Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world.
To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by the U.S. Federal Bureau of Investigation (FBI) pursuant to a warrant issued by a United States District Court. The servers were seized in Amsterdam.
However, a Telegram message posted by operators on August 28, 2025, shows that they have already relaunched the service on the domain “veriftools[.]com.” The domain was created on December 10, 2018, per DomainTools. It’s currently not known who the administrators of the platform are.
“The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts,” the U.S. Department of Justice (DoJ) said Thursday.
The DoJ said the FBI began investigating the service in 2022 after it discovered a criminal operation to leverage stolen identities to access cryptocurrency accounts. The probe revealed that the illegal platform was being used to generate counterfeit identification documents for all 50 states of the U.S., as well as other foreign countries, for as little as $9.
An equivalent of approximately $6.4 million of illicit proceeds has been linked to the VerifTools marketplace, the FBI said.
On the VerifTools website, the operators argue plausible deniability by stating that: “Legal usage of the service is your responsibility. By using the service, you must be aware of the local, state, and federal laws in your jurisdiction and take sole responsibility for your actions.”
Following the takedown, a Reddit user by the name Powda_reaper claimed on the r/blackhat subreddit that the site owners messaged them saying “the website is currently down due to major issues” and that they were bringing the site back up by August 29, while reassuring them that “Your funds are safe.”
“The internet is not a refuge for criminals. If you build or sell tools that let offenders impersonate victims, you are part of the crime,” said Acting U.S. Attorney Ryan Ellison. “We will use every lawful tool to disrupt your business, take the profit out of it, and bring you to justice. No one operation is bigger than us together.”
The Dutch National Police, in a coordinated statement, described VerifTools as one of the largest providers of false identity documents. In addition to two physical servers, more than 21 virtual servers have been confiscated.
The officials also noted that the website’s entire infrastructure on the servers has been secured and copied for subsequent analysis. In the Netherlands, forgery, false proof of identity, and deploying counterfeit payment instruments each carry a maximum prison sentence of six years.
“Many companies and agencies use so-called Know Your Customer verification (KYC), which often requires only an image of an ID. By using VerifTools, that KYC control could be bypassed,” the Politie said. “Criminals gratefully use platforms such as VerifTools, because they can commit their fraud with the created documents, such as bank helpdesk fraud and phishing.”
