For years, dark web markets and the law enforcement agencies that combat them have been locked into a cycle of raid, rinse, repeat: For every online black market destroyed, another has always been there to take its place. But rarely has a dominant dark web market been busted by a massive law enforcement operation only to rise from the ashes half a decade later and regain its top spot—a feat that may very soon be achieved by AlphaBay, the once and future king of the contraband crypto-economy.
In July of 2017, a global law enforcement sting known as Operation Bayonet took down AlphaBay’s sprawling narcotics-and-cybercrime bazaar, seizing the site’s central server in Lithuania and arresting its creator, Alexandre Cazes, outside his home in Bangkok. Yet in August of last year, AlphaBay’s number-two administrator and security specialist, publicly known only as DeSnake, suddenly reappeared, announcing AlphaBay’s resurrection in a new and improved form. Now, 10 months later, thanks in part to a tumult of takedowns and the mysterious disappearances of competing dark web markets, DeSnake’s reincarnated AlphaBay is now well on its way to its former heights atop the digital underworld. By some measures, it appears to have already regained that spot.
“Yes, AlphaBay is the #1 darknet marketplace right now,” says DeSnake, writing to WIRED in a text-based conversation last week. “I did tell you we were going to be #1 before,” he added, referring to our interview with AlphaBay’s new admin at the time of its relaunch last summer. “As I have told you, I do what I say.”
DeSnake’s boast is at least partly true: As of last week, AlphaBay had more than 30,000 unique product listings—largely drugs, from ecstasy to opioids to methamphetamines—but also thousands of listings for malware and stolen data, like Social Security numbers and credit card details. That’s up from a mere 500 listings in September of last year. Another older market called ASAP displays more than 50,000 listings. But ASAP is known to allow vendors to post duplicate listings. And according to security firm Flashpoint, which closely tracks the competing markets, AlphaBay had more than 1,300 active vendors in roughly the first six months of this year, compared to about 1,000 for ASAP. According to Flashpoint’s data, AlphaBay’s listings also appear to be growing significantly faster.
Other markets touted in dark web forums like Archetyp and Incognito, meanwhile, have only a few thousand or just a few hundred listings. All of that suggests AlphaBay may already be the most popular market for dark web vendors to list their wares for sale.
AlphaBay’s tens of thousands of product listings are still a tiny fraction of the more than 350,000 it offered before its 2017 takedown, when it was the biggest dark web market ever seen. By the FBI’s estimate, it was 10 times the size of the legendary Silk Road drug market. DeSnake concedes that the new AlphaBay's revenue hasn’t yet come close to the level of its 2017 peak, when blockchain analysis firm Chainalysis estimates that AlphaBay generated as much as $2 million a day in sales. (DeSnake declined to share current sales numbers but said they are “in the big digits.”)
Also, unlike most competitors, the new version of AlphaBay only allows users to buy and sell in the privacy-focused cryptocurrency Monero, not Bitcoin, transactions of which can often be tracked through blockchain surveillance. That makes the site’s sales difficult to measure and may mean it has fewer sales per listing, since many users prefer to trade in Bitcoin.
But even accounting for that difference and other unknowns in a side-by-side analysis of dark web markets, AlphaBay appears to be the leading marketplace, or will be soon, says Ian Gray, a dark web-focused analyst at security firm Flashpoint. “The writing is on the wall that AlphaBay is probably going to regain that spot as the most popular marketplace,” says Gray, “And it already seems like it’s the biggest in terms of volume of vendors.”
AlphaBay’s quick growth—or regrowth—has been fueled in part by what Gray calls “the Great Cyber Resignation.” At least 10 dark web markets have dropped offline for various reasons in the last 18 months. Some have been busted by law enforcement, like Dark Market, which was the target of a Europol-led takedown operation early last year; or Hydra, the massive Russian-language drug and money-laundering market whose servers were seized in a law enforcement raid in April. Others, like Dark0de and World Market, are believed to have pulled “exit scams,” disappearing suddenly with their users’ money. Still others, like Cannazon and White House Market, staged more considerate and organized exits, giving users time to pull out any funds held on the sites.
Dark web market product listing data shows how the new AlphaBay market has survived a mass exodus of competitors. (Data does not include ASAP data for the last two days of the analyzed time period.)
Flashpoint
Until late May, that left a site called Versus as the last leading market standing. But then, just two weeks ago, DeSnake published a post on the dark web market forum Dread with evidence that pointed to a security vulnerability in Versus—provided to him, DeSnake claimed, by a user named “threesixty”—that exposed Versus’ IP address, potentially leaving its users vulnerable to hackers or law enforcement. “Both threesixty and myself have the best intentions,” DeSnake wrote in his post. “We hope to have a fruitful conversation about security on marketplaces.”
Versus responded by immediately announcing its retirement. “We will say that there was a clear agenda behind the way this was originally handled,” wrote the site’s administrator, who went by the name William Gibson, “but we leave you to draw your own conclusions.”
DeSnake, meanwhile, maintained both on Dread and to WIRED that he doesn’t have any personal or professional connection to threesixty, the hacker whose vulnerability discovery took down AlphaBay's largest remaining competitor. “We handled it the best possible way, due to the severity of the issue,” DeSnake says.
Aside from the circumstances around Versus’ exit, the recently dwindling number of dark web markets is perhaps due to the generally hostile environment they face, says Flashpoint’s Ian Gray. Markets are often under bombardment from distributed denial of service attacks launched by competitors using waves of junk traffic to knock them offline and have to deal with constant disputes among buyers and sellers. Market administrators also feel the ever-present threat of law enforcement looming in the background. All of this incentivizes a take-the-money-and-run approach for any dark web administrator who achieves a certain level of success—and has allowed DeSnake, who appears to be more ambitious and persistent in his goals, to elevate AlphaBay back to the top. “With all these other shutdowns, you have so few players in the space,” says Gray. “There’s really only one that’s fairly well established, and that’s AlphaBay.”
When AlphaBay first reappeared, Gray and other dark web analysts and users expressed suspicion that DeSnake might be compromised by law enforcement. Although he seemed to prove his identity as the former AlphaBay’s right hand by signing messages with the same PGP cryptographic key he’d used in the past, many dark web denizens were wary that he might be controlled by a police agency as part of an undercover operation, as when Dutch police secretly took over the Hansa dark web drug market in 2017.
After nearly a year back online, though, DeSnake says he feels “vindicated,” given that few if any undercover operations have lasted that long. “For majority of vendors and customers the question has been put to rest,” DeSnake says.
If DeSnake has proven himself to be the legit heir to AlphaBay—and doesn’t pull an exit scam himself—he still faces the risk of a law enforcement takedown, which only grows as the reborn market takes the limelight. “It’s Russian roulette running a dark web marketplace, particularly with all the information we got from the AlphaBay takedown,” says Grant Rabenn, a former federal prosecutor who led the investigation that resulted in AlphaBay’s 2017 bust and the arrest of its original admin, Alexandre Cazes, who was later found dead in a Thai jail of an apparent suicide. (DeSnake has claimed, without proof, that Cazes was murdered.)
Rabenn hints that the 2017 case also resulted in US law enforcement obtaining a “fair amount of information” on AlphaBay’s staff. As the dark web market grows, that previous investigation might provide leads on DeSnake’s identity, with federal agencies refocusing their attention on AlphaBay and its new boss. “It’s definitely putting a target on your back, not only from the historical conduct and connections but also being the top one,” Rabenn says. “Everyone’s going to look for that one.”
DeSnake tells WIRED, however, that he’s developed a few forms of protection that give him confidence he’ll continue to stay a step ahead of the feds. Perhaps most importantly, he claims to be based in a former Soviet country that has no extradition treaty with the US. His choice for AlphaBay to use only Monero, rather than Bitcoin, may make the sort of blockchain analysis that contributed to the original site’s takedown far more difficult. And he claims to have built complex technical protections that include redundant infrastructure in multiple countries, along with a system called AlphaGuard that’s designed to automatically relaunch the site on new servers in the case of a bust. “We will be back and running within a few days and without a cent lost,” DeSnake says.
DeSnake has announced that he eventually hopes to develop a “decentralized marketplace network” where dark web markets are hosted across hundreds or thousands of servers—a kind of uncensorable, unseizable Bittorrent to the current markets’ Napster. He claims a test version of that decentralization scheme is planned for the end of this year, and that AlphaBay will move to it sometime in 2023. “First we want to reach the scale we did before in 2017 that is our milestone. Second, we want to launch a beta of the decentralized project,” says DeSnake “Then migrate step by step fully to allow AlphaBay to exist for many years ahead and usher the [darknet market] scene into a new golden era like we did before.”
It’s far from clear whether that plan—or DeSnake’s self-described invulnerability—is real or a mirage. But he does appear to have followed through—or will soon—on his first promise: to regain the dark web’s crown. And another period of AlphaBay’s reign may be just beginning.
AlphaBay Is Taking Over the Dark Web—Again
(May require free registration to view)
- aum
- 1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.