AlphaBay

Last updated

AlphaBay
Alphabaylogo.png
Alphabaylogin.png
AlphaBay login screen
Type of site
 Darknet market
Available inEnglish
OwnerDeSnake
Created byDeSnake [1]
Revenue Over USD$23M (total over operation) [2]
CommercialYes
RegistrationRequired
Users 400,000+ [3]
LaunchedSeptember 2014 [2]
Current statusOffline

AlphaBay was a darknet market operating at different times between September 2014 and February 2023. [2] [4] [5] At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake. [1] [6] [7] The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, [2] [8] was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide. [9] [10] [11] [12]

Contents

History

AlphaBay reportedly launched in September 2014, [2] pre-launched in November 2014 and officially launched on December 22, 2014. It saw a steady growth, with 14,000 new users in the first 90 days of operation. The darknet informer website Gwern.net placed AlphaBay Market in the top tier of markets regarding the 6-month survival probability and it had proven to be successful. [13] In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director at Digital Citizens Alliance. [14]

Non-standard services included customizable digital contracts around building reputations. [15]

In May 2015, the site announced an integrated digital contracts and escrow system. [16] The contract system allows users to make engagements and agree to provide services in the future, according to the terms of the contract.

By October 2015, AlphaBay had over 200,000 users, [3] and a claimed 40,000 sellers. [17]

At the time of its demise in July 2017, AlphaBay had over 400,000 users, [3] and around 300,000 listed items on their website. [18]

AlphaBay is noteworthy in the world of darknet markets for accepting other cryptocurrency in addition to bitcoin; support for Monero, supposedly more anonymous, was implemented at the end of August 2016. [19] It also accepted Ethereum. [17]

Site breaches

In April 2016, AlphaBay's API was compromised, leading to 13,000 messages being stolen. [20] In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of usernames to be leaked. The attack was from a single hacker who was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously. [21]

News coverage

On March 28, 2015, AlphaBay Market made the news for selling stolen Uber accounts. [22] [23] Uber made a statement regarding a potential data breach:

"We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."

In October 2015, the London-based telecommunications company TalkTalk sustained a major hack. [24] The stolen data was put for sale on AlphaBay Market, which led to the arrest of a 15-year-old boy. [25] TalkTalk CEO Dido Harding issued the following statement:

"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here."

In August 2017, AlphaBay was revealed as a possible venue by which one of the perpetrators of the 2017 Jewish Community Center bomb threats may have sold a "School Email Bomb Threat Service." This individual, Michael Kadar, made 245 threatening calls to schools and community centers. Criminologist David Decary-Hetu noted this event as notable for being the first example of criminal services being sold over a darkmarket. He said, "All the cases I have heard of so far turned out to be law enforcement trying to find people of interest," making this case unique in his experience to that point. [26]

Seizure and shutdown

By July 2017, AlphaBay was ten times the size of its predecessor Silk Road [27] (which was busted in October 2013), had over 369,000 listings, [2] 400,000 users, [3] was facilitating US$600,000-$800,000 of transactions per day, [28] and had reportedly built a strong reputation. [2] [29] However, a series of elementary operational security errors led to its downfall:

Notice left on the Tor hidden service after AlphaBay closed AlphaBay shutdown notice.png
Notice left on the Tor hidden service after AlphaBay closed

Timeline

Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand: [2]

Relaunch

AlphaBay was relaunched as early as 8 August 2021. [39] Details of the new operation surfaced after a conversation between Wired and a user with the same verified public key as a former site administrator for AlphaBay. Using the alias DeSnake, the former vendor and self-described co-founder of the original AlphaBay now claims to operate the marketplace, placing a higher emphasis on operations security than the previous administration, stating "there is no overkill" regarding the site. [1]

As part of the site's relaunch, multiple new features have been advertised and new rules announced. Notable among new features are AlphaGuard (which allegedly prevents users from losing funds even if seizures on all servers occur at the same time), an automatic system to resolve disputes between buyers and sellers, exclusive use of Monero wallets, and the offering of I2P mirrors. [1] Concerning rules, items newly prohibited from sale include COVID-19 vaccines, firearms, products containing the narcotic fentanyl, pornography, and "hitman services". Furthermore, there is a ban on discussions of any public or private information related to the governments, organizations, or people of Russia, Belarus, Kazakhstan, Armenia, and Kyrgyzstan. [40] This has led to loose speculation that there is a connection between the site operators and the governments of these nations. [1]

In early February 2023, the market went into lockdown, preventing users with 2FA verification from logging in. Accounts affected included all of the site staff and vendors. As admin team member TheCypriot explained in a Reddit post, the site went into partial lockdown due to one of its canaries not being signed in time by DeSnake. [41] They did not reappear to rectify the problem and have not been heard from since. With its owner missing and staff unable to sign the canary to lift the lockdown themselves, Alphabay de facto ceased operations. While a number of theories about the disappearance have been proposed, none have been substantiated with evidence. [42]

Related Research Articles

<span class="mw-page-title-main">Silk Road (marketplace)</span> 2011–2013 darknet market most known for the sale of illegal drugs

Silk Road was an online black market and the first modern darknet market. It was launched in 2011 by its American founder Ross Ulbricht under the pseudonym "Dread Pirate Roberts." As part of the dark web, Silk Road operated as a hidden service on the Tor network, allowing users to buy and sell products and services between each other anonymously. All transactions were conducted with bitcoin, a cryptocurrency which aided in protecting user identities. The website was known for its illegal drug marketplace, among other illegal and legal product listings. Between February 2011 and July 2013, the site facilitated sales amounting to 9,519,664 Bitcoins.

The dark web is the World Wide Web content that exists on darknets that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

<span class="mw-page-title-main">Operation Onymous</span> International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

Agora was a darknet market operating in the Tor network, launched in 2013 and shut down in August 2015.

<span class="mw-page-title-main">Evolution (marketplace)</span> Former darknet market

Evolution was a darknet market operating on the Tor network. The site was founded by an individual known as 'Verto' who also founded the now defunct Tor Carding Forum. Evolution was active between 14 January 2014 and mid-March 2015.

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin, and related news. The website was seized on May 7, 2019, during an investigation into the owners' affiliate marketing model, in which they received money for posting links to certain darknet markets, and for which they were charged with conspiracy to commit money laundering. In March 2021 site administrator Tal Prihar pleaded guilty to his charge of conspiracy to commit money laundering.

Grams was a search engine for Tor based darknet markets launched in April 2014, and closed in December 2017. The service allowed users to search multiple darknet markets for products like drugs and guns from a simple search interface, and also provided the capability for its users to hide their transactions through its bitcoin tumbler Helix.

All Things Vice is a blog that was started in 2012 by Australian author and journalist Eileen Ormsby about news in the dark web. Since her investigations into the Silk Road in 2012, the darknet market led her to blog about various happenings in the dark web and two books, Silk Road (2014) and The Darkest Web (2018).

Atlantis was a darknet market founded in March 2013, the third such type of market, concurrent with The Silk Road and Black Market Reloaded. It was the first market to accept Litecoin.

The Russian Anonymous Marketplace or RAMP was a Russian language forum with users selling a variety of drugs on the Dark Web.

The Tor Carding Forum (TCF) was a Tor-based forum specializing in the trade of stolen credit card details, identity theft and currency counterfeiting. The site was founded by an individual known as 'Verto' who also founded the now defunct Evolution darknet market.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Hansa was an online darknet market which operated on a hidden service of the Tor network.

Operation Bayonet was a multinational law enforcement operation culminating in 2017 targeting the AlphaBay and Hansa darknet markets. Many other darknet markets were also shut down.

<span class="mw-page-title-main">Dream Market</span> Online black market

Dream Market was an online darknet market founded in late 2013. Dream Market operated on a hidden service of the Tor network, allowing online users to browse anonymously and securely while avoiding potential monitoring of traffic. The marketplace sold a variety of content, including drugs, stolen data, and counterfeit consumer goods, all using cryptocurrency. Dream provided an escrow service, with disputes handled by staff. The market also had accompanying forums, hosted on a different URL, where buyers, vendors, and other members of the community could interact. It was one of the longest running darknet markets.

<span class="mw-page-title-main">Dread (forum)</span> Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter.

Boystown was a child pornography website run through the Tor network as an onion service. It launched in June 2019 and was shut down by authorities in April 2021. Four German administrators of the site confessed and were sentenced to long prison sentences in December 2022.

Hydra is a Russian language dark web marketplace, founded in 2015, that facilitated trafficking of illegal drugs, financial services including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. On April 5, 2022, American and German federal government law enforcement agencies announced the seizure of the website's Germany-based servers and cryptocurrency assets. Before its closure, it had been the longest-running dark web marketplace. The United States Department of Justice has indicted one Russian man for his role in running the servers for the website.

Operation SpecTor was an operation coordinated by Europol, which involved nine countries, including the United States, Austria, France, Germany, and the Netherlands to disrupt fentanyl and opioid distribution. The operation targeted and took down the darknet market "Monopoly Market."

References

  1. 1 2 3 4 5 Greenberg, Andy (September 23, 2021). "He Escaped the Dark Web's Biggest Bust. Now He's Back". Wired . Condé Nast Publications. Archived from the original on September 23, 2021.
  2. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 "Forfeiture Complaint". Justice.gov. 20 July 2017. p. 27. Archived from the original on 23 September 2020. Retrieved 23 July 2017.
  3. 1 2 3 4 Cimpanu, Catalin (July 14, 2017). "AlphaBay Dark Web Market Taken Down After Law Enforcement Raids". Bleeping Computer . Archived from the original on July 14, 2017.
  4. "AlphaBay Market". DarkNetLive. Archived from the original on 2023-06-21. Retrieved 2023-06-21.
  5. "dark.fail: Is a .onion site online?". Archived from the original on 2022-07-16. Retrieved 2023-06-21.
  6. Ilascu, Ionut (August 12, 2021). "Notorious AlphaBay darknet market comes back to life". Bleeping Computer . Archived from the original on August 12, 2021.
  7. Statt, Nick (July 14, 2017). "Dark Web drug marketplace AlphaBay was shut down by law enforcement". The Verge . Vox Media. Archived from the original on July 15, 2017.
  8. Tu Thanh Ha; Freeze, Colin (July 20, 2017). "Canadian allegedly behind shuttered Dark Web market AlphaBay". The Globe and Mail . The Woodbridge Company. Archived from the original on July 21, 2017.
  9. Farivar, Cyrus (July 13, 2017). "AlphaBay taken down by law enforcement across 3 countries, WSJ says". Ars Technica . Condé Nast. Archived from the original on July 13, 2017.
  10. Murdoch, Lindsay (July 15, 2017). "AlphaBay suspected co-founder Alexandre Cazes found dead in Thai jail". Brisbane Times . Nine Entertainment. Archived from the original on July 16, 2017. Police said evidence points to Mr Cazes having taking his own life.
  11. "Massive blow to criminal Dark Web activities after globally coordinated operation". 20 July 2017. Archived from the original on 24 September 2020. Retrieved 20 July 2017.
  12. "AlphaBay, the Largest Online 'Dark Market,' Shut Down". Department of Justice, Office of Public Affairs. 20 July 2017. Archived from the original on 23 September 2020. Retrieved 21 July 2017.
  13. Branwen, Gwern (30 October 2013). "Black-market risks - Gwern.net". Gwern. Archived from the original on 22 November 2019. Retrieved 19 January 2017.
  14. "Buying Drugs Online Remains Easy". Southwest Coalition. Archived from the original on 2020-09-23. Retrieved 2015-11-02.
  15. Francis, Ryan (13 October 2016). "Darkweb marketplaces can get you more than just spam and phish". Archived from the original on 16 October 2016. Retrieved 16 October 2016.
  16. Cox, Joseph (May 1, 2015). "This Dark Web Market Just Started Offering Contracts for Anything". Vice . Vice Media. Archived from the original on November 8, 2020.
  17. 1 2 "Office of Public Affairs | AlphaBay, the Largest Online 'Dark Market,' Shut Down | United States Department of Justice". www.justice.gov. 2017-07-20. Archived from the original on 2020-09-23. Retrieved 2023-08-30.
  18. "Dark net markets AlphaBay and Hansa shut after huge international police sting". Sky News. Archived from the original on 2023-08-30. Retrieved 2023-08-30.
  19. C. Aliens (August 23, 2016). "AlphaBay and Oasis Markets to Begin Accepting Monero for Payments". Archived from the original on November 5, 2016.
  20. Cox, Joseph (April 27, 2016). "Vulnerability in Huge Dark Web Marketplace Exposes Private Messages". Vice . Vice Media. Archived from the original on April 28, 2016.
  21. Murdock, Jason (January 24, 2017). "AlphaBay leak: Over 200,000 private messages from Dark Web drugs marketplace hacked". International Business Times . IBT Media. Archived from the original on January 25, 2017.
  22. Cox, Joseph (March 27, 2015). "Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1". Vice . Vice Media. Archived from the original on November 8, 2020.
  23. Nield, David (March 28, 2015). "Stolen Uber accounts on sale for $1 each". Digital Trends . Digital Trends Media Group. Archived from the original on March 28, 2015.
  24. Brian, Matt (October 23, 2015). "TalkTalk hacked in 'significant and sustained cyberattack'". Engadget . AOL. Archived from the original on October 23, 2015.
  25. Osborne, Charlie (October 27, 2015). "15-year-old arrested over TalkTalk hack". ZDNet . CBS Interactive. Archived from the original on October 27, 2015.
  26. Gurman, Sadie (August 8, 2017). "Docs: Bomb threats suspect offered services on dark net". Associated Press . Archived from the original on August 17, 2017.
  27. Leyden, John (July 20, 2017). "Cops harpoon two dark net whales in megabust: AlphaBay and Hansa". The Register . Situation Publishing. Archived from the original on July 20, 2017.
  28. Popper, Nathaniel (July 6, 2017). "AlphaBay, Biggest Online Drug Bazaar, Goes Dark, and Questions Swirl". The New York Times . Archived from the original on July 7, 2017.
  29. Leovy, Jill (July 20, 2017). "AlphaBay sold drugs, guns and hacking tools online — until a sting operation shut it down". Los Angeles Times . Archived from the original on July 21, 2017.
  30. Cox, Joseph (July 20, 2017). "Alleged Dark Web Kingpin Doxed Himself With His Personal Hotmail Address". Vice . Vice Media. Archived from the original on November 9, 2020.
  31. McCarthy, Kieren (July 20, 2017). "Alphabay shutdown: Bad boys, bad boys, what you gonna do? Not use your Hotmail..." The Register . Situation Publishing. Archived from the original on July 20, 2017.
  32. 1 2 3 "Dead Canadian fugitive lived in Thai luxury". Bangkok Post . July 14, 2017. Archived from the original on July 14, 2023. Retrieved October 15, 2021.
  33. Ngamkham, Wassayos (July 12, 2017). "Canadian drug suspect found hanged in cell". Bangkok Post . Archived from the original on July 14, 2023. Retrieved October 15, 2021.
  34. "RCMP's 'Dark Web' investigation leads to searches in Montreal, Trois-Rivières". Montreal Gazette . Postmedia Network. July 5, 2017. Archived from the original on July 5, 2017.
  35. Swenson, Kyle (July 18, 2017). "Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market". The Washington Post . Archived from the original on July 20, 2017.
  36. "Thailand seizes $21 million in assets from dead founder of dark net marketplace AlphaBay". Reuters . Thomson Reuters. July 24, 2017. Archived from the original on June 9, 2018.
  37. "Sessions on dark web Alphabay and Hansa shut down". BBC News . BBC. July 20, 2017. Archived from the original on July 23, 2017.
  38. "9 nations join probe into 'darknet' site". Bangkok Post . July 24, 2017. Archived from the original on July 14, 2023. Retrieved July 24, 2017. NSB poised to pounce on more suspects
  39. "AlphaBay Darknet Market is Back!". www.linkedin.com. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
  40. "AlphaBay Marketplace Re-emerges". Flashpoint. 2021-08-10. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
  41. "A Slow Burn: Exploring the Uncertain Fate of AlphaBay 2". Tailored Access. 2023-05-08. Archived from the original on 2023-05-21. Retrieved 2023-09-14.
  42. "What Really Happened to AlphaBay and DeSnake?". DarknetOne. 2023-05-29. Archived from the original on 2023-09-14. Retrieved 2023-09-14.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.