![](\"https:\/\/media.wired.com\/photos\/629a782f3131584d3183604a\/master\/pass\/alphabay_GettyImages-1355609808.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Andy Greenberg| Date: Mon, 06 Jun 2022 13:46:02 +0000<\/strong><\/p>\n Andy Greenberg<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n For years, dark<\/span> web markets and the law enforcement agencies that combat them have been locked into a cycle of raid, rinse, repeat: For every online black market destroyed, another has always been there to take its place. But rarely has a dominant dark web market been busted by a massive law enforcement operation only to rise from the ashes half a decade later and regain its top spot\u2014a feat that may very soon be achieved by AlphaBay, the once and future king of the contraband crypto-economy.<\/p>\n In July of 2017, a global law enforcement sting known as Operation Bayonet<\/a> took down AlphaBay\u2019s sprawling narcotics-and-cybercrime bazaar, seizing the site\u2019s central server in Lithuania and arresting its creator, Alexandre Cazes, outside his home in Bangkok. Yet in August of last year, AlphaBay\u2019s number-two administrator and security specialist, publicly known only as DeSnake, suddenly reappeared, announcing AlphaBay\u2019s resurrection in a new and improved form. Now, 10 months later, thanks in part to a tumult of takedowns and the mysterious disappearances of competing dark web markets, DeSnake\u2019s reincarnated AlphaBay is now well on its way to its former heights atop the digital underworld. By some measures, it appears to have already regained that spot.<\/p>\n \u201cYes, AlphaBay is the #1 darknet marketplace right now,\u201d says DeSnake, writing to WIRED in a text-based conversation last week. \u201cI did tell you we were going to be #1 before,\u201d he added, referring to our interview with AlphaBay\u2019s new admin at the time of its relaunch last summer<\/a>. \u201cAs I have told you, I do what I say.\u201d<\/p>\n DeSnake\u2019s boast is at least partly true: As of last week, AlphaBay had more than 30,000 unique product listings\u2014largely drugs, from ecstasy to opioids to methamphetamines\u2014but also thousands of listings for malware and stolen data, like Social Security numbers and credit card details. That\u2019s up from a mere 500 listings in September of last year. Another older market called ASAP displays more than 50,000 listings. But ASAP is known to allow vendors to post duplicate listings. And according to security firm Flashpoint, which closely tracks the competing markets, AlphaBay had more than 1,300 active vendors in roughly the first six months of this year, compared to about 1,000 for ASAP. According to Flashpoint\u2019s data, AlphaBay\u2019s listings also appear to be growing significantly faster.<\/p>\n Other markets touted in dark web forums like Archetyp and Incognito, meanwhile, have only a few thousand or just a few hundred listings. All of that suggests AlphaBay may already be the most popular market for dark web vendors to list their wares for sale.<\/p>\n AlphaBay\u2019s tens of thousands of product listings are still a tiny fraction of the more than 350,000 it offered before its 2017 takedown, when it was the biggest dark web market ever seen. By the FBI\u2019s estimate, it was 10 times the size of the legendary Silk Road drug market<\/a>. DeSnake concedes that the new AlphaBay's revenue hasn\u2019t yet come close to the level of its 2017 peak, when blockchain analysis firm Chainalysis estimates that AlphaBay generated as much as $2 million a day in sales. (DeSnake declined to share current sales numbers but said they are \u201cin the big digits.\u201d)<\/p>\n Also, unlike most competitors, the new version of AlphaBay only allows users to buy and sell in the privacy-focused cryptocurrency Monero, not Bitcoin, transactions of which can often be tracked through blockchain surveillance<\/a>. That makes the site\u2019s sales difficult to measure and may mean it has fewer sales per listing, since many users prefer to trade in Bitcoin.<\/p>\n But even accounting for that difference and other unknowns in a side-by-side analysis of dark web markets, AlphaBay appears to be the leading marketplace, or will be soon, says Ian Gray, a dark web-focused analyst at security firm Flashpoint. \u201cThe writing is on the wall that AlphaBay is probably going to regain that spot as the most popular marketplace,\u201d says Gray, \u201cAnd it already seems like it\u2019s the biggest in terms of volume of vendors.\u201d<\/p>\n AlphaBay\u2019s quick growth\u2014or regrowth\u2014has been fueled in part by what Gray calls \u201cthe Great Cyber Resignation.\u201d At least 10 dark web markets have dropped offline for various reasons in the last 18 months. Some have been busted by law enforcement, like Dark Market, which was the target of a Europol-led takedown operation early last year<\/a>; or Hydra, the massive Russian-language drug and money-laundering market whose servers were seized in a law enforcement raid in April<\/a>. Others, like Dark0de and World Market, are believed to have pulled \u201cexit scams,\u201d disappearing suddenly with their users\u2019 money. Still others, like Cannazon and White House Market, staged more considerate and organized exits, giving users time to pull out any funds held on the sites.<\/p>\n Dark web market product listing data shows how the new AlphaBay market has survived a mass exodus of competitors. (Data does not include ASAP data for the last two days of the analyzed time period.)<\/p>\n Until late May, that left a site called Versus as the last leading market standing. But then, just two weeks ago, DeSnake published a post on the dark web market forum Dread with evidence that pointed to a security vulnerability in Versus\u2014provided to him, DeSnake claimed, by a user named \u201cthreesixty\u201d\u2014that exposed Versus\u2019 IP address, potentially leaving its users vulnerable to hackers or law enforcement. \u201cBoth threesixty and myself have the best intentions,\u201d DeSnake wrote in his post. \u201cWe hope to have a fruitful conversation about security on marketplaces.\u201d<\/p>\n Versus responded by immediately announcing its retirement. \u201cWe will say that there was a clear agenda behind the way this was originally handled,\u201d wrote the site\u2019s administrator, who went by the name William Gibson, \u201cbut we leave you to draw your own conclusions.\u201d<\/p>\n DeSnake, meanwhile, maintained both on Dread and to WIRED that he doesn\u2019t have any personal or professional connection to threesixty, the hacker whose vulnerability discovery took down AlphaBay's largest remaining competitor. \u201cWe handled it the best possible way, due to the severity of the issue,\u201d DeSnake says.<\/p>\n Aside from the circumstances around Versus\u2019 exit, the recently dwindling number of dark web markets is perhaps due to the generally hostile environment they face, says Flashpoint\u2019s Ian Gray. Markets are often under bombardment from distributed denial of service attacks launched by competitors using waves of junk traffic to knock them offline and have to deal with constant disputes among buyers and sellers. Market administrators also feel the ever-present threat of law enforcement looming in the background. All of this incentivizes a take-the-money-and-run approach for any dark web administrator who achieves a certain level of success\u2014and has allowed DeSnake, who appears to be more ambitious and persistent in his goals, to elevate AlphaBay back to the top. \u201cWith all these other shutdowns, you have so few players in the space,\u201d says Gray. \u201cThere\u2019s really only one that\u2019s fairly well established, and that\u2019s AlphaBay.\u201d<\/p>\n When AlphaBay first reappeared, Gray and other dark web analysts and users expressed suspicion that DeSnake might be compromised by law enforcement. Although he seemed to prove his identity as the former AlphaBay\u2019s right hand by signing messages with the same PGP cryptographic key he\u2019d used in the past, many dark web denizens were wary that he might be controlled by a police agency as part of an undercover operation, as when Dutch police secretly took over the Hansa dark web drug market in 2017<\/a>.<\/p>\n After nearly a year back online, though, DeSnake says he feels \u201cvindicated,\u201d given that few if any undercover operations have lasted that long. \u201cFor majority of vendors and customers the question has been put to rest,\u201d DeSnake says.<\/p>\n If DeSnake has proven himself to be the legit heir to AlphaBay\u2014and doesn\u2019t pull an exit scam himself\u2014he still faces the risk of a law enforcement takedown, which only grows as the reborn market takes the limelight. \u201cIt\u2019s Russian roulette running a dark web marketplace, particularly with all the information we got from the AlphaBay takedown,\u201d says Grant Rabenn, a former federal prosecutor who led the investigation that resulted in AlphaBay\u2019s 2017 bust and the arrest of its original admin, Alexandre Cazes, who was later found dead in a Thai jail of an apparent suicide. (DeSnake has claimed, without proof, that Cazes was murdered.)<\/p>\n Rabenn hints that the 2017 case also resulted in US law enforcement obtaining a \u201cfair amount of information\u201d on AlphaBay\u2019s staff. As the dark web market grows, that previous investigation might provide leads on DeSnake\u2019s identity, with federal agencies refocusing their attention on AlphaBay and its new boss. \u201cIt\u2019s definitely putting a target on your back, not only from the historical conduct and connections but also being the top one,\u201d Rabenn says. \u201cEveryone\u2019s going to look for that one.\u201d<\/p>\n DeSnake tells WIRED, however, that he\u2019s developed a few forms of protection that give him confidence he\u2019ll continue to stay a step ahead of the feds. Perhaps most importantly, he claims to be based in a former Soviet country that has no extradition treaty with the US. His choice for AlphaBay to use only Monero, rather than Bitcoin, may make the sort of blockchain analysis that contributed to the original site\u2019s takedown far more difficult. And he claims to have built complex technical protections that include redundant infrastructure in multiple countries, along with a system called AlphaGuard that\u2019s designed to automatically relaunch the site on new servers in the case of a bust. \u201cWe will be back and running within a few days and without a cent lost,\u201d DeSnake says.<\/p>\n DeSnake has announced that he eventually hopes to develop a \u201cdecentralized marketplace network\u201d where dark web markets are hosted across hundreds or thousands of servers\u2014a kind of uncensorable, unseizable Bittorrent to the current markets\u2019 Napster. He claims a test version of that decentralization scheme is planned for the end of this year, and that AlphaBay will move to it sometime in 2023. \u201cFirst we want to reach the scale we did before in 2017 that is our milestone. Second, we want to launch a beta of the decentralized project,\u201d says DeSnake \u201cThen migrate step by step fully to allow AlphaBay to exist for many years ahead and usher the [darknet market] scene into a new golden era like we did before.\u201d<\/p>\n It\u2019s far from clear whether that plan\u2014or DeSnake\u2019s self-described invulnerability\u2014is real or a mirage. But he does appear to have followed through\u2014or will soon\u2014on his first promise: to regain the dark web\u2019s crown. And another period of AlphaBay\u2019s reign may be just beginning.<\/p>\n