On July 20th, the drug markets of the dark web suffered a devastating blow. The United States Federal Bureau of Investigations announced their involvement in Alphabay, formerly the largest dark web market, going dark two weeks earlier. After Alphabay was inaccessible for a few days, users and vendors began to migrate to Hansa, at the time the second largest marketplace.

Two hours after the FBI announced they were responsible for the Alphabay takedown, Dutch police announced they had gained control of Hansa on June 20th and had been secretly running the marketplace, collecting identifiable information about not only Hansa’s regular userbase but the influx of Alphabay “refugees.” This one-two punch of takedowns has left parts of the dark web reeling and, understandably, even more paranoid than before.

After a major market goes down, the immediate question that both buyers and vendors ask is usually “where do we go now?” Many users will follow a trusted vendor, while others generally go to the largest and most popular of the remaining markets in hopes of better prices and selection: the natural successor to Alphabay and Hansa was Dream. Dream is another drug-focused dark web marketplace; prior to July 20th, Dream was less popular due to persistent accusations from users of, among other things, having a scammer on the market staff and refusing to ban compromised vendors. Immediately after the takedown, rumors began spreading on both dark web and clearweb forums that not only had law enforcement been controlling Hansa, they also had control of Dream for months. Some users believed that law enforcement would wait to take down the website until after they processed the information of dozens of new users fleeing Alphabay and Hansa.

The screenshot below was taken on July 20th, the day the Hansa takedown was announced: reddit user luckyduckquack had posted that Hansa was compromised eleven days before it became public and immediately began spreading the news that Dream was also under law enforcement control.

Accusations against Dream were further fueled by their reputation: the same issues that made users hesitant to flee to Dream after the Hansa takedown made them quick to believe law enforcement had a hand in running the site. Users also brought up old security flaws as evidence that law enforcement must have been able to gain access to Dream. While Dream did briefly close their forums after the Alphabay/Hansa takedown, they’ve since been restored and the site remains up and as functional as it ever was (which is to say that many people are still complaining about the UI and scammy vendors).

Users also have begun taking on more personal responsibility in their approach to security in the wake of Alphabay and Hansa: rather than just trying to find a new, more secure market, many users are encouraging their counterparts to take more active responsibility for their security, relying on personal encryption and security measures rather than trusting the marketplace to protect their information (in other words, reminding fellow buyers to follow best practices). Assuming the market will be hacked and encrypting your own messages, maintaining different passwords across sites, and making sure javascript is disabled as you browse – these are more achievable in the minds of users than believing that marketplaces will have ever have truly effective security.

Based on even more recent activity among the remaining markets, they’re right: since Alphabay and Hansa went down, two more markets, Darknet Heroes League and Sourcery, have had massive security issues exposed by reddit user t0mcheck. t0mcheck unveiled that they had been conducting penetration tests on the remaining markets to determine how secure the markets were: after finding easily exploitable flaws in both markets, t0mcheck posted details online to call attention to the issues and