​Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021.

In a Wednesday press release, the U.S. Department of Justice said that Kavzharadze (also known as TeRorPP, Torqovec, and PlutuSS) sold vast amounts of financial information and other personally identifying information (PII) on the illegal marketplace.

Throughout his involvement, between July 2016 and May 2021, he listed more than 626,100 stolen login credentials for sale. Those sold to Slilpp users were later linked to roughly $1.2 million in fraudulent or attempted transactions after those who purchased them used the information to steal money from victims’ accounts.

“On May 27, 2021, Kavzharadze’s account on Slilpp listed 240,495 login credentials for sale that would allow the buyer to use the information to steal money from the victim’s online payment and bank accounts,” DOJ said.

“The credentials included access to bank accounts in New York, California, Nevada, and Georgia. Kavzharadze only accepted Bitcoin as payment for the credentials.”

According to court documents, Kavzharadze was connected by FBI analysts to withdrawals of more than $200,000 in Slilpp profits from the Bitcoin account that collected payments for stolen login, personal, and financial information.

On August 19, 2021, the DOJ charged Kavzharadze with conspiracy to commit bank and wire fraud, bank fraud, access device fraud, and aggravated identity theft.

He was extradited to the U.S. and appeared in a U.S. District Court in May 2022. Almost two years later, on February 16, 2024, Kavzharadze pleaded guilty to being a prolific Slilpp vendor and conspiracy to commit bank and wire fraud.

Largest online market for stolen credentials

The U.S. Department of Justice announced the takedown of Slilpp on June 10, 2021, following a joint operation with law enforcement agencies from the United States, Germany, the Netherlands, and Romania, who seized servers used to host Slilpp’s infrastructure.

The FBI coordinated with agencies worldwide, including Germany’s Bundeskriminalamt, the Netherlands’ National High Tech Crime Unit, and Romania’s Directorate for the Investigation of Organized Crime and Terrorism.

Slilpp has been active for almost a decade, since 2012, and was used by cybercriminals to sell and buy stolen login credentials for banks, online payments, mobile phones, retailers, and other online accounts.

Right before Slilpp was taken down and its domains seized, Slilpp vendors listed over 80 million stolen login credentials belonging to users of more than 1,400 companies for sale, many high-profile organizations worldwide.

Since then, law enforcement authorities worldwide have targeted similar operations designed to provide criminals with an easy way to get their hands on sensitive information stolen from victims of cyberattacks.

For instance, earlier this year, they arrested 23-year-old Rui-Siang Lin, the alleged owner and operator of the Incognito dark web drug market that sold over $100 million worth of narcotics, who could face a mandatory minimum sentence of life in prison if found guilty.

Last year, authorities also seized the Genesis stolen credentials market and arrested 288 dark web drug vendors and buyers following a law enforcement operation codenamed Spector. In June, the FBI seized the BreachForums hacking forum after arresting its owner, Connor Brian Fitzpatrick (also known as Pompompurin).

In December, an international police operation also led to the arrest of 3,500 cybercriminals and the seizure of over $300 million, while German police seized Kingdom Market, a dark web marketplace selling cybercrime tools, drugs, and fake government IDs.