DOJ Seizes $24M in Crypto From Russian Qakbot Hacker in Global Crackdown

Key Takeaways:

U.S. DOJ targets Russian hacker Rustam Gallyamov with forfeiture of $24M in crypto assets linked to Qakbot malware.

Gallyamov’s malware-infected thousands globally, facilitating ransomware attacks with major syndicates.

Operation Endgame underscores global cooperation to dismantle cybercriminal infrastructure.

The U.S. Department of Justice has escalated its battle against global cybercrime by filing a civil forfeiture complaint to seize over $24 million in crypto assets linked to Russian national Rustam Rafailevich Gallyamov.

The 48-year-old Moscow resident stands accused of orchestrating a vast malware scheme that powered Qakbot, a sophisticated cyber weapon that infected thousands of computers worldwide.

Gallyamov’s online trial began in 2008 when he reportedly created the first iteration of Qakbot. By 2019, he had built a mature botnet of compromised machines that allowed co-conspirators to conduct ransomware attacks.

Gallyamov’s infrastructure served as a launching pad for infamous ransomware variants including Dopplepaymer, Egregor, REvil, Conti, and Black Basta, according to the indictment. In exchange, he allegedly got a share from the money paid in ransom by victims.

Despite a significant disruption to the Qakbot network in August 2023 by law enforcers, Gallyamov purportedly adjusted rapidly and utilized other methods such as spam bomb attacks.

These entailed inundating victims’ networks with malicious login attempts and fooling workers into providing access to secure networks. Most importantly, the attacks continued through January 2025, reflecting the cybercriminal activity and responsiveness.

Millions in Crypto Now Seized

Gallyamov’s ill-gotten gains were distributed across numerous cryptocurrencies, including more than 200 Bitcoins and significant holdings in USDT and USDC, according to court documents.

In April 2025, U.S. government agents also confiscated a new stash worth more than 30 bitcoin and $700,000 worth of stablecoins from Gallyamov. Those assets worth over $24 million are the target of a civil forfeiture complaint filed in California.

The government’s forfeiture case is aimed at recovering illicit gains and returning them to victims of Gallyamov’s malware operation. Prosecutors Jessica Peck, Khaldoun Shobaki, Lauren Restrepo, and James Dochterman are directing the case and are assisted by FBI field offices and international partners based in Europe and Canada.

A Global Crackdown on Cybercrime

This new development is part of Operation Endgame, a joint multinational operation to take down transnational cybercrime networks. The German BKA investigators, Dutch National Police investigators, France’s Anti-Cybercrime Office investigators, and investigators with Europol played a key role in tracking and taking down Gallyamov’s infrastructure.

With law enforcement agencies from across the continents operating in tandem with each other, Gallyamov’s case represents a turning point in the international campaign against ransomware-based cybercrime.

Related Reading | Best Crypto Presale: MIND of Pepe Hits $10M Raised as ICO Enters Final Week

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Bitcoin - @ May 24, 2025 4:00 am