Good News: AlphaBay is Back, Big and Better
Yes, AlphaBay is Back. Analysts are monitoring its alleged re-emergence. The reason being, it was once the largest darknet marketplace in history. The black market was active from 2014 to June 2017. It got shut down following an international law enforcement operation.
Also, one of its administrators, Alexandre Cazes, got arrested. He operated under the alias "Alpha02/Admin." Today, the new AlphaBay is run by another administrator. The administrator is a threat actor operating under the name DeSnake. Now, on GhostBin, DeSnake confirmed that they were bringing the platform back.
The reason being, the poor conditions of operating dark web marketplaces. In addition, to honor the legacy of the previous administrator, Cazes. One other thing, Cazes died by suicide in Thailand after his arrest. DeSnake, said they have come up with a system called "AlphaGuard."
Indeed, its purpose is to prevent users from losing money like the previous seizure. Moreover, it would enable those operating the forum to withdraw funds. Above all, even if all servers get seized.
The New AlphaBay
Since the previous iteration of AlphaBay, new rules have gotten created. For instance, the rules discourage posts against dealing with:
All activities related to Russia, Armenia, Belarus, Kazakhstan, and Kyrgyzstan
Analysts note that threat actors from the Soviet Union avoid targeting those nations. Their reason being, not to draw attention to domestic authorities.
Further, DeSnake said the new dark market will have an "Automatic Dispute Resolve." So then, the feature will handle disputes between buyers and sellers without a moderator. In addition to that, the platform will have a ranking system. For this purpose, it will have "trust levels" to minimize scammer activities.
Furthermore, the administrator said AlphaBay would have a forum section. The forum will constitute the return of a private malware sub-community. To promote the relaunch, they will post an updated source code. It will be for a famous banking trojan.
Multiple threat actors previously associated with AlphaBay posted to confirm DeSnake's Identity. They Confirmed that DeSnake is one of the original moderators of the first AlphaBay. Still, a forum administrator under the alias "Paris" had something to say.
First, he confirmed that DeSnake was legitimate. Yet, he said that they could not prove that DeSnake had not gotten compromised by authorities. Additionally, DeSnake asked other threat actors to confirm their identities. Along with that, DeSnake included their PGP key. This was proof that they were legitimate.
How AlphaBay got Taken down in 2017
In 2017, international law enforcement took down the most successful dark markets. Again, the process got well-orchestrated, and among the marketplaces was AlphaBay. Besides, it was the most prominent and popular since Silk Road. At its peak, AlphaBay's daily sales ranged between $600,000 and $800,000.
Consequently, operation Bayonet led to the shutdown of the marketplaces. It began with Dutch police seizing a lesser-known market called Hansa Market. After that, authorities secretly ran the market for almost a month. On the other hand, US FBI operatives worked with international police to DDoS AlphaBay.
Following that, it seized its assets. Therefore, it enabled the Royal Thai Police to located and arrest Alexander Cazes. As a result, AlphaBay became inaccessible. So, thousands of traders switched to Hansa market to continue their operations. Thereupon, Dutch police operating the serves noticed an eight-fold surge of new users.
So then, authorities used the time to gather data concerning high-value targets. Moreover, they identified delivery addresses for sizable orders. Particularly those passing along 10,000 international addresses of buyers to Europol.
Together with the FBI, the Royal Thai Police organized the extradition of Cazes. However, after a week at the Narcotics suppression Bureau, he committed suicide. This happened in Bangkok. For this reason, Bangkok promised to conduct an autopsy. On the contrary, the US authorities remained unbothered regarding the death.
How did Alexander Cazes got Caught?
The US Justice Department successfully confiscated the following:
Market cryptocurrency accounts
Luxurious personal possessions in Bangkok
The authorities did that by linking his online personas to his real life. This happened through a leaked email address, [email protected]. In Bangkok, authorities carried Cazes's warrant and arrest in his apartment. Fortunately, they found his laptop unencrypted. Also, the admin account for the AlphaBay server logged in.
Likewise, authorities executed search warrants for the market's server hardware. Its location was Quebec, Canada.
AlphaBay is Back, So what about it's official return?
DeSnake promoted the return of AlphaBay with services hosted on Tor and I2P. Even so, the Tor service has been unstable since its launch. For example, it has user registration issues, login timeouts, and frequent 503 errors. Similarly, the I2P eepsite also hardly successfully loads.
In almost two months of operation, the market has a few vendors. Still, there are a couple of hundreds of listings across fraud goods and drugs. The service on Tor seems to get hosted alongside Dread services. Now, the new AlphaBay seems to get moderated by tempest, TheCypriot, and wxmaz.
Like the original AlphaBay, the market's forum is on the same domain. In addition, the forum is marketed confidential until the user introduces themselves.
Dark Web Users Remain Hesitant and Skeptical
DarkOwl assessed how the darknet community feels about the new AlphaBay. The old AlphaBay had a vocal and persistence on Darknet Market Avengers forum. Unfortunately, the forum has been offline for some weeks now.
Following that, users on XSS have been the most critical o AlphaBay and DeSnake. For example, in a particular thread, there were comments like "Welcome to the FBI HQ." on September 12, 2021, DeSnake tried to mitigate the reputation damage. Instead, his efforts backfired.
Even Reddit users on the surface web have mixed reactions.
Observations From Dark web Analysts
DarkOwl always avoids commenting on speculative dark web drama. However, there are things about AlphaBay's re-surfacing that don't add up. First, the fact that authorities confiscated the market's servers and Cazes's laptop. That brings suspicion on whether the new marketplace is legitimate. Otherwise, it could be another covert law enforcement operation.
As a result, analysts shared the following observations:
Registration of the market is unnecessarily complicated.
The bot detection measures and DDoS protection are excessive for a new market.
The marketplace has an outrageous number of strict rules.
AlphaBay only allows the cryptocurrency Monero