Last updated

AlphaBay Market
Type of site
Darknet market
Available in English
Owneralpha02 & DeSnake
Created byAlexandre Cazes
Revenue Over USD$23M (total over operation) [1]
URLpwoah7foa6au2pul.onion (defunct) [2] [3]
Users 400,000+ [4]
LaunchedSeptember 2014 [1]
Current statusOffline from July 13, 2017

AlphaBay Market was an online darknet market which operated on an onion service of the Tor network. It was shut down after a law enforcement action as a part of Operation Bayonet against it (and also the Hansa market) in the United States, Canada, and Thailand, reported 13 July 2017. [5] The alleged founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, [1] [6] was found dead in his cell in Thailand several days after his arrest; suicide is suspected. [7] [8] [9] [10] [11] [12]



AlphaBay was reportedly launched in September 2014, [1] pre-launched in November 2014 and officially launched on December 22, 2014. It saw a steady growth, with 14,000 new users in the first 90 days of operation. The darknet informer website placed AlphaBay Market in the top tier of markets regarding the 6-month survival probability and it had proven to be successful. [13] In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director at Digital Citizens Alliance. [14]

Non-standard services included customisable digital contracts around building reputations. [15]

In May 2015, the site announced an integrated digital contracts and escrow system. [16] The contract system allows users to make engagements and agree to provide services in the future, according to the terms of the contract.

By October 2015, AlphaBay had over 200,000 users. [4]

At the time of its demise in July 2017, AlphaBay had over 400,000 users. [4]

AlphaBay was noteworthy in the world of darknet markets for accepting another cryptocurrency in addition to bitcoin; support for Monero, supposedly more anonymous, was implemented at the end of August 2016. [17]

Site breaches

In April 2016, AlphaBay's API was compromised leading to 13,000 messages being stolen. [18] In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of user names to be leaked. The attack was from a single hacker who was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously. [19]

News coverage

On March 28, 2015, AlphaBay Market made the news for selling stolen Uber accounts. [20] [21] Uber made a statement regarding a potential data breach:

"We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."

In October 2015, the London-based telecommunications company TalkTalk sustained a major hack. [22] The stolen data was put for sale on AlphaBay Market, which led to the arrest of a 15-year-old boy. [23] TalkTalk CEO Dido Harding issued the following statement:

"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here."

In August 2017, AlphaBay was revealed as a possible venue by which one of the perpetrators of the 2017 Jewish Community Center bomb threats sold a "School Email Bomb Threat Service." This individual, Michael Kadar, made 245 threatening calls to schools and community centers. Criminologist David Decary-Hetu noted this event as notable for being the first example of criminal services being sold over a darkmarket. He said, "All the cases I have heard of so far turned out to be law enforcement trying to find people of interest," making this case unique in his experience to that point. [24]

Seizure and shutdown

Notice left on the Tor hidden service after AlphaBay closed AlphaBay shutdown notice.png
Notice left on the Tor hidden service after AlphaBay closed

By July 2017, AlphaBay was ten times the size of its predecessor Silk Road [25] (which was busted in October 2013), had over 369,000 listings, [1] 400,000 users, [4] was facilitating US$600,000-$800,000 of transactions per day, [26] and had reportedly built a strong reputation. [1] [27] However, a series of elementary operational security errors lead to its downfall:


Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand: [1]

Related Research Articles

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation's security and financial health.

DarkMarket was an English-speaking internet cybercrime forum created by Renukanth Subramaniam in London that was shut down in 2008 after FBI agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.

Silk Road (marketplace) 2011–2014 darknet market known for the sale of illegal drugs

Silk Road was an online black market and the first modern darknet market, best known as a platform for selling illegal drugs. As part of the dark web, it was operated as a Tor hidden service, such that online users were able to browse it anonymously and securely without potential traffic monitoring. The website was launched in February 2011; development had begun six months prior. Initially there were a limited number of new seller accounts available; new sellers had to purchase an account in an auction. Later, a fixed fee was charged for each new seller account. Silk Road provided goods and services to over 100,000 buyers.

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the Web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

Sheep Marketplace

Sheep Marketplace was an anonymous marketplace set up as a Tor hidden service. It launched in March 2013 and was one of the lesser known sites to gain popularity with the well publicized closure of the Silk Road marketplace later that year. It ceased operation in December 2013, when it announced it was shutting down after a vendor stole $6 million worth of users' bitcoins.

Operation Onymous International police operation targeting darknet markets

Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.

Agora was a darknet market operating in the Tor network, launched in 2013 and shut down in August 2015.

Evolution (marketplace)

Evolution was a darknet market operating on the Tor network. The site was founded by an individual known as 'Verto' who also founded the now defunct Tor Carding Forum.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

A darknet market is a commercial website on the web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin and related news. The website was seized on May 7, 2019 during an investigation into the owners' affiliate marketing model, in which they received money for posting links to certain darknet markets. On which they were charged with conspiracy to commit money laundering. In March 2021 site administrator Tal Prihar pleaded guilty to his charge of conspiracy to commit money laundering.

Grams is a discontinued search engine for Tor based darknet markets launched in April 2014, and closed in December 2017. The service allowed users to search multiple darknet markets for products like drugs and guns from a simple search interface, and also provided the capability for its users to hide their transactions through its bitcoin tumbler Helix.

Atlantis was a darknet market founded in March 2013, the third such type of market, concurrent with The Silk Road and Black Market Reloaded. It was the first market to accept Litecoin.

The Russian Anonymous Marketplace or RAMP was a Russian language forum with users selling a variety of drugs on the Dark Web.

The Tor Carding Forum (TCF) was a Tor-based forum specializing in the trade of stolen credit card details, identity theft and currency counterfeiting. The site was founded by an individual known as 'Verto' who also founded the now defunct Evolution darknet market.

Carding (fraud) Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass procurement of details, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Hansa was an online darknet market which operated on a hidden service of the Tor network.

Operation Bayonet was a multinational law enforcement operation culminating in 2017 targeting the AlphaBay and Hansa darknet markets. Many other darknet markets were also shut down.

Dream Market Online black market

Dream Market was an online darknet market founded in late 2013. Dream Market operated on a hidden service of the Tor network, allowing online users to browse anonymously and securely while avoiding potential monitoring of traffic. The marketplace sold a variety of content, including drugs, stolen data, and counterfeit consumer goods, all using cryptocurrency. Dream provided an escrow service, with disputes handled by staff. The market also had accompanying forums, hosted on a different URL, where buyers, vendors, and other members of the community could interact.

Dread (forum) Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter. In early 2021, a wave of DDoS attacks have targeted Dread, causing major downtime to the platform for over a week consecutively, critically hurting the community's trust in HungBunter as a self-proclaimed leader. Following these events, in mid April 2021, HugBunter has conducted a hack into World Market, an amateur and new Darknet market that has infuriated HugBunter due to being behind the DDoS attacks that shut Dread down. Following the hack, HugBunter has renamed the market to Dread Market. It is currently managed by his servant, Paris.


  1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 "Forfeiture Complaint". 20 July 2017. p. 27.
  2. "AlphaBay - Deep Dot Web". DeepDotWeb. Archived from the original on 2015-03-19. Retrieved 2015-02-06.
  3. "AlphaBay". DarkNet Stats. Archived from the original on 10 October 2016. Retrieved 13 March 2016.
  4. 1 2 3 4 "AlphaBay Dark Web Market Taken Down After Law Enforcement Raids". 14 July 2017.
  5. Statt, Nick (2017-07-14). "Dark Web drug marketplace AlphaBay was shut down by law enforcement". The Verge. Retrieved 2017-07-16.
  6. "Canadian allegedly behind shuttered Dark Web market AlphaBay". The Globe and Mail. 20 July 2017.
  7. AlphaBay taken down by law enforcement across 3 countries, WSJ says, Cyrus Farivar - 14 July 2017
  8. Lindsay Murdoch (15 July 2017). "AlphaBay suspected co-founder Alexandre Cazes found dead in Thai jail". Brisbane Times. Police said evidence points to Mr Cazes having taking his own life.
  9. "Dark web: Le Québécois arrêté en Thaïlande s'est suicidé en prison". TVA Nouvelles. 12 July 2017.
  10. "Alleged Alphabay Admin Found Dead in Bangkok Jail". DeepDotWeb. 14 July 2017. Archived from the original on 14 July 2017. Retrieved 16 July 2017.
  11. "Massive blow to criminal Dark Web activities after globally coordinated operation". 20 July 2017. Retrieved 20 July 2017.
  12. "AlphaBay, the Largest Online 'Dark Market,' Shut Down". Department of Justice, Office of Public Affairs. 20 July 2017.
  13. "Black-market risks -". Gwern.
  14. "Buying Drugs Online Remains Easy". Southwest Coalition.
  15. Francis, Ryan (13 October 2016). "Darkweb marketplaces can get you more than just spam and phish" . Retrieved 16 October 2016.
  16. Cox, Joseph (1 May 2015). "This Dark Web Market Just Started Offering Contracts for Anything" . Retrieved 3 August 2015.
  17. Aliens, C. (23 August 2016). "AlphaBay and Oasis Markets to Begin Accepting Monero for Payments". Archived from the original on 5 November 2016. Retrieved 12 November 2016.
  18. Cox, Joseph (27 April 2016). "Vulnerability in Huge Dark Web Marketplace Exposes Private Messages" . Retrieved 23 January 2017.
  19. Murdock, Jason (24 January 2017). "AlphaBay leak: Over 200,000 private messages from Dark Web drugs marketplace hacked" . Retrieved 27 January 2017.
  20. "Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1". Motherboard.
  21. "Stolen Uber accounts on sale for $1 each". DigitalTrends.
  22. "TalkTalk hacked in significant and sustained cyberattack". Engadget.
  23. "TalkTalk breach: CEO dismisses encryption, 15-year-old arrested". NakedSecurity.
  24. Gurman, Sadie (8 August 2017). "Docs: Bomb threats suspect offered services on dark net". AP NEWS. Retrieved 14 January 2020.
  25. Leyden, John (2017-07-20). "Cops harpoon two dark net whales in megabust: AlphaBay and Hansa : Tor won't shield you, warn Feds". The Register. Retrieved 2017-07-21.
  26. "AlphaBay, Biggest Online Drug Bazaar, Goes Dark, and Questions Swirl". 6 July 2017.
  27. Leovy, Jill (2017-07-20). "AlphaBay sold drugs, guns and hacking tools online — until a sting operation shut it down". Los Angeles Times. Retrieved 2017-07-27.
  28. McCarthy, Kieren (2017-07-20). "Alphabay shutdown: Bad boys, bad boys, what you gonna do? Not use your Hotmail... ...or the Feds will get you ♪". The Register. Retrieved 2017-07-21.
  29. 1 2 3 "Dead Canadian fugitive lived in Thai luxury". Bangkok Post. 13 July 2017.
  30. Wassayos Ngamkham (12 July 2017). "Canadian drug suspect found hanged in cell". Bangkok Post.
  31. "RCMP's 'Dark Web' investigation leads to searches in Montreal, Trois-Rivières". Montreal Gazette. 5 July 2017.
  32. "When DarkNet 'business' Goes Wrong – Alphabay & DeSnake". Jakub Hanke. 13 July 2017. Archived from the original on 21 December 2018. Retrieved 23 July 2017.
  33. AFP (16 July 2017). "Dead Canadian a dark web suspect". The Star Online.
  34. "Sessions on dark web Alphabay and Hansa shut down". BBC News. 20 July 2017. Retrieved 16 August 2017.
  35. "9 nations join probe into 'darknet' site". Bangkok Post. 24 July 2017. NSB poised to pounce on more suspects

See also