Ransomware Group: QILIN

VICTIM NAME: villagecoin[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Village Coin Shop, a retailer specializing in numismatic products, including US Mint and Royal Canadian Mint bullion. The leak was publicly discovered on July 1, 2025, and the attack is believed to have occurred around the same date. The readme highlights the shop’s activities within the technology sector and indicates a potential data breach involving sensitive financial documents. The page includes a screenshot illustrating internal files, such as invoices, suggesting that confidential transactional information may have been compromised. No personally identifiable information (PII) or customer data is explicitly displayed on the leak, focusing instead on technical details and leaked files. This breach underscores risks related to digital security for retail businesses handling financial assets and highlights the importance of cybersecurity vigilance.

The leak contains a link to an external site hosting more details about the compromised data, and the post suggests the attacker group involved is identified as “qilin.” The attack date associated with this incident is July 1, 2025, and the victim is based in the United States. The visual evidence includes a screenshot depicting what appears to be internal invoices or financial records, which may be intended to demonstrate the extent of the data breach. This event emphasizes the ongoing threats faced by retail and commercial entities in the era of digital and ransomware attacks. No additional personal or sensitive data such as usernames, emails, or customer PII is publicly revealed through this leak.