24.12.2025
2 min
413
The U.S. government, with assistance from the FBI, has seized the web3adspanels.org domain, which was used by cybercriminals to store bank login credentials stolen from American victims. The operation disrupted a large-scale phishing scheme that caused millions of dollars in financial losses.
According to the U.S. Department of Justice, the seized domain hosted a backend server containing stolen banking credentials belonging to thousands of victims. The data was harvested through phishing campaigns that relied on fraudulent advertisements displayed on Google and Bing search results, redirecting users to fake banking portals.
The FBI identified at least 19 confirmed victims across the United States, including two companies in the Northern District of Georgia. Actual financial losses reached approximately $14.6 million, while attempted losses were estimated at $28 million.
Investigators determined that the backend server hosted on the seized domain remained active until at least November 2025. The domain seizure was carried out with the support of Estonian law enforcement and other international partners. It currently displays a law enforcement notice indicating it is under official control.
Although no arrests have been made so far, the investigation is ongoing. Since January, the FBI’s Internet Crime Complaint Center has received more than 5,100 reports related to bank account takeovers, with total reported losses exceeding $262 million.
The case highlights the persistent effectiveness of phishing campaigns delivered through paid search advertisements. Even brief exposure of banking credentials can result in severe financial damage, reinforcing the need for stronger user awareness and international cooperation in combating cyber-enabled financial crime.
