Which Darknet Market Has Replaced DarkMarket?
A few weeks ago, German law enforcement shut down DarkMarket, a dark web marketplace, and arrested its administrator, an Australian living in Europe. By all accounts, DarkMarket was a large illicit market, with :
- Nearly 500,000 users;
- More than 2,400 sellers;
- Over 320,000 transactions;
- More than 4,650 bitcoin and 12,800 monero transferred for a total of CAD$217 million in sales.
Back then, we reported this was significant news because:
- At the time, the dark web had fallen victim to a major DDoS. This made browsing painfully slow. There have been rumors that these attacks are generated by law enforcement to locate the servers hosting dark web markets.
- Many police operations have targeted dark web markets, but also the facilitators that help their users find the markets, and learn how to use them safely. With markets being down, and the support community also targeted, purchases are more difficult to make.
This reasoning has led us to believe that the level of activity on dark web markets would be low for weeks, possibly months. This blog post explores how the dark web industry has recovered from the DarkMarket takedown.
White House Market Is Undeniably the New Darknet Leader
We analyzed the number of listings for all major cryptomarkets currently active. These numbers suggest that White House is the new leader in terms of activity, with over 29,000 listings for sale. This is more than twice its nearest competitor, Dark0de, a market established only a few months ago. There still appears to be much competition between the markets, with no clear concentration of listings in a single market. Over the past few years, we have become used to one international market dominating the dark web.
Uncertainty and Complexity Mean Fewer Activities
It is somewhat surprising to see that dark web markets, while still numerous, do not appear to have recovered from the DarkMarket takedown. We can pose a few hypotheses as to why.
First, the main market, White House, now only accepts Monero as a method of payment. Monero is a fully anonymous cryptocurrency that cannot be tracked, and with no public blockchain of transactions. Monero is, however, more difficult to purchase, and less known than bitcoin. Its transfer rate is very slow, as transactions need to clear before a new one can be made. This often translates to a 20-minute wait between transfers. The lower ease of use could scare some participants away, who are not familiar with the cryptocurrency.
Because Monero is fully anonymous, many of the major exchange sites are unwilling to buy or sell the currency to protect against prosecution. It is indeed difficult to vet and know customers who receive this anonymous currency.
To obtain Monero, individuals can use the Local Monero website to arrange an in-person or virtual meeting with someone who has Monero. They can then negotiate an exchange rate, and proceed with the exchange.
A much easier method is to use atomic swaps. Cryptocurrency wallets such as Exodus let their users exchange bitcoins for Monero. Since bitcoins are much easier to purchase than Monero, an individual can use a major exchange to purchase bitcoins, and then atomic swap them for Monero on their wallet application on their phone for example.
Another reason for the low level of activity on the darkweb is the accumulation of police operations. We are beginning to understand that each police operation, taken individually, does not have much impact on the dark web industry. Taken together, however, they are indicative of an ability for law enforcement to identify the servers hosting the dark net markets, to take them down, and seize their data. If the dark net is unable to guarantee the anonymity of its participants, then it is not surprising to see them moving back to clear web resources that are easier to use, and, in the end, provide the same low level of security.
Finally, we are seeing that the main active markets would never win any web design competition. White House now uses two different types of captchas that are definitely not easy to solve. Many, such as the BigBlue Market shown below, just have very poor user interfaces, complicated captchas, and poor search engines, which make it difficult to find interesting listings.
Far from the End of Darknet Markets
While the security the dark net affords may be lower than before, it is still useful for market participants to protect their identity against each other. For law enforcement with powerful technologies, the darknet may hold fewer secrets. Yet that is not the case for the common malicious actors. As a result, we expect malicious actors to continue using the dark web to benefit from the relative anonymity it provides.
We are also witnessing an increase in website mirroring on the clear net and the darknet. Moving forward, making a distinction between the two may become increasingly difficult, as the same information may be accessible on both networks. This is good news for organizations as tracking down information is much easier on the clear net.
Law enforcement may not be able to eliminate illicit activities from the dark web, but could be at least slowing it down. This would be significant news if that were the case as this would mean that deterrence is possible in this ecosystem. The next few months will definitely be interesting to improve our understanding of how police operations shape the future of the dark web.