The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.
This seizure action is part of an international joint operation coordinated by Europol, known as “Operation Leak,” that involved law enforcement agencies in 14 countries.
On March 3 and 4, the FBI and law enforcement agents shut down LeakBase by seizing two of its domains, posting seizure banners, and warning LeakBase members of the seizure after collecting further evidence.
Police officers and investigators also executed search warrants, made arrests, and conducted interviews in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
LeakBase’s domain (leakbase[.]la) now displays a notice stating “This website has been seized by the Federal Bureau of Investigation (FBI) as part of an international law enforcement operation.”
The seizure banner also notes that the forum’s database and all its contents, including IP logs and private messages, will be used for “evidentiary purposes” in future investigations.
“All forum content including users’ accounts, posts, credit details, private messages and IP logs have been secured and preserved for evidentiary purposes,” the notice reads. “Attempts to access, alter, or interfere with this site may result in additional criminal offenses. This action was possible because of international law enforcement and private sector coordination involving the partners listed below.”
The domain nameservers have also been switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov, the nameservers used by the FBI when seizing domains.
“On 3 March, law enforcement authorities carried out coordinated enforcement actions across multiple jurisdictions, including arrests, house searches, and ‘knock-and-talk’ interventions. Around 100 enforcement actions were conducted worldwide, including measures against 37 of the most active users of the platforms,” Europol added today.
“On 4 March, authorities moved to the technical disruption phase, seizing the forum’s domain and replacing it with a law enforcement splash page. The operation now enters a prevention phase aimed at deterring further criminal activity and raising awareness of the consequences of engaging in cybercrime.”
Active since 2021, LeakBase was launched as a project supported by the ARES threat group, and it gradually grew its user base to more than 142,000 members following the closure of the Breached hacker forum.
The forum was free to join and offered access to databases, a market for selling leaks, exploits, and other cybercrime services, and an escrow payment system. In addition, it also hosted spaces for programming, hacking tips, social engineering, cryptography, and opsec guides.
Today’s announcement follows the disruption of RaidForums in 2022 and BreachForums in 2023, two cybercrime marketplaces that preceded it, as well as the BreachForums founder’s conviction and sentencing in 2025.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Related Articles:
FBI seizes RAMP cybercrime forum used by ransomware gangs
Microsoft disrupts massive RedVDS cybercrime virtual desktop service
FBI takes down BreachForums portal used for Salesforce extortion
Europol-led crackdown on The Com hackers leads to 30 arrests
1Campaign platform helps malicious Google ads evade detection