A significant international case involving stolen credit card data trafficking has recently garnered widespread attention following the extradition of a Chilean national to the United States. Alex Rodrigo Valenzuela Monje, also referred to by his alias “VAL4K,” is accused of orchestrating a large-scale operation that sold compromised payment card details over various online platforms. The U.S. Department of Justice reported that the 24-year-old was extradited from Chile to the U.S. on February 25, 2026, and subsequently arraigned in a federal court situated in Salt Lake City. Valenzuela Monje now faces severe charges related to stolen credit card data trafficking as well as the unlawful transfer of identification information intended to facilitate criminal activities.
Between May 2021 and August 2023, the indictment claims that Valenzuela Monje managed an underground online card shop that disseminated unauthorized access devices, commonly known in cybercrime communities as “dumps,” through specific Telegram channels. The legal documents outline that the accused operated channels entitled MacacoCC Collective and Novato Carding, which provided payment card data tied to an extensive number of U.S. consumers. Notably, the operation is alleged to have trafficked information related to approximately 26,528 credit cards under a single credit card brand.
The illicit operation reportedly involved sensitive information, including account numbers, cardholder names, expiration dates, and CVV codes—all vital details that can facilitate fraudulent transactions and identity theft. Investigators emphasize that the choice of Telegram as a platform reflects a larger trend in modern cybercrime. Encrypted messaging applications have become favored tools among threat actors, allowing them to evade detection while running scalable digital marketplaces. This model has gained traction in dark web environments, enabling cybercriminals to connect with global buyers without the necessity for traditional web infrastructures, thus enhancing the reach and profitability of their illicit activities.
The extradition process commenced following a sealed indictment issued by a federal grand jury in 2023. The United States government formally sought extradition, which received initial approval from the Chilean Supreme Court in April 2025. Following a series of appeals, Valenzuela Monje was eventually arrested in January 2026 before being handed over to U.S. law enforcement officials. This case has garnered attention not only for its scale but also for the international cooperation displayed during the investigation, highlighting an increasing commitment to combating cybercrime through collaborative efforts.
U.S. Attorney Melissa Holyoak, who represents the District of Utah, acknowledged the dedication shown by federal partners in investigating individuals located overseas who exploit the internet to perpetrate crimes against American citizens. “Individuals may believe they can hide behind foreign borders, but the United States is committed to pursuing and prosecuting these cybercrimes targeting its people,” she remarked. Special Agent in Charge Robert Bohls of the Salt Lake City FBI affirmed that the extradition represents a clarion call to cybercriminals worldwide, stating, “Geography will not shield you from accountability.”
The case of Valenzuela Monje underscores a troubling reality in the realm of cybersecurity: digital financial crime transcends geographical boundaries, fueled by advancements in technology. The evolution of messaging platforms, cryptocurrency payments, and automated data distribution methods has significantly lowered the barriers for entry into the cybercriminal space. Despite successful law enforcement actions such as this extradition, the continuous existence of carding marketplaces indicates that enforcement alone may not suffice. Financial institutions, technology providers, and consumers share the responsibility of mitigating the value associated with stolen data by bolstering fraud detection measures and enhancing identity verification controls.
As Valenzuela Monje enters his plea of not guilty, the case will move forward within the U.S. judicial system. Ongoing investigations continue to unfold, emphasizing the need for vigilance in combating persistently active and lucrative forms of cybercrime, particularly in regard to stolen credit card data trafficking. This case serves as a critical reminder of the evolving challenges presented by cybercriminal operations in today’s interconnected digital landscape, wherein the stakes and potential for profit are increasingly high.