SOCRadar® Cyber Intelligence Inc. | Illegal Marketplace WT1SHOP Seized After Nearly 6M Records Compromised 


Sep 07, 2022
3 Mins Read

Illegal Marketplace WT1SHOP Seized After Nearly 6M Records Compromised 

A global law enforcement operation has taken down the website and domains for WT1SHOP.

WT1SHOP is an illegal marketplace often used by threat actors who are looking for information or want to sell it. The website sold stolen records such as passwords, credit card information, and even government ID cards, all of which could lead to significant losses in terms of data and identity.

WT1SHOP marketplace login page
WT1SHOP marketplace login page 

How Big is This WT1SHOP? 

The marketplace actively advertised on other platforms such as Russian hacker forums and Reddit pages specializing in online crime. It also has a dedicated Telegram channel for updates and announcements.

Telegram announcement after the domains were taken down

In June 2020, the website received a $4 million payment in bitcoin for selling 2.4 million credentials. The last data showed the site had 5.85 million records available for purchase, with nearly 100 sellers and over 100,000 buyers. The records include:

  • 25,000 licenses 
  • 1.7 million login credentials 
  • 108,000 bank accounts 
  • 21,800 credit cards

Sold Data May Be Circulating on the Dark Web 

Portuguese authorities have taken down the WT1SHOP website, and the US has closed the domains used to enter the illegal market

The website used other domains with TLDs .biz, .me, .xyz, and .org which are still up; however, since the marketplace is down, there is no way to access it through these domains. 

Below are the closed domains:

  • wt1shop[.]net
  • wt1store[.]com
  • wt1store[.]cc
  • wt1store[.]net 

The bitcoin payments made in the marketplace were tracked back to Nicolai Colesnicov, who is thought to be the operator of the illegal marketplace responsible for trafficking unauthorized access devices. Once proven guilty, he may get at least 10 years in federal prison. 

The criminal marketplace is taken down, but it is unknown whether sensitive data sold from the platform are in the hands of threat actors or not.