Cyber Incident Victim: Club2Crd
Date:
Feb 2021
Location:
Russia
Summary
The Club2Crd carding and cybercrime forum experienced a significant security incident when one of its oldest super-moderators, mak, had his account fully compromised. Attackers used the hijacked account to introduce multiple fraudulent services and steal funds from other members, severely damaging the forum's reputation and eroding trust among its user base. This breach was part of a broader pattern of attacks targeting Russian-speaking cybercrime forums, highlighting vulnerabilities even within elite hacker communities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-February 2021, a series of attacks targeted several prominent Russian-speaking cybercrime forums, including the Club2Crd carding and cybercrime forum. According to reports, a staff member known as 'mak,' identified as one of the oldest super-moderators on the mid-tier Club2Crd forum, experienced a complete account takeover. This security breach allowed the attacker to use the compromised moderator account to create multiple new scam services directly on the forum platform. The immediate consequence was the direct theft of money from other Club2Crd members who interacted with these fraudulent services. The incident was part of a broader wave of compromises affecting multiple communities, as screenshots of posts discussing attacks on Verified, Dread, and Club2Crd were shared alongside the separate Maza forum leak. The attack on Club2Crd specifically illustrated the vulnerability of even trusted, high-ranking accounts within these closed criminal ecosystems.
The takeover of 'mak's account significantly damaged the operational integrity and trustworthiness of the Club2Crd forum. By impersonating a respected super-moderator, the attacker could exploit the inherent trust members placed in that role to perpetrate financial scams. This event contributed directly to a measurable decrease in trust across cybercrime communities, as noted by security analysts tracking the incidents. The attack occurred contemporaneously with the forceful takeover of the Verified forum on February 15 and the disruptive attacks on the Dread platform, suggesting a coordinated or opportunistic campaign against these illicit hubs. While the specific technical method used to compromise 'mak's account was not detailed, the outcome was the unauthorized creation of scam services and the siphoning of funds from users. The incident was publicly acknowledged through posts on the forum and subsequently reported to security media, highlighting the internal security failures within Club2Crd's account management and authentication practices for its staff. The breach underscored that no forum, regardless of its tier or the seniority of its members, was immune to such account takeover attacks during this period.