Rescator

Identity and Aliases

Rescator is the online alias of a Ukrainian hacker who operates in the stolen payment card trade. According to Russian cybersecurity consultancy Group-IB, Rescator is also known by the aliases Helkern and ikaikki. Beyond these details, no verified personal information has been publicly attributed to the individual.

Operations

Rescator operates a carding marketplace at rescator.cm, a platform dedicated to the sale of stolen credit card details. Group-IB has reported that Rescator uploaded over 5 million card records onto the SWIPED carder marketplace. The stolen data in circulation through the site has been sourced from victims in locations including Minnesota and the United Kingdom.

The marketplace includes a search feature that allows buyers to look up stolen card numbers by zip code. This functionality enables criminals to cash out stolen cards in geographic proximity to the original victims, a technique used to reduce the likelihood of triggering fraud alerts at issuing banks.

Unlike the now-defunct Tor Carding Forums, Rescator's marketplace is free to use. Transactions on the site are conducted via direct Bitcoin payments to sellers, and the platform does not offer escrow features that are more commonly found on darknet markets.

Connection to Major Data Breaches

Rescator's marketplace became a notable destination for payment card data stolen in several significant retail data breaches. Cards compromised in the breaches affecting Target, Home Depot, and Sally Beauty were among the stolen details that appeared on the site. These breaches collectively exposed tens of millions of consumer payment records and drew considerable attention from law enforcement and the cybersecurity community.

Incidents

In March 2014, the rescator.cm website was briefly defaced by a rival hacker, representing a rare public disruption to the marketplace's operations.