Joker’s Stash stolen credit card vendor is set to close on February

The illegal merchant of stolen payment cards closes shop after 7 years

One of the most popular underground credit card marketplaces closes.

On January 15, 2021, Joker's Stash – one of the most popular underground markets for stolen credit and debit card info announced that it closes after operating for 7 years. The closing should happen within 30 days. Administrators of this chain of illegal shops have declared that on many online carding forums, including Russian-language portal Club2CRD.

Joker Stash representatives wrote:

Joker goes an a well-deserved retirement. Joker's Stash is closing.

This stolen credit card merchant began his business in 2014, and reports show^[1] that it made over $1 billion in illegal revenues over the years. In the dark web, the site became really popular due to its fresh stolen credit card data and the option to get a refund if the data is invalid.

Joker's Stash also reassures its users that the illegal marketplace will be operational until February 15, 2020. That way, users can spend money from their accounts until the portal closes. Afterward, all servers and backups will be wiped. Criminals behind Joker's Stach state that they will never open again, so their users shouldn't trust any copycats that could try to profit from their departure from the criminal world.

Law enforcement agencies impeded the sales of stolen data

Law enforcement agencies all over the world are trying to apprehend people behind various illegal activities. Russian Federal Security Service (FSB) has detained thirty people in March 2020, that had anything to do with carding operations. That led to a shutdown of 90 domains related to credit card fraud.^[2]

It's unclear whether this impacted Joker's Stash operations, but what surely did was Interpol and the FBI taking down four blockchain domains (.emc, .lib, .coin, and .bazar) of the illegal shop on December 16, 2020. Although, shops that were accessible only through the Tor browser were still operational.

Since September 2020, one of the biggest markets for stolen credit card data has posted less and less of their main source of income (Card Not Present (CNP) and Card Present (CP) records). This might have happened because the Joker himself has caught the COVID-19 infection and was allegedly held in the hospital for over a week.^[3]

Stolen payment card info linked to major company breaches

According to news reports,^[4] during 2020 more than 40 million new stolen records were posted on the Joker's Stash. Most criminals, fearing the attention of law enforcement, don't brag about what they did. That wasn't the case with this article's culprit, as they always advertised where their stolen records came from.

Most of the stolen credit or debit card data was coming from major breaches linked^[5] to such companies as a convenience store and gas station network WAWA (operation BIGBADABOOM-III). Dickey’s Barbecue Pit, a US-based restaurant franchise, suffered a data leakage in operation called BLAZINGSUN. Two more restaurant chains in the US, Champagne French Bakery Café and Islands, also suffered major data leakages.

Although the criminals will stop selling the stolen data, law enforcement agencies will still try to hunt down the people behind these crimes, so justice is served.