LockBit, one of the most well-known Ransomware-as-a-Service (RaaS) groups, suffered a serious security breach that exposed around 60,000 Bitcoin addresses.

On May 8, blockchain security firm SlowMist reported that hackers exploited a PHP 0-day or 1-day vulnerability to gain unauthorized access to LockBit’s backend systems and admin console.

SlowMist pointed out that the hack resulted in the leak of a compressed file containing sensitive data. Other exposed information from the breach includes private keys, internal chat records, and details of affiliated entities. The hackers left a message on the website saying,

“Don’t do crime CRIME IS BAD crime is bad xoxo from Prague.”

LockBit, in a message with threat researcher Rey, said that only wallet addresses and chat logs were published from the attack. The platform insisted that no decryptors or source code were stolen from the breach.

Meanwhile, SlowMist, using its Mistrack system, traced one of LockBit’s Bitcoin wallet addresses.

The firm reported that the transaction trail appeared clear and led directly to known crypto exchanges. This suggests the attacker may have already attempted to cash out or launder the stolen funds.

LockBit offers bounty

LockBit has reportedly clarified that only a lightweight management panel had been breached. It emphasized that core tools like the locker builder, decryptors, and source code remained secure.

Despite this claim, the breach marks a significant blow to its criminal credibility among affiliates and clients.

In a surprising twist, LockBit offered a bounty for information on the hacker. The group claims the attacker may be someone called “xoxo” based in Prague.

The platform stated:

“If you can provide accurate and reliable information about this person’s identity — I’m willing to pay for it.”

This bounty offer comes with a hint of irony, as LockBit is a target of a US government bounty program.

The US authorities accuse the group of executing over 2,500 ransomware attacks in more than 120 countries. Nearly 1,800 of those victims were reportedly based in the United States.

The Department of Justice claims the LockBit group extorted more than $500 million in ransom payments, with total losses, factoring in recovery and downtime, reaching into the billions.

The post LockBit breach exposes 60,000 Bitcoin addresses, offers bounty for hacker’s identity appeared first on CryptoSlate.