Story image

Major Dark Web Player goes offline: Could it be an exit scam?

07 Jul 17

One of the Dark Web's biggest marketplaces for illegal online trades was taken offline this week, with reports circulating that it was part of an 'exit scam'.

The AlphaBay marketplace had a user base of more than 20,000 users, whose unencrypted details have now been exposed as part of the shutdown.

Digital Shadows VP of strategy, Rick Holland, says that the site continued to release new features, including security enhancements.

"We confirmed that the site remained inaccessible at the time of writing. We detected only speculation as to why the marketplace was not accessible at the time of writing, with multiple users on Reddit suggesting an exit scam had taken place," Holland says.

Reports circulated that police raided two AlphaBay vendors' houses,, according to Holland.

Others have speculated that two large Bitcoin transactions to addresses belonging to AlphaBay owners were evidence of the owners stealing money - around US$3.8 million in Bitcoin.

Holland says there is no evidence of that claim yet. He says that exit scams, such as those suspected in the AlphaBay case, aren't new and are actually quite common.

"These exit scams are one of the risks when conducting business in criminal marketplaces. The increasing value of BTC (>$2,500 as of today) makes exit scams appealing. These exit scams are often the first assumption when a marketplace goes offline, however there are alternatives including intrusions from other criminals, DDoS attacks from competitors, law enforcement interdictions, and even unannounced site maintenance," he says.

"Multiple vendors of compromised data, payment card details, malware and other services would have to seek other online services. The Dream and Hansa markets are likely to benefit from any potential Alphabay demise. Digital Shadows is tracking this development and will provide updated analysis as it becomes available."

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.