The French case illustrates how attackers used a fake police raid and violence to force a Bitcoin transfer worth $1 million, bypassing encryption entirely by compelling the victim to authorize the transaction.
Xinbi Guarantee has also hosted a wide variety of other black market offerings, including harassment services that threaten or throw feces at a victim for a fee, and even sex workers as young as 14 who are likely trafficking victims.
"Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims."
RaveDAO, the Web3 music and entertainment protocol, has denied allegations of market manipulation following a catastrophic week that saw its native token, RAVE, lose nearly 95% of its value. The project's response comes as the token, which peaked at an all-time high of $28.90 just days ago, is now trading at approximately $1.24, effectively wiping out billions in paper wealth and triggering investigations by major exchanges.
As well as millions of customer names and contact details, the databases show how much money people had spent at the stores. The hacker the BBC spoke to says he purchased the spreadsheets for $300,000 (£224,000) in order to target the biggest spenders. He claims to have used the information along with details from another stolen database to scam multiple Coinbase users out of at least $1.5m (£1.1m) in crypto.
To be clear, ransomware isn't going anywhere, and adversaries continue to innovate. But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today's attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible.
