xDedic Marketplace: DoJ’s International Operation Nets 19, Thwarts $68M Fraud

The United States Attorney’s Office heralded the culmination of an extensive international cybercrime investigation, targeting the nefarious activities of the darknet marketplace, xDedic. Judicial documents revealed that xDedic illegally sold access credentials to servers worldwide, along with the personal data of U.S. residents, including birth dates and social security numbers. The acquired servers were exploited by criminals for various illegal activities, such as tax fraud and ransomware attacks.

Victims, whose data was traded on the market, spanned diverse sectors globally, including local, state, and federal government agencies, hospitals, universities, metropolitan transit authorities, accounting and legal firms, and pension funds. xDedic’s administrators maintained exceptional operational security, using an international network and cryptocurrency to conceal server locations and participant identities. Over 700,000 compromised servers were offered on the xDedic darknet marketplace, including at least 150,000 in the U.S., with 8,000 in Florida.

In January 2019, the Tampa, Florida District Attorney’s Office seized xDedic’s domain names and dismantled its website infrastructure, effectively ceasing its operations. The international effort was a collaborative achievement with Europol and law enforcement from Belgium, Ukraine, the Netherlands, and Germany.

Following xDedic’s closure, the U.S. Attorney’s Office charged individuals involved in the site’s operations at all levels, including administrators, server sellers, and buyers. Administrators Alexandru Habasescu (31; Chisnau, Moldova) and Pavlo Kharmansky (32; Kyiv, Ukraine) were sentenced to 3 years and 5 months and 2.5 years imprisonment, respectively, for fraud with access to devices. Habasescu was arrested in the Canary Islands in 2022 and extradited to the U.S., while Harmansky was arrested at Miami International Airport in 2019.

One of the market’s largest sellers offered access to over 35,000 compromised servers worldwide and earned over $350,000 in illegal revenue. The seller was arrested in Georgia in 2022 and extradited to the U.S., where he was sentenced to 5 years in prison.

Nigerian citizen Allen Levinson, an active buyer on the Marketplace, sought access to American auditing firm systems. He used this information to file hundreds of false tax returns, requesting over $60 million in tax refunds. Levinson was arrested in the United Kingdom in 2020 and extradited to the U.S., where he was sentenced to 6.5 years in prison.

Additionally, two buyers from the United Kingdom were charged with conspiracy to commit electronic fraud and aggravated identity theft. Both await extradition from the U.K. One is also charged with false statements and theft of government funds, facing up to 20 years in prison if convicted.

Many of the accused hold citizenship in countries that do not extradite their nationals, so the U.S. must find and extradite criminals from countries that do. In total, 19 suspects face charges and await extradition to the U.S.