XSS.IS Cybercrime Forum Seized After Admin Arrested in Ukraine

Earlier this morning, it was reported that on 22 July 2025, Ukraine arrested a man suspected of being the administrator of XSS.IS, one of the world’s most notorious and sophisticated cybercrime platforms. The arrest was made with the assistance of Europol and French authorities. Now, as seen by Hackread.com, the forum itself has also been seized.

Visitors to XSS.IS now see a seizure notice stating, “This domain has been seized by la Brigade de Lutte Contre la Cybercriminalité with assistance from the SBU Cyber Department.”

The “SBU Cyber Department” refers to the Cyber Security Department of the Security Service of Ukraine (SBU). La Brigade de Lutte Contre la Cybercriminalité (BL2C) is a branch of the French judicial police that specialises in combating cybercrime.

XSS.IS Dark Web (.onion) and Clearnet Domains Show 504 Gateway Timeout Error

At the time of writing, the main domain of the forum displays a seizure notice, while its dark web domain and clearnet mirror (XSS.AS) both return a “504 Gateway Timeout” error. Notably, the Telegram channel linked to the XSS.IS administrator shows no signs of seizure and is marked as “recently seen.” It remains unclear whether authorities have access to these domains or control over the forum’s Telegram account.

Background of XSS.IS

The XSS.IS forum was originally launched in 2004 under the name DaMaGeLaB, a well-regarded Russian-language hacking community. The site was briefly shut down in December 2017 after one of its administrators, Belarusian national Sergey Yarets, known on the forum as “Ar3s,” was arrested.

In late 2018, a prominent forum administrator acquired a backup of the site and relaunched it under the new name XSS, a reference to the web security vulnerability known as cross-site scripting.

The name change served two main purposes. First, it distanced the forum from its past associations with law enforcement under the DaMaGeLaB name. Second, it gave the site a more technical and modern image by referencing a vulnerability familiar to its target audience.

Authorities and the cybersecurity community have long suspected that XSS.IS was operated or supported by Russian intelligence agencies, including the Foreign Intelligence Service (SVR), the Federal Security Service (FSB), and the Main Intelligence Directorate (GRU). However, the administrator was found to be in Ukraine. It remains unconfirmed whether the suspect is a Ukrainian or Russian national.

A Major Blow to Cybercrime

Although cybercrime forums frequently appear and disappear, the seizure of XSS.IS marks a significant setback for the global cybercrime community. The forum had more than 50,000 registered users, with membership granted only after a thorough vetting process. In some cases, users were even required to pay a fee to create an account in order to prevent spam.

XSS.IS became a highly prominent and notorious marketplace for hijacked system access, malware, stolen credentials, databases, ransomware kits and an encrypted Jabber channel that hackers used to coordinate deals. The forum generated millions of dollars through advertising and facilitation fees.

According to Europol’s press release, authorities have also seized user data, which is now being analysed and will be used to track cybercriminals and support ongoing operations against cybercrime both in Europe and globally.

In the end, the message is clear: if you are involved in crime, especially at the scale of running a major cybercrime forum, authorities will eventually catch up. No matter how high-profile the platform may be, it is only a matter of time before it is taken down.