Chainalysis noted that In a recent operation, law enforcement agencies from multiple countries have struck a significant blow against cybercrime by dismantling BreachForums, one of the world’s most notorious platforms for trading stolen data.
This past month, the French Cybercrime Unit (Brigade de lutte contre la cybercriminalité, BL2C) arrested five suspected administrators of the platform, including threat actors ShinyHunters, Noct, Depressed, and Hollow.
Simultaneously, the U.S. Attorney’s Office for the Southern District of New York unsealed charges against British national Kai West, a 25-year-old alleged to be the infamous “IntelBroker,” who served as BreachForums’ owner from August 2024 to January 2025.
This coordinated effort underscores the power of blockchain analytics in unmasking cybercriminals and disrupting illicit online marketplaces.
BreachForums, which emerged in 2022 as a successor to the dismantled RaidForums, became a central hub for cybercriminals to buy, sell, and trade stolen data, including sensitive personal and corporate information.
The platform facilitated high-profile breaches targeting organizations like Europol, General Electric, AMD, Nokia, Cisco, and DC Health Link, exposing the data of millions, including U.S. House members and their families.
IntelBroker, in particular, gained notoriety for orchestrating breaches that caused over $25 million in damages, according to U.S. prosecutors.
The forum’s resilience, reemerging after FBI-led takedowns in 2023 and 2024, made it a persistent threat—until now.
The takedown operation hinged on blockchain analytics, particularly Chainalysis Reactor, which enabled investigators to trace cryptocurrency flows and connect IntelBroker’s digital persona to his real-world identity.
Kai West’s critical operational security failures—such as accepting Bitcoin instead of the more private Monero, publicly advertising cryptocurrency addresses, and using personal information for exchange accounts—proved to be his downfall.
Investigators traced Bitcoin transactions from West’s accounts across multiple exchanges, including Ramp and Coinbase.
The Ramp exchange provided a breakthrough when account information revealed a withdrawal linked to “Kai Logan West,” complete with his date of birth.
Cross-referencing showed the same Bitcoin address interacting with Coinbase under the alias “Kyle Northern,” which also tied back to West.
Further analysis uncovered small deposits to CSGO500, a cryptocurrency casino, and a particular Ethereum address that reportedly funneled funds to Changelly exchange.
This case highlights the transparency of blockchain technology as a double-edged sword for cybercriminals.
While cryptocurrencies like Bitcoin are often perceived as anonymous, their immutable ledgers leave traceable digital footprints.
Modern blockchain intelligence platforms, as utilized by law enforcement, offer comprehensive transaction mapping, real-time risk assessments, and cross-reference analysis, enabling authorities to pierce the veil of anonymity.
The operation also involved undercover agents who purchased stolen data, further mapping wallet addresses and transfers to link West to his IntelBroker persona.
The arrests, conducted in Paris, Normandy, and Réunion, targeted a group of French nationals in their twenties, including the prolific ShinyHunters, linked to breaches at Salesforce, Ticketmaster, and AT&T.
The U.S. is seeking West’s extradition, charging him with conspiracy to commit computer intrusions, wire fraud, and unauthorized access to protected computers, with potential penalties of up to 50 years in prison.
Despite BreachForums’ history of resurfacing, professionals like Agnidipta Sarkar from ColorTokens warn that remnants of the organization could attempt to revive it, emphasizing the need for ongoing vigilance and real-time cybersecurity protections.
This takedown sends a clear message: cybercriminals are not beyond the reach of international justice.
The collaboration between the FBI, French authorities, and other global partners, combined with blockchain analytics, highlights a fundamental shift in combating cryptocurrency-enabled crime.
As cybercriminals adapt, law enforcement must continue to enhance analytical capabilities and international cooperation to target data breach marketplaces and ransomware operations.
The IntelBroker case indicates that even sophisticated threat actors leave digital trails that advanced analytics can follow, reinforcing the blockchain’s role as a useful tool for justice in the digital economy.