Two individuals have been arrested in the law enforcement operation against the notorious Nulled and Cracked cybercrime forums.

Reports of a takedown effort targeting the two hacking websites emerged earlier this week, when Nulled, Cracked and other sites associated with illegal activities started displaying a message informing visitors that they had been seized by law enforcement.

On Thursday, Europol and the US Justice Department confirmed that an operation — named Operation Talent and conducted January 28-30 — had targeted Nulled, Cracked and other cybercrime websites, with over a dozen domains being seized.

According to Europol, two suspects were arrested, seven properties were searched, and 17 servers and more than 50 electronic devices were seized. In addition, investigators seized roughly €300,000 ($310,000) in cash and cryptocurrencies.

Law enforcement agencies in the US, Australia, France, Spain, Italy, Germany, Greece, and Romania took part in the operation.

The two suspects — an unnamed man and a woman — were arrested in Spain, specifically in the city of Valencia, according to the country’s Ministry of Interior. 

The man is likely 29-year-old Lucas Sohn, an Argentinian national living in Spain, who has been charged by the US Justice Department for being one of Nulled’s administrators. Sohn faces up to five years in prison for conspiracy to traffic in passwords, 10 years for access device fraud, and 15 years for identity fraud.

According to authorities, Cracked had been around since March 2018, providing a platform for selling stolen credentials, hacking tools, and hosting services. The site had more than four million users, it hosted more than 28 million posts, and generated roughly $4 million in revenue. Cracked impacted at least 17 million victims from the United States.

Nulled, which had been around since 2016, had five million users, 43 million posts, and generated a yearly revenue of roughly $1 million. 

The takedown effort also targeted a financial processor named Sellix, which had been used by Cracked, as well as StarkRDP, a bulletproof hosting service advertised on both platforms and, according to Europol, run by the same suspects. 

Related: 22,000 IPs Taken Down in Global Cybercrime Crackdown

Related: AWS Seizes Domains Used by Russia’s APT29

Related: 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement