The dark web marketplace is making its way back to the top of the online underworld, five years after it was taken offline.
For years, dark web markets and the police who try to stop them have been stuck in a cycle of raids, clean up, and repeat. For every online black market that was shut down, another one was always there to take its place. But rarely has a major dark web market been shut down by a large law enforcement operation, only to come back from the ashes five years later and take the top spot. AlphaBay, the once and future king of the illegal crypto-economy, may soon be able to do this.
In July 2017, a global police operation called "Operation Bayonet" shut down the huge drug and cybercrime market AlphaBay. The site's main server was seized in Lithuania, and its creator, Alexandre Cazes, was arrested outside his home in Bangkok. But in August of last year, AlphaBay's number-two administrator and security expert, who was only known as "DeSnake," suddenly showed up again and said that AlphaBay was coming back in a new and better way. Now, 10 months later, thanks in part to a flurry of takedowns and the mysterious disappearances of competing dark web markets, DeSnake's reborn AlphaBay is well on its way to returning to its former position at the top of the digital underworld. By some measures, it looks like it's already back where it was.
"Yes, AlphaBay is the most popular darknet market right now," said DeSnake in a text conversation with WIRED last week. "I did tell you we were going to be #1 before," he said, referring to our interview with AlphaBay's new admin at the time of its relaunch last summer. "I do what I say, as I've already told you."
At least some of what DeSnake says is true: AlphaBay had more than 30,000 unique listings for products as of last week. Most of these were for drugs like ecstasy, opioids, and methamphetamines, but there were also thousands of listings for malware and stolen information like Social Security numbers and credit card details. In September of last year, there were only 500 listings. More than 50,000 listings are shown on an older market called ASAP. But vendors are known to be able to post the same listing more than once on ASAP. And according to the security company Flashpoint, which keeps a close eye on the competing markets, AlphaBay had more than 1,300 active vendors in the first half of this year, while ASAP only had about 1,000. Flashpoint's data also shows that AlphaBay's listings seem to be growing much faster.
Other markets that are talked about in dark web forums like Archetyp and Incognito only have a few thousand or a few hundred listings. All of this shows that AlphaBay may already be the most popular place for people to sell things on the dark web.
AlphaBay still only has tens of thousands of listings for products, which is a very small number compared to the more than 350,000 it had before it was shut down in 2017. Before that, it was the biggest dark web market ever seen. According to the FBI, it was 10 times as big as the famous Silk Road drug market. DeSnake admits that the new AlphaBay hasn't made nearly as much money as it did at its peak in 2017. At that time, a blockchain analysis company called Chainalysis said that AlphaBay made as much as $2 million a day in sales. (DeSnake wouldn't say how much money they make now, but they said it's "in the big digits.")
Also, unlike most competitors, the new version of AlphaBay only lets users buy and sell in the privacy-focused cryptocurrency Monero, not Bitcoin, whose transactions can often be tracked through blockchain surveillance. Because of this, it's hard to figure out how many sales the site makes, and since many users prefer to trade in Bitcoin, it's possible that the site makes less money per listing.
But even after taking into account this difference and other unknowns in a side-by-side comparison of dark web markets, Ian Gray, a dark web-focused analyst at security firm Flashpoint, says AlphaBay seems to be the leading market, or will be soon. "It's written on the wall that AlphaBay is probably going to get back to being the most popular market," says Gray. "It already seems to have the most sellers."
Gray calls it "the Great Cyber Resignation," and it has helped AlphaBay grow quickly, or grow back. In the last 18 months, at least 10 dark web markets have shut down for different reasons. Some have been shut down by law enforcement, like Dark Market, which was the target of a Europol-led takedown operation early last year, or Hydra, a huge Russian-language drug and money-laundering market whose servers were seized in an April raid. Others, like Dark0de and World Market, are thought to have used "exit scams" to steal their users' money and then vanished without a trace. Still others, like Cannazon and White House Market, left in a more organized way that gave users time to get any money they had on the sites.
That left a site called Versus as the only top market until the end of May. But then, just two weeks ago, DeSnake posted on the dark web market forum Dread evidence that pointed to a security flaw in Versus. The evidence, which DeSnake said was given to him by a user named "threesixty," showed that Versus' IP address was exposed, making its users potentially vulnerable to hackers or law enforcement. "Both I and threesixty are trying to help," DeSnake wrote in his post. "We hope that our talk about security on marketplaces will be useful."
Versus's response was to announce its retirement right away. The site's administrator, who went by the name William Gibson, wrote, "We will say that there was a clear goal behind how this was handled at first, but we'll let you figure out what that was."
DeSnake, on the other hand, said both on Dread and to WIRED that he doesn't know or work with threesixty, the hacker whose discovery of a vulnerability shut down AlphaBay's largest remaining competitor. "Because the situation was so bad, we did the best we could," says DeSnake.
Ian Gray of Flashpoint thinks that the fact that the number of dark web markets has been going down lately might not just be because of what happened with Versus, but also because of how hostile the web is in general. Distributed denial of service attacks are often used by competitors to knock markets offline by flooding them with junk traffic. Markets also have to deal with constant fights between buyers and sellers. The threat of law enforcement is also always there for the people in charge of the market. All of this encourages dark web administrators who reach a certain level of success to take the money and run. This has helped DeSnake, who seems to be more ambitious and determined in his goals, bring AlphaBay back to the top. "There are so few players left in the space after all these other closures," says Gray. "There is only one that is pretty well known, and that is AlphaBay."
When AlphaBay came back for the first time, Gray and other dark web analysts and users thought that law enforcement might have hacked DeSnake. Even though he seemed to prove his identity as the former AlphaBay's right hand by signing messages with the same PGP cryptographic key he'd used before, many people on the dark web were worried that he might be controlled by a police agency as part of an undercover operation, like when Dutch police secretly took over the Hansa dark web drug market in 2017.
But after almost a year of being back online, DeSnake says he feels "vindicated" because very few undercover operations have lasted that long. "The question has been answered for most vendors and customers," says DeSnake.
Even if DeSnake proves that he is the rightful heir to AlphaBay and doesn't pull an exit scam himself, he still runs the risk of being shut down by the police. This risk grows as the new market gets more attention. "Running a dark web marketplace is like playing Russian roulette, especially with all the information we got from the AlphaBay takedown," says Grant Rabenn, a former federal prosecutor who led the investigation that led to the 2017 bust of AlphaBay and the arrest of its original admin, Alexandre Cazes, who was later found dead in a Thai jail, apparently by suicide. (DeSnake has said that Cazes was killed, but he hasn't shown proof.)
Rabenn hints that US law enforcement got a "fair amount of information" about AlphaBay's staff as a result of the 2017 case. As the dark web market grows, the investigation from before might lead to clues about who DeSnake is. Federal agencies would then turn their attention back to AlphaBay and its new boss. "It definitely puts a target on your back, not only because of what you've done in the past and your connections, but also because you're the best," says Rabenn. "That one will be looked for by everyone."
DeSnake tells WIRED, though, that he's come up with a few ways to protect himself that give him confidence that he'll always stay one step ahead of the feds. He says he lives in an ex-Soviet country that does not have an extradition treaty with the US. This may be the most important part. Since he chose for AlphaBay to only use Monero instead of Bitcoin, the kind of blockchain analysis that helped shut down the original site may be much harder to do. And he says he has built complex technical protections, like redundant infrastructure in multiple countries and a system called AlphaGuard that will automatically relaunch the site on new servers if the business fails. DeSnake says, "We'll be back up and running in a few days, and we won't lose a dime."
DeSnake has said that he wants to create a "decentralized marketplace network" where dark web markets are hosted on hundreds or thousands of servers. This would be like Bittorrent, which can't be shut down or seized, being the Napster of the dark web. He says that a test version of that decentralized plan is planned for the end of this year and that AlphaBay will move to it sometime in 2023. "First, we want to get back to the size we were at in 2017. That's our goal. Second, we want to start a beta version of the decentralized project," says DeSnake. "Then move step by step to make sure AlphaBay will be around for a long time and usher the [darknet market] scene into a new golden age, just like we did before."
It's not clear if that plan or DeSnake's claim that he can't be hurt is real or just a mirage. But he seems to have kept or will soon keep his first promise: to take back the crown of the dark web. And AlphaBay may be about to rule for yet another time.
** Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of USA GAG nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.