Skip to main content
Press Release

Moldovan National And Technical Mastermind Of xDedic Marketplace Extradited From Spain

For Immediate Release
U.S. Attorney's Office, Middle District of Florida

Tampa, Florida –United States Attorney Roger B. Handberg along with Special Agent in Charge Brian Payne, IRS-Criminal Investigation, Tampa Field Office, and Special Agent in Charge David Walker, FBI-Tampa Division, announces the arrest and extradition from Spain of Alexandru Habasescu (30, Moldova). Habasescu is charged in a superseding indictment with conspiracy to commit access device fraud and substantive counts of access device fraud, for his role as an administrator of the xDedic Marketplace. If convicted on all counts, Habasescu faces a maximum penalty of 15 years in federal prison. The indictment also notifies the defendant that the United States is seeking an order of forfeiture of the proceeds and facilitating property of the fraud.

Habasescu was taken into custody by Spanish authorities in Tenerife, Canary Islands on March 14, 2022, and extradited to the United States pursuant to the extradition treaty between the United States and Spain. 

According to public documents, the xDedic Marketplace, established around October 2014, illegally sold login credentials (usernames and passwords) to compromised servers and social security numbers belonging to U.S. citizens. Habasescu, who resided in Chisnau, Moldova, acted as the lead developer and technical mastermind for the Marketplace.

Under U.S. law, fraudulently obtained passwords and social security numbers are considered unauthorized access devices. Once purchased, criminals used these credentials to facilitate a wide range of illegal activity that included tax fraud, credit card fraud, and ransomware attacks. In total, Marketplace offered over 700,000 compromised credentials for sale—including at least 150,000 in the United States and at least 8,000 in the State of Florida. The victims span the globe and all industries, including local, state, and federal government infrastructure, hospitals, 911 call centers and emergency services, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.

The xDedic Marketplace operated across distributed infrastructure and utilized Bitcoin in order to hide the locations of its underlying servers and the identities of its administrators, buyers, and sellers. Buyers could search for compromised computer credentials on xDedic by desired criteria, such as price, geographic location, and operating system. On January 24, 2019, seizure orders were executed against the domain names of the xDedic Marketplace, effectively ceasing the website’s operation. The international operation to dismantle and seize this infrastructure was the result of close cooperation with law enforcement authorities in Belgium and Ukraine, the European law enforcement agency Europol, the National High Tech Crime Unit from the Dutch National Police and the German Bundeskriminalamt provided assistance in the operation to seize xDedic’s infrastructure.

An indictment is merely a formal charge that a defendant has committed one or more violations of federal criminal law, and every defendant is presumed innocent unless, and until, proven guilty.

The U.S. investigation was led by the IRS-Criminal Investigation and the FBI-Tampa Division, with assistance from the IRS-Criminal Investigation’s Cyber Crimes Unit from the Washington D.C Field Office. Substantial assistance was also provided by the Department of Justice’s Office of International Affairs and Homeland Security Investigations (HSI).

The investigation is being overseen by Assistant United States Attorneys Rachel Jones and Carlton Gammons. Asset forfeiture will be handled by Assistant United States Attorney Suzanne Nebesky.

Updated November 23, 2022

Financial Fraud