{ "id": "257d2306-7863-49c4-a5e2-ef6782131421", "created_at": "2026-04-06T00:08:47.62452Z", "updated_at": "2026-04-10T03:24:50.361933Z", "deleted_at": null, "sha1_hash": "a562741fcf6900eba169eaff287a621291dbdf25", "title": "LockBit ransomware gang claims PayBito crypto exchange as new victim", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 118829, "plain_text": "LockBit ransomware gang claims PayBito crypto exchange as new\r\nvictim\r\nBy Waqas\r\nPublished: 2022-02-05 · Archived: 2026-04-05 20:39:57 UTC\r\nLockBit ransomware operators claim that they stole the PayBito database that contains 100,000 customers’ information including\r\nemail addresses and “weak” password hashes.\r\nThe infamous LockBit ransomware gang is claiming to have hacked PayBito, a global cryptocurrency exchange,\r\nand stolen its data including a database with 100,000 customers’ information.\r\nThe group claimed the attack on Thursday, February 3rd on its official website on the so-called dark web\r\naccessible through the Tor browser. In its post, the operators of LockBit ransomware stated the stolen database\r\ncontains personal information of customers in the United States and other countries worldwide.\r\nIt further claimed that the stolen records have email addresses and a “weak hash algorithm” referring to a\r\npassword algorithm that can be easily decrypted into cleartext format. Additionally, the alleged data includes the\r\npersonal data of the exchange’s administrators.\r\n“Crypto exchange of “HashCashConsultant” company, \u003e 100k Users in DB. Customers from\r\nUSA/WorldWide personal data, mail/hash, weak hash algorithm. Admins personal data, admin emails,\r\nand hashes. If you want to buy it – contact us with TOX – All available data will be published.“\r\nLockBit\r\nIt is worth noting that the PayBito exchange offers buying, selling, and trading of Bitcoin, Ether, Bitcoin Cash,\r\nLitecoin, and several other cryptocurrencies. The exchange is managed by HashCash, a Palo Alto, California-based global blockchain and IT services company.\r\nhttps://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/\r\nPage 1 of 3\n\nPost published by LockBit ransomware gang on its official website (Image credit: Hackread.com)\r\nThreat intelligence feeds like Dark Tracer and Dark Feed have also tweeted (1 \u0026 2) about the alleged ransomware\r\nattack on PayBito. Nevertheless, the bad news is that LockBit plans to publish the alleged stolen records on\r\nFebruary 21st, 2022 if their demand for ransom is not met.\r\nHistory of LockBit ransomware gang\r\nLike other ransomware gangs, LockBit’s modus operandi involves blocking victims’ access to computer systems\r\nin exchange for a ransom payment. LockBit, which itself is a malicious software, automatically vets for valuable\r\ntargets, spreads the infection, and encrypts all accessible computer systems on a network.\r\nThe Lockbit ransomware gang emerged on the threat spectrum back in September 2019 and made waves in June\r\n2021 after launching LockBit 2.0 and recruiting new partners. The gang claims to offer the “fastest data\r\nexfiltration on the market through StealBit,” noted Emsisoft in the gang’s profile.\r\nStealBit is a data stealer that can download 100 GB of data from an infected system within 20 minutes. Some of\r\nthe gang’s previous victims include Bangkok Airways, Accenture, Businesses in Europe, and French Ministry\r\nof Justice, etc.\r\nAs for the alleged ransomware attack on PayBito, at the time of publishing this article, the exchange or HashCash\r\nhad not released any statement to address the issue. However, Hackread.com has contacted the company and this\r\narticle will be updated based on their confirmation or denial.\r\nMore ransomware news on Hackread.com\r\nRansomware attack on New Mexico jail put prisoners in lockdown\r\nhttps://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/\r\nPage 2 of 3\n\nEuropol takes down VPN service VPNLab used by ransomware operators\r\nFBI warns of hackers mailing malicious USB drives to spread ransomware\r\nMicrosoft: ‘Destructive malware’ fakes ransomware to target Ukrainian orgs\r\nCyber-Partisans hackers hit Belarus railroad system with a ransomware attack\r\nSource: https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/\r\nhttps://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.hackread.com/lockbit-ransomware-paybito-crypto-exchange-hack/" ], "report_names": [ "lockbit-ransomware-paybito-crypto-exchange-hack" ], "threat_actors": [ { "id": "4f472ea8-b147-486d-8533-88f8036343a6", "created_at": "2024-01-23T13:22:35.081084Z", "updated_at": "2026-04-10T02:00:03.520098Z", "deleted_at": null, "main_name": "Cyber Partisans", "aliases": [], "source_name": "MISPGALAXY:Cyber Partisans", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434127, "ts_updated_at": 1775791490, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a562741fcf6900eba169eaff287a621291dbdf25.pdf", "text": "https://archive.orkl.eu/a562741fcf6900eba169eaff287a621291dbdf25.txt", "img": "https://archive.orkl.eu/a562741fcf6900eba169eaff287a621291dbdf25.jpg" } }