Leader of World’s Leading XSS Dark Web Cybercrime Platform Arrested

A major international cybercrime investigation has culminated in the arrest of the suspected administrator behind xss.is, one of the world’s most influential Russian-speaking cybercrime platforms, following a coordinated operation between French police, Ukrainian authorities, and Europol.

The arrest represents a significant blow to the global cybercriminal ecosystem that has facilitated millions of euros in illicit transactions.

The suspect was apprehended in Kyiv, Ukraine, on July 22nd as part of a series of coordinated enforcement actions designed to gather evidence and dismantle critical criminal infrastructure.

The operation involved French police investigators deployed on the ground in Ukraine, supported by Europol through a virtual command post established specifically for this mission.

During the enforcement actions, Europol deployed a mobile office to provide on-site coordination and evidence collection support to both French and Ukrainian teams.

The seized data is now being analyzed to support ongoing investigations across Europe and beyond, potentially leading to additional arrests and the disruption of related criminal networks.

The forum, which boasted more than 50,000 registered users, served as a central marketplace for stolen data, hacking tools, and illicit services.

It functioned as a critical platform for some of the most active and dangerous cybercriminal networks, facilitating coordination, advertising, and recruitment activities that enabled a wide range of criminal enterprises.

XSS Dark Web Cybercrime

Investigators believe the arrested individual was far more than a technical operator, playing a central role in enabling and facilitating criminal activity across the platform.

Acting as a trusted third party, he arbitrated disputes between criminals and guaranteed the security of transactions, creating a reliable ecosystem that attracted major threat actors.

The suspect is also believed to have operated thesecure.biz, a private messaging service specifically tailored to meet the needs of the cybercriminal underground.

Through these combined services, investigators estimate he generated over €7 million in advertising and facilitation fees, demonstrating the lucrative nature of cybercrime infrastructure services.

Evidence suggests the suspect maintained an active presence in the cybercrime ecosystem for nearly two decades, during which time he cultivated close relationships with several major threat actors.

This longevity and network of connections made him a particularly valuable target for international law enforcement agencies.

Three-Year Investigation

The investigation was initiated by French police in 2021, reflecting the long-term commitment required to penetrate sophisticated cybercriminal networks.

The case transitioned into its operational phase in Ukraine in September 2024, marking a crucial escalation in enforcement efforts.

Europol provided essential operational and analytical support throughout the investigation, facilitating information exchange and coordination between French and Ukrainian authorities.

The agency also assisted in mapping the cybercriminal infrastructure and establishing connections between the suspect and other major threat actors.

This operation aligns with findings from Europol’s 2025 Internet Organised Crime Threat Assessment, which identifies the booming black market for stolen data as a critical driver of the cybercrime economy.

Platforms like xss.is enable the trade and monetization of compromised data, hacking tools, and illicit services that fuel ransomware, fraud, identity theft, and extortion activities worldwide.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.