Rumors are rife that one of the dark web’s largest English language marketplaces has been hit by an exit scam, potentially shattering trust in underground sites like it.
Empire Market, which sells everything from drugs to stolen cards, counterfeit goods and bulletproof hosting, has been offline since last week after initial reports of a major DDoS attack on the site.
DDoS attacks have become an increasingly common way for cyber-criminals to extort money from the site’s administrators, and for law enforcers to disrupt their operations.
A moderator for Empire Market took to the Dread forum in a now deleted post to explain that a persistent threat actor had overcome its DDoS-mitigation measures, according to Digital Shadows. Another crippling attack from a different actor then finally persuaded the admins to close the site, taking all the funds currently in escrow with them, they added.
That individual reportedly claimed that the administrators hadn’t planned to exit scam the site, as in premeditated cases they would normally have disabled withdrawals for several weeks while accepting payments in order to maximize their haul.
If the news is correct, the site’s founders will still have left with a sizeable chunk of cash. Empire market had over 55,000 listings and processed around $6.5m each week, according to Digital Shadows.
Following exit scams from the likes of Apollon, Nightmare and BitBazaar over the past year, this latest incident will do much more to harm trust on the dark web, the threat intelligence firm opined.
“In this tumultuous environment, with English-language marketplaces disappearing left, right and center, Empire had become a bastion of steadfastness — a beacon of credibility to which all other dark web marketplaces were compared,” it explained.
“A proven exit scam would shatter the fragile trust that the cyber-criminal community had learned to place in this platform. We will probably return to levels of fear, uncertainty, and doubt not seen since the wake of the Hansa and AlphaBay disruption.”
In fact, law enforcement efforts had already done much to erode trust on the dark web, according to a Trend Micro report from June.
Cyber-criminals are responding to the threat with innovations like direct (walletless) buyer-to-vendor payments, multi-signatures on BTC and Monero, encrypted messaging and a ban on JavaScript, it said. Some have apparently even migrated to gaming comms platform Discord and e-commerce platform Shoppy.gg to buy and sell.
Digital Shadows claimed the fall of Empire Market may also drive a surge in popularity for closed forums and private communication channels.