U.S. Cracks Down on Cybercrime: PopeyeTools Marketplace Seized in Major Law Enforcement Operation
U.S. authorities have seized PopeyeTools, a major darknet marketplace specializing in stolen financial data and fraud tools that operated for eight years. The operation led to the arrest of three administrators and the confiscation of $283,000 in cryptocurrency.
The marketplace's administrators - Abdul Ghaffar (25), Abdul Sami (35), and Javed Mirza (37) - now face criminal charges for running the platform that generated approximately $1.7 million in illicit revenue since 2016.
PopeyeTools served as a hub for cybercriminals, offering stolen credit card information, personal data, and specialized tools for conducting cyberattacks. The platform facilitated the exploitation of data from at least 227,000 individuals during its operation.
The takedown required coordinated efforts between law enforcement agencies in the United States, United Kingdom, and Malaysia. Multiple domains were seized, including PopeyeTools.com, PopeyeTools.uk, and PopeyeTools.to.
This operation follows other major darknet marketplace takedowns in recent years, including AlphaBay, Hansa Markets, Empire Market, and Hydra. However, experts note that when one marketplace closes, criminal vendors often migrate to other platforms.
The data traded on PopeyeTools enabled various criminal activities:
- Identity theft and creation of fake identities
- Unauthorized purchases using stolen credit cards
- Targeted phishing attacks
- Corporate espionage and data theft
The case highlights the growing sophistication of cybercrime operations and their global reach. With administrators based in Pakistan and Afghanistan, the investigation required extensive international cooperation.
While this takedown represents a victory for law enforcement, the battle against darknet marketplaces continues. The anonymity provided by tools like Tor and cryptocurrencies presents ongoing challenges for authorities working to combat cybercrime.
Organizations can protect themselves by implementing dark web monitoring, conducting regular security training, using multi-factor authentication, and adopting zero-trust security frameworks.