LockBit Hacked: 60,000 Bitcoin Addresses and 4,400 Ransom Chats Go Public

The files contained nearly 60,000 Bitcoin BTC $107,178.06 addresses, which experts believe are linked to the group’s ransom payments.

While no private keys were part of the leak, the exposed information could help blockchain investigators follow the trail of LockBit’s past transactions.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How Do KYC & AML Work in Crypto? (Explained)

SUBSCRIBE

ON YOUTUBE

The leaked database contained twenty different tables. One, named "builds", listed ransomware files created by LockBit’s partners, along with possible intended targets. Another, labeled "chats", included more than 4,400 negotiation messages between the group and its victims.

These records showed conversations about ransom amounts, payment terms, and proof that stolen data would be deleted after a deal.

After the leak, an X user shared a conversation with an individual claiming to represent LockBit. The person confirmed that the group’s affiliate panel had been hacked but said that no private keys or critical data had been taken.

Analysts from BleepingComputer also pointed out that the message shown on LockBit’s hacked site was almost identical to one seen during a previous attack on the Everest ransomware group. This raised the idea that the same hacker, or a connected group, could be behind both incidents.

Meanwhile, Google Threat Intelligence reported a new malware called LOSTKEYS used by the hacking group COLDRIVER. How does the malware do? Read the full story.