U.S. Department of Justice Shuts Down Rydox Marketplace, Arrests Three Administrators
The U.S. Department of Justice (DoJ) announced on Thursday the takedown of Rydox, an illicit marketplace operating under the domains “rydox.ru” and “rydox[.]cc,” which facilitated the sale of stolen personal information, access devices, and tools for cybercrime and fraud.
Three Kosovo nationals, identified as Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, who served as administrators of the marketplace, have been arrested in connection with the operation. Ardit and Jetmir Kutleshi are awaiting extradition to the U.S., while Sokoli, apprehended on December 12, 2024, in Albania, will face prosecution there.
Since its launch in or around February 2016, Rydox has reportedly facilitated over 7,600 sales of stolen personally identifiable information (PII), access devices, and cybercrime tools, generating at least $230,000 in revenue. Among the items sold were credit card details and login credentials of thousands of U.S. victims. Additionally, Rydox advertised over 321,000 cybercrime-related products, including scam pages, spamming logs, and tutorials, to a user base exceeding 18,000 individuals.
According to court documents, users were required to create accounts on the platform to buy or sell these illegal goods and services. Cryptocurrency deposits were mandatory, with funds managed through wallets controlled by the defendants.
Rydox also charged registered users a one-time fee that ranged anywhere from $200 to $500 to become authorized sellers. These sellers received 60% from every sale on the marketplace, with Rydox retaining the remaining amount.
Per the indictment document, an undercover source with the Federal Bureau of Investigation (FBI) registered a Rydox account, deposited an equivalent of $300 in cryptocurrency, and purchased about 40 “full,” which refers to a package containing individuals’ personal and financial information.
This comprised their victims’ full names, email addresses, residential addresses, phone numbers, Social Security numbers, dates of birth, and driver’s license numbers.
In coordination with the actions, the FBI and Royal Malaysian Police confiscated servers in Kuala Lumpur to take the site offline. Furthermore, cryptocurrency worth approximately $225,000 has been seized from accounts controlled by the defendants.
Albanian authorities said they have separately seized one computer unit and six laptops, five mobile phones and other storage devices, and documents and monetary assets in cryptocurrencies as part of its investigation related to Sokoli’s arrest.
Ardit Kutleshi and Jetmir Kutleshi have been each charged with two counts of identity theft, one count of conspiracy to commit identity theft, one count of aggravated identity theft, one count of access device fraud, and one count of money laundering. If convicted, they both face a maximum penalty of 37 years in prison.