On July 20th, the drug markets of the dark web suffered a devastating blow. The United States Federal Bureau of Investigations announced their involvement in Alphabay, formerly the largest dark web market, going dark two weeks earlier. After Alphabay was inaccessible for a few days, users and vendors began to migrate to Hansa, at the time the second largest marketplace.
Two hours after the FBI announced they were responsible for the Alphabay takedown, Dutch police announced they had gained control of Hansa on June 20th and had been secretly running the marketplace, collecting identifiable information about not only Hansa’s regular userbase but the influx of Alphabay “refugees.” This one-two punch of takedowns has left parts of the dark web reeling and, understandably, even more paranoid than before.
After a major market goes down, the immediate question that both buyers and vendors ask is usually “where do we go now?” Many users will follow a trusted vendor, while others generally go to the largest and most popular of the remaining markets in hopes of better prices and selection: the natural successor to Alphabay and Hansa was Dream. Dream is another drug-focused dark web marketplace; prior to July 20th, Dream was less popular due to persistent accusations from users of, among other things, having a scammer on the market staff and refusing to ban compromised vendors. Immediately after the takedown, rumors began spreading on both dark web and clearweb forums that not only had law enforcement been controlling Hansa, they also had control of Dream for months. Some users believed that law enforcement would wait to take down the website until after they processed the information of dozens of new users fleeing Alphabay and Hansa.
The screenshot below was taken on July 20th, the day the Hansa takedown was announced: reddit user luckyduckquack had posted that Hansa was compromised eleven days before it became public and immediately began spreading the news that Dream was also under law enforcement control.
Accusations against Dream were further fueled by their reputation: the same issues that made users hesitant to flee to Dream after the Hansa takedown made them quick to believe law enforcement had a hand in running the site. Users also brought up old security flaws as evidence that law enforcement must have been able to gain access to Dream. While Dream did briefly close their forums after the Alphabay/Hansa takedown, they’ve since been restored and the site remains up and as functional as it ever was (which is to say that many people are still complaining about the UI and scammy vendors).
Based on even more recent activity among the remaining markets, they’re right: since Alphabay and Hansa went down, two more markets, Darknet Heroes League and Sourcery, have had massive security issues exposed by reddit user t0mcheck. t0mcheck unveiled that they had been conducting penetration tests on the remaining markets to determine how secure the markets were: after finding easily exploitable flaws in both markets, t0mcheck posted details online to call attention to the issues and demand answers from both moderators and market admins. The smaller of the two markets, Sourcery, immediately confirmed the issues t0mchick had discovered and posted an action plan to win back the trust of vendors and buyers. Darknet Heroes League, on the other hand, has not issued an official statement and the site has gone dark, likely permanently.
On the other side of the dark web: how are the carding forums and markets reacting to the loss of Alphabay and Hansa? Other than the occasional clear web link posted in an “Off Topic” channel on a forum, you’d never know that the main markets had suffered a major crisis.
Carding forums are more insulated from the fear, uncertainty, and doubt that come with the takedown of a major market. Not only do they have their own, separate forums on dark and clear web sites, they also don’t incur many of the risks that drug buyers on the dark web take on when they purchase from a marketplace. A drug user also puts their personal safety at risk when they purchase from a bad vendor–a tainted product could literally kill the buyer. If a user buys from a bad vendor on a carding market, the most they’re likely to be out is some bitcoin; no physical goods change hands, so no addresses are exchanged, and far fewer law enforcement agencies are chasing fraudsters who exchange guides about how to scam pizza chains or clear web online marketplaces. That’s not to say that fraud on the dark web are “victimless crimes”; identity theft and fraud can permanently ruin people’s credit histories, finances, and lives.
While larger markets like Alphabay and Hansa can be useful for fraud vendors, there are other markets to retreat to when law enforcement takes a site offline. Because these busts are often targeting site administrators and vendors of high profile drugs, fraud vendors remain mostly unscathed by the takedown. That said, some fraud vendors were indicted for distributing fake drivers licenses and ATM skimming devices in the Alphabay takedown.
For all the immediate panic about what the Alphabay and Hansa takedowns mean for the dark web, it’s likely that this takedown will follow in the footsteps of the shutdowns of dark web markets like Silk Road, Evolution Market, and Black Market Reloaded. While a handful users will be scared off dark web markets for good, there are more than enough buyers to fill the void and plenty of places on the dark web that are unaffected by takedowns elsewhere in the system. The problem of illegal activity on the dark web won’t be solved by the death of Alphabay and Hansa. Fraud, drug sales, and dark web discussions will carry on as they always have in the past.