LOCKBIT RANSOMWARE LEAKED

**Executive summary:** On 7 May 2025 a LockBit internal panel database (paneldb_dump) was leaked containing a 26.3 MB SQL export with tables for pkeys, clients, builds, chats, invites, files, migrations and ~59,975 bitcoin addresses; the analysis reports ~19,012 client IDs, multiple public keys, chat transcripts showing ransom negotiations and payments, build/decryptor artifacts, affiliate invite records (~3,700), and operational logs—material that materially exposes LockBit operational infrastructure, victim interactions, and numerous indicators of compromise. The group later claimed the leak was of a lightweight panel and indicated they regained control and rebuilt services.