Pierluigi Paganini August 14, 2021

The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service.

The darknet marketplace AlphaBay resurfaced four years after an international operation conducted by law enforcement agencies took down it.

AlphaBay was active between 2014 and June 2017, law enforcement seized the marketplace and arrested the administrator Alexandre Cazes (aka “Alpha02/Admin”), who died by suicide in prison in Thailand.

“At the time of its downfall AlphaBay was ten times the size of its largest predecessor, Silk Road, facilitating $600,000 – $800,000 of transactions a day between over 400,000 users. In total, AlphaBay facilitated over $650 million of sales, for items such as narcotics, hacking tools and firearms.” explained the security expert Tom Robinson from Elliptic,

The new AlphaBay is run by a threat actor that uses the moniker DeSnake and that is believed to be a moderator of the old marketplace. The administrator of the new marketplace promises a more resilient darknet market, it implements a new advanced feature called “AlphaGuard” which would allow threat actors operating on the forum to withdraw funds even if all servers are seized by law enforcement.

The new marketplace will include an “Automatic Dispute Resolver” feature to quickly handle disputes between buyers and sellers.

“DeSnake said they have created a system called “AlphaGuard” which would allow threat actors operating on the forum to withdraw funds even if all servers are seized.” reported Flashpoint. “The rules of the marketplace have been slightly amended since the previous iteration of AlphaBay and now include rules against posts dealing with fentanyl, COVID-19 vaccines, ransomware, and any activity related to Russia, Belarus, Kazakhstan, Armenia, and Kyrgyzstan. Flashpoint analysts note that threat actors based in the countries of the former Soviet Union avoid targeting those countries, as to not draw attention of domestic law enforcement.” 

The revamped marketplace also bans posts about illicit drugs, COVID-19 vaccines, and ransomware.

“The new AlphaBay has been launched with a list of new rules,” reported Robinson “,which in addition to the usual no hitmen/guns/CSAM, includes the following:

• No fentanyl or fentanyl-laced/based substances
• No Covid-19 vaccines of any sorts
• No Russia/Belarus/Kazakhstan/Armenia/Kyrgyzstan-related activity (people,organizations,governments) or citizens data 
• No ransomware selling, recruiting for access to deploy ransomware or ransomware discussions

The new AlphaBay will implement a forum section that will also include a private malware sub-community. DeSnake claims they this new section will include an updated source code for a popular banking trojan. 

Robinson explained that multiple members of the dark market community claim to have verified DeSnake’s identity. that multiple members of the dark market community claim to have verified DeSnake’s identity.

“I recently spoke with DeSnake and he asked me to confirm that it is him. Using PGP keys and more importantly with things that only he knew as a staff member of AlphaBay and I can say this account / market is owned by the former AlphaBay security admin.” states the alleged previous AlphaBay moderator Disc0.

Robinson pointed out that at the time of writing, the new AlphaBay features three listings.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]