Key Admin of Major XSS Dark Web Cybercrime Platform Arrested

International law enforcement authorities have successfully arrested the suspected administrator of one of the world’s most influential Russian-speaking cybercrime platforms in a coordinated operation targeting the digital criminal underground.

The arrest represents a significant blow to cybercriminal networks that have operated with relative impunity for nearly two decades.

High-Profile Arrest Disrupts Criminal Infrastructure

French Police and the Paris Prosecutor, working closely with Ukrainian authorities and Europol, arrested the suspected administrator of xss.is on July 22 in Kyiv, Ukraine.

The cybercrime forum, boasting more than 50,000 registered users, served as a critical marketplace for stolen data, hacking tools, and illicit services that facilitated a wide range of criminal activities, including ransomware attacks, fraud, and identity theft.

The platform functioned as more than a simple marketplace, operating as a central hub where some of the most dangerous cybercriminal networks coordinated operations, advertised services, and recruited new members.

The forum’s influence extended across the global cybercrime ecosystem, making its disruption a priority for international law enforcement agencies.

Millions in Criminal Profits

The arrested administrator is believed to have played a central role in facilitating criminal activity that extends far beyond simple technical operations.

Acting as a trusted intermediary, the suspect arbitrated disputes between criminals and provided security guarantees for illegal transactions.

Intelligence suggests the individual also operated thesecure.biz, a private messaging service specifically designed for cybercriminal communications.

Through these criminal enterprises, investigators estimate the suspect generated over EUR 7 million in advertising and facilitation fees.

Law enforcement believes the individual maintained an active presence in the cybercrime ecosystem for nearly twenty years, cultivating close relationships with several major threat actors throughout this period.

International Coordination Enables Success

The investigation began in 2021 when French Police initiated inquiries into the platform’s operations.

The case transitioned into its operational phase in September 2024, with French investigators deployed to Ukraine and supported by Europol through a virtual command post.

Europol provided essential operational and analytical support throughout the investigation, facilitating information exchange between French and Ukrainian authorities.

The agency assisted in mapping the cybercriminal infrastructure and establishing connections between the suspect and other significant threat actors across the criminal landscape.

During the enforcement actions in Kyiv, Europol deployed a mobile office to provide on-site coordination and evidence collection support.

The seized data will undergo comprehensive analysis to support ongoing investigations across Europe and beyond.

Broader Implications for Cybercrime

This operation aligns with findings from Europol’s 2025 Internet Organised Crime Threat Assessment, which identifies stolen data marketplaces as critical drivers of the cybercrime economy.

Platforms like xss.is enable the trade and monetization of compromised data, providing cybercriminals with access, anonymity, and trust mechanisms essential for sustaining criminal operations.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates