How 'Operation Cookie Monster' took down a major dark web marketplace

Operation Cookie Monster, an international police operation, took down a major dark web criminal marketplace.

Operation Cookie Monster, an international police operation, took down a major dark web criminal marketplace. Image: REUTERS/Eva Plevier

Spencer Feingold
Digital Editor, World Economic Forum
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Centre for Cybersecurity

Listen to the article

  • Operation Cookie Monster, an international police operation, took down a major dark web criminal marketplace.
  • The illicit platform sold access credentials that were stolen from compromised computer networks.
  • The takedown comes as experts urge private and public organizations to better protect themselves against cybercrimes.

Genesis Market, one the world’s largest illicit online marketplaces, was shut down this month in a police operation that involved over a dozen international law enforcement agencies.

Dubbed “Operation Cookie Monster,” the crackdown resulted in the seizure of hundreds of thousands of stolen identities and online access credentials that were for sale on the platform. The operation, which also led to over 100 arrests worldwide, was headed by the US FBI and the Dutch National Police and served a major blow to global cybercrime efforts, according to officials and experts.

“Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers,” Edvardas Šileris, the Head of Europol’s European Cybercrime Centre, said in a statement.

Founded in 2018, Genesis Market advertised and sold stolen data such as usernames, passwords, bank account details and device “fingerprints” like computer and mobile phone identifiers. The data was often harvested by malicious software deployed into computer networks by cybercriminals.

The platform had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, according to law enforcement agencies. This includes thousands of credentials stolen from over 460,000 computer devices that were advertised for sale at the time “Operation Cookie Monster” took down the site.

“Behind every cyber criminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending,” Rob Jones, the Director General and Threat Leadership of Britain's National Crime Agency (NCA), added in a statement. “Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.”

The Genesis Market website after 'Operation Cookie Monster' took down the site.
The Genesis Market website after 'Operation Cookie Monster' took down the site. Image: Europol

Aside from facilitating consumer identity theft and fraud, Genesis Market sold access credentials connected to a variety of important sectors such as finance, critical infrastructure and government agencies, authorities said. The platform often sold the data to ransomware actors and other types of cybercriminals that would then infiltrate and exploit computer networks around the world.

In 2021, for example, hackers successfully breached the network of an unnamed US company using stolen data and source code purchased on Genesis Market, according to the US Treasury. The agency also said Genesis Market had been used by cybercriminals to target the US government.

“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” US Attorney General Merrick Garland said in a statement.

Cyber experts and law enforcement agencies have been increasingly calling for international cooperation to disrupt cybercrime.

At the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland, Jürgen Stock, the Secretary-General of the International Criminal Police Organization (INTERPOL), stated that tackling cybercrime requires a “global response” with “enhanced and coordinated” enforcement efforts. “The key to winning the battle against cybercrime is, of course, to work together to make it a priority across the geopolitical fault lines,” Stock said.

The takedown of Genesis Market also comes as experts urge private and public organizations to better protect themselves against cybercrimes.

“As the global cost of cybercrime continues to rise, and professionalized cybercriminal groups are continuing to create new attack types, governments and private organizations must remain vigilant in their efforts to prevent cybercrime, and work together across national borders to disrupt these criminal networks,” said Gretchen Bueermann, a Research and Analysis Specialist at the Forum's Centre for Cybersecurity.

In 2020, the World Economic Forum launched its Partnership against Cybercrime initiative to explore ways to amplify public-private cooperation and confront the increasing and evolving threat of cybercrime. As the Forum’s Global Cybersecurity Outlook 2023 report notes, “Professionalized cybercriminal groups have continued to grow and create a higher volume of new attack types.”

The takedown of Genesis Market is an important step in the fight against cybercrime, but it is only one battle in a larger war.

Gretchen Bueermann, World Economic Forum Centre for Cybersecurity.

Following Operation Cookie Monster, Dutch police created a portal for internet users to check whether their online identity had been posted on the platform. Visit the portal here to confirm your information is secure.

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

US-led operation takes down global botnet, and other cybersecurity news to know this month

Akshay Joshi

June 14, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum