Katana VentraIP

AlphaBay

AlphaBay was a darknet market operating at different times between September 2014 and February 2023.[2][4][5] At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake.[1][6][7] The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991,[2][8] was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide.[9][10][11][12]

Type of site

Darknet market

English

DeSnake

DeSnake[1]

Over USD$23M (total over operation)[2]

Yes

Required

400,000+[3]

September 2014[2]

Offline

History[edit]

AlphaBay reportedly launched in September 2014,[2] pre-launched in November 2014 and officially launched on December 22, 2014. It saw a steady growth, with 14,000 new users in the first 90 days of operation. The darknet informer website Gwern.net placed AlphaBay Market in the top tier of markets regarding the 6-month survival probability and it had proven to be successful.[13] In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director at Digital Citizens Alliance.[14]


Non-standard services included customizable digital contracts around building reputations.[15]


In May 2015, the site announced an integrated digital contracts and escrow system.[16] The contract system allows users to make engagements and agree to provide services in the future, according to the terms of the contract.


By October 2015, AlphaBay had over 200,000 users,[3] and a claimed 40,000 sellers.[17]


At the time of its demise in July 2017, AlphaBay had over 400,000 users,[3] and around 300,000 listed items on their website.[18]


AlphaBay is noteworthy in the world of darknet markets for accepting other cryptocurrency in addition to bitcoin; support for Monero, supposedly more anonymous, was implemented at the end of August 2016.[19] It also accepted Ethereum.[17]

Site breaches[edit]

In April 2016, AlphaBay's API was compromised, leading to 13,000 messages being stolen.[20] In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of usernames to be leaked. The attack was from a single hacker who was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously.[21]

About the time the service first began in December 2014, Cazes used his address [email protected] as the 'From' address in system generated welcome and password reset emails, which he also used for his LinkedIn profile and his legitimate computer repair business in Canada.[2]

Hotmail

Cazes used a , Alpha02, to run the site which he had previously used (e.g., in carding and tech forums) since at least 2008, and variously advertised this identity as the "designer", "administrator" and "owner" of the site.[2][30]

pseudonym

When Cazes was arrested, he was logged into his laptop performing an administrative reboot on an AlphaBay server in direct response to a law-enforcement-created artificial system failure; furthermore, encryption was wholly absent on that laptop.[31]

[2]

Cazes' laptop reportedly contained an unencrypted personal net worth statement mapping all global assets across multiple jurisdictions, conveniently leading police to complete asset seizure.

[2]

The servers were hosted at a company in Canada directly linked to his person.

[2]

The servers contained multiple constantly open (unencrypted) hot cryptocurrency wallets.

[2]

Cazes' flashy use of proceeds to purchase property, passports and luxury cars and frequent online boasting about his financial successes, including posting videos of himself driving luxury cars acquired through illegal proceeds, not only revealed his geographical location, but also made denying connection to the service impossible.

[2]

Assets acquired through proceeds were held in a variety of accounts directly linked to Cazes, his wife and companies they owned in Thailand (the jurisdiction in which they lived), as well as directly held personal accounts in Liechtenstein, Cyprus, Switzerland and Antigua.

[2]

Cazes' statements about the goal of the site — "launched in September 2014 and its goal is to become the largest eBay-style underworld marketplace" — helped to legally establish intent.

[2]

Relaunch[edit]

AlphaBay was relaunched as early as 8 August 2021.[39] Details of the new operation surfaced after a conversation between Wired and a user with the same verified public key as a former site administrator for AlphaBay. Using the alias DeSnake, the former vendor and self-described co-founder of the original AlphaBay now claims to operate the marketplace, placing a higher emphasis on operations security than the previous administration, stating "there is no overkill" regarding the site.[1]


As part of the site's relaunch, multiple new features have been advertised and new rules announced. Notable among new features are AlphaGuard (which allegedly prevents users from losing funds even if seizures on all servers occur at the same time), an automatic system to resolve disputes between buyers and sellers, exclusive use of Monero wallets, and the offering of I2P mirrors.[1] Concerning rules, items newly prohibited from sale include COVID-19 vaccines, firearms, products containing the narcotic fentanyl, pornography, and "hitman services". Furthermore, there is a ban on discussions of any public or private information related to the governments, organizations, or people of Russia, Belarus, Kazakhstan, Armenia, and Kyrgyzstan.[40] This has led to loose speculation that there is a connection between the site operators and the governments of these nations.[1]


In early February 2023, the market went into lockdown, preventing users with 2FA verification from logging in. Accounts affected included all of the site staff and vendors. As admin team member TheCypriot explained in a Reddit post, the site went into partial lockdown due to one of its canaries not being signed in time by DeSnake.[41] They did not reappear to rectify the problem and have not been heard from since. With its owner missing and staff unable to sign the canary to lift the lockdown themselves, Alphabay de facto ceased operations. While a number of theories about the disappearance have been proposed, none have been substantiated with evidence.[42]

(15 November 2022). Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. Knopf Doubleday Publishing Group. ISBN 978-0-385-54810-6.

Greenberg, Andy

Greenberg, Andy (October 25, 2022). . Wired.com.

"The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow"

Greenberg, Andy (November 1, 2022). . Wired.com.

"The Hunt for the Dark Web's Biggest Kingpin, Part 2: Pimp_alex_91"

Greenberg, Andy (8 November 2022). . Wired.com.

"The Hunt for the Dark Web's Biggest Kingpin, Part 3: Alpha Male"

Greenberg, Andy (15 November 2022). . Wired.com.

"The Hunt for the Dark Web's Biggest Kingpin, Part 4: Face to Face"

Greenberg, Andy (22 November 2022). . Wired.com.

"The Hunt for the Dark Web's Biggest Kingpin, Part 5: Takedown"