Feds Seized RaidForums

~4 min read | Published on 2022-04-12, tagged FEDSForumsSeizedWebsite using 865 words.

The United States Department of Justice announced the seizure of RaidForums, “a popular marketplace for cybercriminals to buy and sell hacked data.”
An ongoing investigation led by the FBI’s Washington Field Office and the U.S. Secret Service resulted in the seizure of the popular cybercrime forum RaidForums and the arrest of the alleged creator of the site, Diogo Santos Coelho. Police in the United Kingdom arrested Coelho on January 31, 2022.
A recently unsealed six-count indictment charged Coelho with conspiracy, access device fraud, and aggravated identify theft. The indictment accuses Coelho of creating and operating RaidForums from January 1, 2015, to January 31, 2022. On April 11, 2022, the Department of Justice announced the seizure of “Raidforums.com,” “Rf.ws,” and “Raid.lol.”
“RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials, and social security numbers. Before its seizure, RaidForums members used the platform to offer for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the United States and internationally.”

The seizure banner visible at RaidForums.com

In addition to creating and administrating the site, Coelho allegedly sold hacked or stolen information to RaidForums users and operated a fee-based “Official Middleman” service. According to the indictment, “Coelho offered to accept cryptocurrency from the purchaser and files, including stolen access devices and means of identification, from the seller.” Coelho then ensured the buyer and seller were satisfied with the transaction and released the funds to the seller and the files or data to the customer.
During the investigation, law enforcement officers operating in an undercover capacity purchased social security numbers, email addresses, passwords, and bank routing and account numbers from sellers on RaidForums. Coelho interacted with undercover law enforcement officers on several occasions, including his alleged role as a middleman and seller. In one interaction described in the indictment, feds spent $4,000 in Bitcoin on 1.1 million “payment card account numbers, names, addresses, and phone numbers associated with the payment card account numbers” but received nothing in return.
“On or about December 16, 2018, COELHO, who was using the moniker “Downloading,” made a posting on the RaidForums website, which offered for sale 2.3 million payment card account numbers, including the names, addresses, and phone numbers associated with the payment card account numbers, which were purportedly obtained from a breach of records belonging to United States hotels.”

“On or about March 4, 2019, in the Eastern District of Virginia and elsewhere, COELHO, who was using the moniker “Downloading,” provided an undercover law enforcement officer with three stolen access devices, to wit, payment card account numbers, card verification values, expiration dates, and the names associated with the payment cards. COELHO agreed to this exchange to convince the undercover law enforcement officer that “Downloading” could be trusted to sell approximately 1.1 million stolen access devices in exchange for a Bitcoin amount that was equivalent to approximately $4,000 at the time.”

“On or about March 5, 2019, in the Eastern District of Virginia and elsewhere, Coelho, who was using the monikers “Downloading,” “Omnipotent,” and “Shiza,” arranged to both sell and serve as the middleman in the transaction to sell approximately 1.1 million stolen access devices to the undercover law enforcement officer. Coelho received a Bitcoin amount that was then equivalent to approximately $4,000; however, he did not provide the stolen access devices.”

In a different undercover transaction described in the indictment, the RaidForums user “SubVirt” listed 30 million records stolen from a major telecommunications company and wireless network operator. The records included “customer names, social security numbers, dates of birth, driver’s license numbers, phone numbers, billing account numbers, customer relationship manager information. Mobile Station Integrated Services Digital Network (MSISDN) information. International Mobile Subscriber Identity (IMSI) numbers, and International Mobile Equipment Identity (IMEI) numbers.” A third-party operating on behalf of the hacked telecom company then purchased the data, using Coelho’s middleman service.

RaidForums before the raid.

The indictment also accuses Coelho of falsely registering a domain name.
“On or about June 6, 2018, Coelho, using the moniker “Omnipotent,” transferred the false registration of the domain “Raidforums.com” to a U.S.-based domain registrar based in Phoenix, Arizona using the alias “Kevin Maradona.” Coelho falsely registered the domain name knowing that it was used to support the RaidForums website in furtherance of the conspiracy.”

Several law enforcement agencies assisted the FBI and USSS in the investigation, including the Joint Cybercrime Action Taskforce (Europol), National Crime Agency, Swedish Police Authority, Romanian National Police, Judicial Police, Internal Revenue Service Criminal Investigation, and the Federal Criminal Police Office.
“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”
Coelho is in custody in the U.K. pending the results of an extradition hearing.

Comments (40)


all major onions are down. 0 day exploit?


dread isn't a market. They do of course maintain a criminal enterprise by monetizing on darknet market information and advertisements. They may also be involved in several other criminal complaints not know to law enforcement themselves yet, as all 33 eyes are scanning the planet looking for the kids behind dread.


Dread, cryptostamps, and ASAP were all seized.


wym dread cryptostamps and asap was seized lol... asap is still up why u talking out ur ass for no reason everything is getting ddossed u fucking weirdo #857d308e


Get off the internet to be anonymous.


Im guessing the telecoms is tmobile.


Feds=cock suckers


Aaaaaand it's gone. Versus as well. Those DDOS losers are so damn tiresome, you fucks contribute nothing, hope you get cancer and die a slow and excruciatingly painful death. With best regards!


ASAP is back up, Dread is still down though.


ASAP is down again but Dread is up and running on their I2P link


Omnipotent got too greedy and turned into a jew. It's all his fault and he got what he deserved. Rf used to be a raiding forum and now look what he did to it.


You have absolutely no idea what you’re talking up faggot. pls shut up


Stfu leakfag. I exactly know what I am talking about, suck more of his jewish spic cock. He didn't care about his userbase and only wanted money, the feds proved this through the way he scammed them through the middleman. If he didn't become greedy then this wouldn't have happened and rf would still be a raiding forum.


Wtf is going on with Dread


asap siezed, dread siezed, abacus siezed


anyone hear from shaky or paris? hug is not arrested stop spreading fud


feds spent $4,000 in Bitcoin on 1.1 million “payment card account numbers, names, addresses, and phone numbers associated with the payment card account numbers” but received nothing in return. OHONONONON FED BROS WE GOT COCKY I GUESS U COULD SAY RAID GOT RAIDED LMAO


Can we talk about why Dread got DDSOed then unplugged their servers , why RaidForums got DDOSed before being seized , why ASAP is being DDOSed , why Abacus is DDOSed and maybe seized , why Versus is DDOSed , why Archtyp got DDOS'ed then unplugged their servers ?


Versus is still up why assuming that it is offline??


9000 is a fed


HB should probably sign a confirmation message with PGP key and DNL should write an update article with that message, something is up and I’m sure it will all come out in the wash <3


Seizing dnms is to give jobs to street niggers


im honestly just surprised theyve managed to stay up for this long


dread is back. All the fud can be laid to rest. paris and hb are kings of the internet. DeSnake is a fed.


lmao another hating admin :D you hating because your little market is down? aww how cute but you'll never reach the biggest OG Desnake he's been part of the darknet before paris and hugbunter before any of admins today! Alphabay has the best uptime of all markets everyone is selling on there they're no1 keep hatin imma keep sellin ma shit and wheel keep spinin


hold up alphabay has pgp force option like WHM and use monero feds can't use any info on there if both parties encrypt! Assume every market is compromised pgp encrypt use monero don't worry it happens now alphabay is the place to be if we talkin security


Is there any other good alternative? I know about cracked.to but is there any good one that I can access from TOR?


Tor security is really amazing. The feds can never hack it.


Lol how fucking stupid are you transferring a domain to the US.... Hahahahahahahaha


here is a literal toddler level move that would save you from this, don't commit crimes. With this one simple trick you can be protected from ever getting your stuff seized by the feds.


You know guys who don't commit crimes,give me the list please I'd love to meet them unfortunately I am almost 50 years and known only criminals :)))


imagine being arrested by the faggots bureau of investigation yikes #monkeypoxmoment



fuck niggers2022-09-20

He scammed the fbi on accident lol. Scammers need to get whats coming to them.




Good to see this forum is full of homophobes! You sound like a bunch of bigots.


at least they dont sound like faggots..... sorry couldnt resist dont take me serious lol


When the alternative is child trannies, I do not think "bigots" is derogatory the way you likely think it is.


Laughing at kids getting psyopped into gobbling estrogen and ruining the rest of their lives isn't bigotry. It's natural You gotta admire the scope of the psyop tho. Give them unlimited vidya & porn -> make them lonely -> turn their natural sexual urges and loneliness against them -> they troon out -> kill themselves


> hope it’s nothing weird haha! lmao exactly