Deep Web

Four years after its takedown, AlphaBay marketplace revamped

The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service.

The darknet marketplace AlphaBay resurfaced four years after an international operation conducted by law enforcement agencies took down it.

AlphaBay was active between 2014 and June 2017, law enforcement seized the marketplace and arrested the administrator Alexandre Cazes (aka “Alpha02/Admin”), who died by suicide in prison in Thailand.

“At the time of its downfall AlphaBay was ten times the size of its largest predecessor, Silk Road, facilitating $600,000 – $800,000 of transactions a day between over 400,000 users. In total, AlphaBay facilitated over $650 million of sales, for items such as narcotics, hacking tools and firearms.” explained the security expert Tom Robinson from Elliptic,

The new AlphaBay is run by a threat actor that uses the moniker DeSnake and that is believed to be a moderator of the old marketplace. The administrator of the new marketplace promises a more resilient darknet market, it implements a new advanced feature called “AlphaGuard” which would allow threat actors operating on the forum to withdraw funds even if all servers are seized by law enforcement.

The new marketplace will include an “Automatic Dispute Resolver” feature to quickly handle disputes between buyers and sellers.

“DeSnake said they have created a system called “AlphaGuard” which would allow threat actors operating on the forum to withdraw funds even if all servers are seized.” reported Flashpoint. “The rules of the marketplace have been slightly amended since the previous iteration of AlphaBay and now include rules against posts dealing with fentanyl, COVID-19 vaccines, ransomware, and any activity related to Russia, Belarus, Kazakhstan, Armenia, and Kyrgyzstan. Flashpoint analysts note that threat actors based in the countries of the former Soviet Union avoid targeting those countries, as to not draw attention of domestic law enforcement.” 

The revamped marketplace also bans posts about illicit drugs, COVID-19 vaccines, and ransomware.

“The new AlphaBay has been launched with a list of new rules,” reported Robinson “,which in addition to the usual no hitmen/guns/CSAM, includes the following:

  • No fentanyl or fentanyl-laced/based substances
  • No Covid-19 vaccines of any sorts
  • No Russia/Belarus/Kazakhstan/Armenia/Kyrgyzstan-related activity (people,organizations,governments) or citizens data
  • No ransomware selling, recruiting for access to deploy ransomware or ransomware discussions

The new AlphaBay will implement a forum section that will also include a private malware sub-community. DeSnake claims they this new section will include an updated source code for a popular banking trojan. 

Robinson explained that multiple members of the dark market community claim to have verified DeSnake’s identity. that multiple members of the dark market community claim to have verified DeSnake’s identity.

“I recently spoke with DeSnake and he asked me to confirm that it is him. Using PGP keys and more importantly with things that only he knew as a staff member of AlphaBay and I can say this account / market is owned by the former AlphaBay security admin.” states the alleged previous AlphaBay moderator Disc0.

Robinson pointed out that at the time of writing, the new AlphaBay features three listings.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

2 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

5 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

19 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.