On May 7, 2025, the LockBit ransomware gang—once considered one of the most prolific cybercriminal organizations globally—suffered a significant breach of its own infrastructure. This unexpected turn of events has exposed the group's internal operations and could mark a pivotal moment in the ongoing battle against ransomware.

Hackers successfully infiltrated LockBit's dark web affiliate panels, defacing them with a message that read: "Don't do crime. CRIME IS BAD xoxo from Prague." The attackers also provided a link to a downloadable MySQL database dump, effectively leaking sensitive information about the group's operations.

🧾 Contents of the Leak

The exposed database includes:

• Nearly 60,000 Bitcoin addresses associated with LockBit's ransom payments
• Private encryption keys used in their ransomware operations.
• Internal chat logs detailing negotiations with victims.
• Affiliate information, shedding light on the individuals collaborating with LockBit.

This trove of data offers cybersecurity experts and law enforcement agencies valuable insights into LockBit's operational structure and financial transactions.