In a decade-long operation, it seems that law enforcement finally caught the trail of a shadowy figure known only as the “Try2Check”. This darknet website operated and thrived as a criminal enterprise allowing the sale of stolen credit card information to buyers all over the world. The platform was playing a critical role in various fraudulent operations until now. A breakthrough in the case and the end of Try2Check. All it took was a decade-long operation, tireless detective work, and cutting-edge investigative techniques.
What is Try2Check
Try2Check was a card-checking services platform that allowed users to check whether their stolen credit cards were valid before being used for fraudulent activities. The Darknet Market was in operation for 18 years, from 2005 to April 2023, and its owner, Denis Gennadievich Kulkov, was recently unmasked as the mastermind behind the operation.
Try2Check was available on both the clearnet and the darknet and was an effortless operation. What they offered as a service was a way for holders of stolen credit cards to make a payment (sub $1) that credit card providers wouldn’t flag. It’s a merchant reauthorization system that most companies user. This way, the card holders could validate whether their purchased stolen credit cards were valid or not. Try2Check exploited the services of an undisclosed US payment processing company, using its preauthorization services to check the validity of the stolen card.
Fraudulent criminals would pay a reasonably small amount of Bitcoin as a reward for checking the credit card batches. As credit card fraud picked up in the age of the internet, the website became the go-to place for CC checking for criminals. By the time the FBI and US-Secret-Service launched an all-out investigation, millions of credit cards had already been checked.
This system was perfectly flawless and left the FBI dumbfounded on a solution… until November 2018. An undercover agent used Try2Check’s card-checking services to check the validity of twenty newly created credit card numbers. The FBI was not holding back from offering a reward to anyone who could help find those operating Try2Check… $1,000,000 in rewards.
Investigating a Criminal Enterprise
The FBI and US Secret Service officially launched an investigation into Try2Check in 2013. The investigators initially suspected that the platform was exploiting a payment processing company in the United States. Still, they only later discovered that Try2Check was using the company’s preauthorization services to check the validity of stolen credit cards. For years, the FBI had not made much progress in their investigation.
While the FBI and US Secret Service worked in the background, Try2Check submitted over 16 million credit card numbers yearly. All checks submissions took place between April 13, 2018, and December 31, 2018, and were directly tied to nine IP addresses.
To identify the Try2Check mastermind, the investigators focused on the usernames “Kreenjo” and “Nordex,” which advertised card-checking services on multiple carding forums (such as Breach Forums). FBI connected these Anon names to the same ICQ number (a randomly generated number for anonymous users), after searching through all they could find on “Nordex” they identified Denis Kulkov.
It came down to a failure in Denis’s OpSec. The investigators obtained information from an undisclosed cryptocurrency exchange that revealed a user with the username “Nordexin.” (using the same names across various platforms is a big OpSec No No!) The user used the name “Denis Kulkov” and an address in Samara, Russia, to open the account. The exchange provided Kulkov’s passport and Russian driver’s license for verification. The exchange also gave the investigators a phone number and two email addresses linked to the Nordexin account. Additionally, the IP address used by Nordex to join the carding forums was of an Internet Service Provider located in Samara, Russia.
Despite holding this information, it took until May 2019 when FBI investigators acquired a warrant to search an undisclosed email hosting and cloud backup services provider associated with one of the Nordexin email addresses.
They discovered that the account had been used to save screenshots of Try2Check’s admin panel. One of the images showed a list of the platform’s users and their Bitcoin balances. The account also had multiple emails sent by Kulkov, including to a cryptocurrency exchange he wanted to use to cash out his cryptocurrency.
The website only went offline in April 2023
“Today is a bad day for criminals who relied on the defendant’s platform as the gold standard to verify that the credit cards they stole from hard working individuals living in the Eastern District of New York and across the world had value. Today’s indictment and global takedown of the Try2Check website demonstrates that the Office, together with our partners, will disrupt cybercrime operations no matter where they are based.”
United States Attorney Peace.
Sentencing of Kulkov
As of April 2023, Denis Gennadievich Kulkov, a Russian national, has been indicted on charges related to his alleged operation of the cybercriminal website Try2Check. The charges against Kulkov include access device fraud, computer intrusion, wire fraud, and money laundering.
According to court filings, Kulkov created Try2Check in 2005 and developed it into a tool for cybercriminals to verify the validity of stolen credit card numbers before selling them on the dark web. The website was used to check tens of millions of credit cards each year and helped card shops make hundreds of millions in Bitcoin profits. The same goes for Kulkov, who made over $18 million in Bitcoin alone from operating Try2Check.
Through the illegal operation of his websites, the defendant made at least $18 million in bitcoin (as well as an unknown amount through other payment systems), which he used to purchase a Ferrari, among other luxury items.
JOD Court Fillings
Although Kulkov has not been captured yet, Try2Check’s websites were taken offline. It’s likely that law enforcement agencies coordinated with hosting companies and domain registrars to take down the website. The details of the takedown operation have not been made public. State Department issued a $10 million reward for information leading to Kulkov’s capture.
Conclusion: Almost a Success
The takedown of Try2Check and the indictment of its alleged operator, Denis Kulkov, is a significant achievement in the fight against cybercrime. However, they still do not have custody over the alleged and don’t know much about the operations. The charges against Kulkov are serious, and if convicted, he could face a 20-year prison sentence and substantial financial penalties.
If you have information regarding this individual, please contact the U.S. Secret Service at [email protected].
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.