60,000 Bitcoin addresses exposed in LockBit ransomware security breach

A hacker breach targeting the LockBit ransomware group has exposed nearly 60,000 Bitcoin (CRYPTO:BTC) addresses linked to its operations, alongside internal negotiation logs and affiliate data.

The leak, discovered on May 7, 2025, revealed a MySQL database dump containing critical details about the gang’s infrastructure and financial activities.

Attackers defaced LockBit’s dark web portal with the message, “Don’t do crime CRIME IS BAD xoxo from Prague,” redirecting visitors to a file named paneldb_dump.sql.

The database included 59,975 unique Bitcoin addresses used for ransom payments, though no private keys were compromised.

Over 4,400 victim negotiation chats from December 2024 to April 2025 were also leaked, exposing tactics and payment demands.

LockBit’s operator, known as LockBitSupp, confirmed the breach but downplayed its impact, stating no decryption keys or victim data were lost.

Analysts identified vulnerabilities in LockBit’s outdated PHP server (version 8.1.2-1ubuntu2.19) as a potential entry point, echoing weaknesses exploited in prior law enforcement operations.

The breach exposed plaintext passwords and usernames for 75 affiliates, including entries like “Weekendlover69,” alongside custom ransomware builds targeting specific companies.

Blockchain investigators now have a roadmap to trace illicit transactions, potentially linking past ransom payments to known wallets.

Notably, the attackers’ methods mirrored a recent breach of the Everest ransomware group, suggesting possible connections.

This incident follows a 2024 multinational crackdown on LockBit, which authorities blamed for billions in infrastructure damages.

While the leak disrupts LockBit’s operations, experts caution that ransomware groups often rebuild.

However, the exposed data provides law enforcement with unprecedented insights into affiliate networks and payment flows.

“This breach is a significant blow to LockBit’s credibility,” said a cybersecurity analyst, highlighting how the gang’s infrastructure became its own liability.

At the time of reporting, the Bitcoin (BTC) price was $103,138.