hackers putting up for sale the payment card details of more than 30 million Americans and over one million foreigners.

"The seizure of the .bazar domain likely will not do much to disrupt Joker's Stash, especially since the team behind Joker's Stash maintain several versions of the site and the site's Tor-based links are still working normally," Digital Shadows said.

"Furthermore, Joker's Stash maintains a presence on several cybercrime forums, and its owners use those forums to remind prospective customers that millions of credit and debit card accounts are for sale."

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now