The US Department of Justice Seizes LummaC2 Malware Infrastructure, Which Stole Cryptocurrency Wallet Mnemonics

May 22 news, law enforcement agencies have successfully seized the critical infrastructure of the malware LummaC2, which was used to steal cryptocurrency wallet mnemonics from millions of users. This operation was jointly executed by the U.S. Department of Justice, Europol, Japan's Cybercrime Control Center, Microsoft, and others. According to Microsoft data, over 394,000 Windows systems worldwide were found to be infected with this malware between March and May 2025. Through civil litigation, Microsoft has seized and disabled more than 2,300 domains supporting LummaC2 operations. The FBI confirmed that there were at least 1.7 million theft attempts through LummaC2 alone. This malware was launched by a Russian developer with the online alias "Shamel" in 2022, primarily marketed through Telegram and Russian-language forums, offering tiered service packages that allow buyers to customize, distribute, and track stolen data.