239
News that won’t make the news: One of the largest illicit marketplaces on the dark web, Incognito Market, has begun a mass exit scam/extortion campaign, seizing 10s of millions of $ in cryptocurrency (hexbear.net)
submitted 3 months ago* (last edited 3 months ago) by CoolerOpposide@hexbear.net to c/news@hexbear.net
155 comments fedilink hide all child comments

On March 10th, several days after Incognito Market was assumed to be shut down or no longer be processing transactions, the site posted a message to its homepage that reads as follows:

”Expecting to hear the last of us yet? We got one final little nasty suprise for y'all. We have accumulated a list of private messages, transaction info and order details over the years. You'll be surprised at the number of people that relied on our "auto-encrypt" functionality. And by the way, your messages and transaction IDs were never actually deleted after the "expiry"...”

”SURPRISE SURPRISE !!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up. We'll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers' info is on that list is totally up to you. And yes... YES, THIS IS AN EXTORTION !!! As for the buyers, we'll be opening up a whitelist portal for them to remove their records as well in a few weeks.”

”Thank you all for doing business with Incognito Market”

Exit scams are not uncommon on dark web markets, but this one is particularly large and openly threatening compared to most. Incognito Market requires the loading of cryptocurrency to a site-based wallet, which can then be used for in-house transactions only. All cryptocurrency on the site was seized from user’s wallets, estimated to be anywhere from $10 million to $75 million. After seizing the cryptocurrency wallets of all of the marketplace’s users, the site now openly explains that it will publish transactions and chat logs of users who refuse to pay an extortion fee. The fee ranges from $100 to $20,000, a volume based 5 tier buyer/seller classification.

Incognito Market also now has a Payment Status tab, which states ”you can see which vendors care about their customers below.” and lists the some of the market’s largest sellers. Sellers which have allegedly paid the extortion fee to not have their transaction records released are displayed in green, while those who have not yet paid are displayed in red.

Additionally, in a few weeks the site claims it will have a “whitelist portal” which would allow buyers to wipe their transactions and re-encrypt chat records.

Whoever is behind the website must be extremely, extremely confident in their anonymity, already working with government agencies, or both, because a bounty on this person is likely worth millions.

top 50 comments
sorted by: hot top controversial new old
[-] Infamousblt@hexbear.net 122 points 3 months ago

One of the funniest things in the world to me is when libertarian bros, whose entire ideology is built solely on trust in non binding agreements, get destroyed when one side breaks the trust. It happens every single time and it is always funny. Non binding trust agreements can only work in a world built around human empathy, community, and mutual aid (aka: anarchism). Individualism and trust based ideology are at direct odds with each other, and yet libertarians are literally too dumb to realize this, and they fall for it every time.

I'm not saying that incognito market is a libertarian site, or that its users are libertarians, but this sort of thing is exactly what the libertarian ideal looks like. A completely unregulated marketplace built solely on the basis of trust. Every single time it happens it backfires spectacularly. It's the oldest trick in the book and people keep falling for it.

[-] Adkml@hexbear.net 71 points 3 months ago

Put 10 libertarians in a room and every single one thinks they're the smartest person in there and their gonna scam all these other suckers for everything they've got.

Crabs in a bucket

[-] cosecantphi@hexbear.net 46 points 3 months ago* (last edited 3 months ago)

Incognito and virtually all drug black markets in general are necessarily ancapistan writ small without even being ideological on either the market's or customer's end. It's just the natural outcome of a black market that can't possibly be regulated. If the US government ever wants to stop the flood of fentanyl deaths, the only way forward is to legalize pharmaceutical heroin and distribute it for free without a profit motive to people suffering from addiction. Too bad that'll never happen.

load more comments (12 replies)
load more comments (2 replies)
[-] FuckyWucky@hexbear.net 78 points 3 months ago

I love ancapistan.

[-] SorosFootSoldier@hexbear.net 66 points 3 months ago

Imagine if 4chan or reddit or w/e did get their own country kekistan it'd be on fire and the copper wire gutted out of the walls by day 2

[-] CoolerOpposide@hexbear.net 82 points 3 months ago* (last edited 3 months ago)

This already happened in Grafton, New Hampshire as a result of the so-called “Free Town Project” and the town got so overrun with management issues, including an infestation of black bears and other beasts of the forest, that even the libertarians who lived there determined the project had to be abandoned. Not an exaggeration. Here’s a brief section from the Wikipedia article about it:

In 2004, Grafton became the focus for Libertarians as part of the Free Town Project (a single-town version of the Free State Project). One of the goals was to advocate for legal changes. Grafton's appeal as a favorable destination was due to its absence of zoning laws and a then-low property tax rate. John Babiarz, a Grafton resident and prominent member of the Libertarian Party, encouraged libertarian people to move there.

During this time, the town's population grew by about 200 people (about 20%); nearly all of the newcomers were men. Project participants did not find themselves as welcome as they had hoped, but they voted in changes including a 30% reduction in the town's already-small budget. This resulted in eliminating funding to the county's senior-citizens council, town offices going unheated during the winter, poorly maintained roads filled with potholes, and inconsistent basic services, such as trash collection. The libertarian newcomers additionally increased the town's costs by filing lawsuits against it in attempts to set various legal precedents.

Some libertarian newcomers to Grafton refused to buy bear-resistant containers. The project has been associated with an increase in the number and aggressiveness of black bears in town, including entering homes, mauling people, and eating pets. A single, definitive cause for the abnormal behavior of the bears has not been proven, but it may be due to libertarian residents who refuse to buy and use bear-resistant containers, who do not dispose of waste materials (such as feces) safely, or who deliberately put out food to attract the bears to their own yards, without caring how this affected other people.

After a rash of lawsuits from Free Towners, an influx of sex offenders, an increase of crime, problems with bold local bears, and the first murders in the town's history, the Libertarian project ended in 2016.

[-] SorosFootSoldier@hexbear.net 75 points 3 months ago

Comrade bears come to deal with the lolbertarian menace.

load more comments (6 replies)
[-] Adkml@hexbear.net 38 points 3 months ago

Highly recommend looking g up libertarians previous attempts at independant towns that have hilariously predictable results.

Like the town in the desert that collapsed because nobody wanted to pay to have water trucked in after they decided they didn't want their taxes going to things like a water line.

Or the town in New Hampshire that was ruined because bears don't respect rhe NAP after they refused to pay money for garbage removal services.

Libertarians don't intellectually advance past the point where your 10 years old and think you're going to go build a house in the wood out of sticks and live there.

load more comments (1 replies)
[-] supafuzz@hexbear.net 70 points 3 months ago

we never did what we were claiming to do with your data but this time we'll really delete it if you pay us, promise

[-] RyanGosling@hexbear.net 59 points 3 months ago

I feel like paying for your data to be removed will be used as further evidence by the Feds of your identity. If you just leave it be, you can claim plausible deniability and suggest that anyone can use any address as a decoy/dead drop, which is a common tactic for dark web vendors.

[-] CoolerOpposide@hexbear.net 39 points 3 months ago* (last edited 3 months ago)

Yeah that’s a fairly common understanding of the situation thus far. Speculation at this point is that they are already in cooperation with the Feds and have been for some time

load more comments (2 replies)
[-] CoolerOpposide@hexbear.net 52 points 3 months ago* (last edited 3 months ago)

And also we super promise that even though we have a bounty of probably millions on our heads right now that we will totally be honest with your extortion transaction and not only not leak your data to the only people (govt agencies) who will care about protecting us, but also we super promise to permanently delete your data. We also super promise to delete our backdoor key to the site-wide auto encryption so any transaction and chat data which already exists will be inaccessible forever.

[-] RyanGosling@hexbear.net 35 points 3 months ago

To be fair anyone who’s foolish to use an on-site encryption feature is foolish. Almost every basic deep web guide explicitly says to use your OS’ pre-downloaded encryption apps and to never trust a site’s encryption.

[-] CoolerOpposide@hexbear.net 30 points 3 months ago

I mean yeah of course, but it tracks 100%. People who already think they are smart for using the dark web and crypto would many times be the exact people who think they’ve already taken adequate precautions. A learned fool is more of a fool than an ignorant fool.

[-] SubstantialNothingness@hexbear.net 66 points 3 months ago

Wow that's pretty wild, even for the darknet. The operator is putting a lot of heat on themselves by doing this.

To think, if we all legalized drugs then there would be none of these darknet exit scams.

It sounds like those who practiced proper OPSEC are unaffected by the extortion. Hopefully that encourages more people to take their own OPSEC seriously.

[-] InappropriateEmote@hexbear.net 40 points 3 months ago

Yep, ALWAYS encrypt your messages yourself (pgp) and don't rely on the site's encryption. Ever. This isn't just opsec 101, but absolutely basic practice for anyone using DNMs. Literally the only downside of doing that is that it's slightly less convenient while the upsides can't be counted but include making it impossible for the market/site admins to extort you like this. Any buyer should know this but it's understandable that some people just need to get their meds as easily as possible and let the opsec slide where they shouldn't. But vendors?? Not using PGP to talk to people you're selling drugs to is just astoundingly short sighted. The whole purpose of DNMs is that anonymity is maintained to an extent that this kind of thing isn't possible.

load more comments (5 replies)
[-] kristina@hexbear.net 57 points 3 months ago* (last edited 3 months ago)

I would simply not use the Internet for anything illegal enough that this is a concern

[-] ReadFanon@hexbear.net 60 points 3 months ago

I person I used to know, who turned out to be a real piece of human garbage, told me that they were using the internet to connect with dealers for irl small time consumption purchases.

Yikes

I learn a little bit more about it. It's done through Discord.

Bruh

I don't even trust Signal or Telegram that much that I'd be comfortable connecting with new people and arranging specifics relating to criminal activity. But Discord!?

Smh

And it gets worse. It's a Discord group and the mods facilitated a verification process - you would literally upload a photo of your purchased goods to the moderators.

Holy fucking shit

By this stage I'm like "Nope, I don't want to hear anything more about this" because this was either a massive honeypot or as soon as a moderator got flipped by the feds or had their account hacked by them, it was going to turn into one. The less I know about that shit, the better. There's just no way that this server doesn't end badly and it's only a matter of time.

[-] Tabitha@hexbear.net 44 points 3 months ago

or as soon as a moderator got flipped by the feds or had their account hacked by them

not even necessary, why wouldn't Discord give the feds some kind of full-record transcript file or a ghost guest account on the server? Discord doesn't make any extreme privacy claims AFAIK.

[-] ReadFanon@hexbear.net 39 points 3 months ago* (last edited 3 months ago)

Fascists often refer to Discord disdainfully as Doxcord because they believe that it leaks their details to the feds.

I'm not one to take the fash at their word but in this case I'd be inclined to agree. There's nothing about Discord that indicates to me that it's anything but a typical leaky platform which collaborates closely with government like WhatsApp or any other typical service like that.

load more comments (1 replies)
load more comments (1 replies)
load more comments (4 replies)
load more comments (23 replies)
[-] ashinadash@hexbear.net 48 points 3 months ago

Incognito Market requires the loading of cryptocurrency to a site-based wallet, which can then be used for in-house transactions only.

That's like paying for in-game currency in a video game. Losers, lmao.

[-] Adkml@hexbear.net 27 points 3 months ago

Turning all your cash into chips at the "were gonna fuck you over casino and resprt"

load more comments (1 replies)
[-] Nationalgoatism@hexbear.net 48 points 3 months ago

For christs sake:

Only ever explicitly discuss serious illegal activities in person, preferably outdoors and without any technology on you

Only coordinate meetings to discuss the above over an encrypted messaging method such as signal, and in this avoid specifics and keep this to an absolute minimum (metadata can also be incriminating, and phones out computers can be compromised)

If significant payment is involved, cash, barter or work trade are the only acceptable forms. Ever.

Don't be a fucking sucker

Any questions?

[-] macerated_baby_presidents@hexbear.net 30 points 3 months ago* (last edited 3 months ago)

you are supposed to PGP encrypt all comms with the seller's public key. The only Incognito customers who will be affected are ones who are stupid and trusted the "auto-encrypt" functionality of a site whose CSS and little fake crypto punks told you it was built by not just ordinary criminals but techbros.

RIP vendors though

load more comments (6 replies)
[-] InappropriateEmote@hexbear.net 29 points 3 months ago

Buying drugs in person puts someone at risk of violence and death. Buying drugs on a DNM (assuming you use a very basic amount of opsec) the biggest risk is losing a little bit of crypto.

Don't be a fucking sucker Any questions?

Such an ignorant and privileged thing to say.

load more comments (11 replies)
load more comments (10 replies)
[-] Dirt_Owl@hexbear.net 46 points 3 months ago

Lol, Crypto

[-] CoolerOpposide@hexbear.net 40 points 3 months ago

My apes. They’re all gone.

[-] brainw0rms@hexbear.net 45 points 3 months ago

Cryptobros stay losing crab-party

[-] BigHaas@hexbear.net 40 points 3 months ago

Fuck you I just want ket

load more comments (1 replies)
[-] AOCapitulator@hexbear.net 44 points 3 months ago* (last edited 3 months ago)

"we scammed you with what amounts to signing up for and engaging with a complicated scam mailing list, so here, sign up on this mailing list to stop our extortion"

geordi-yes i-love-not-thinking

[-] PolandIsAStateOfMind@lemmygrad.ml 42 points 3 months ago

Smells like yet another CIA grab after Taliban liquidation of poppy fields strained the black funds. Then again, Pentagon and letters can embezzle money completely in the open without any consequences so idk.

[-] glans@hexbear.net 40 points 3 months ago

I feel bad for the small people who will be scammed, incarcerated or otherwise have their lives disrupted due to the state/corporate enforcement of unregulated markets.

[-] volcel_olive_oil@hexbear.net 39 points 3 months ago

it's not perfect but it's the best system we have all-my-apes-gone

[-] Adkml@hexbear.net 39 points 3 months ago

"Now that we have explicitly fucked you over and shown ourselves to be completely untrustworthy pay us more money and we promise we won't continue to fuck you over."

Anybody who pays that fee is awfully gullible but i guess for a lot of people they probably don't have a lot of options.

[-] Tabitha@hexbear.net 26 points 3 months ago

The fee ranges from $100 to $20,000

for what I assume most illegal activity vendors are charging for their services, this is probably pro-rated to each accounts's transfers. They estimate that $10 million to $75 million was on the website at the time of closure, so even if it is a trick, I wouldn't be surprised if these ransom fees aren't actually all that high compared to other "costs of doing business".

[-] absolutefuckinidiot@lemmygrad.ml 38 points 3 months ago

Shit like this makes me glad I’m not involved with drugs anymore, but like man PGP encryption is so basic

load more comments (4 replies)
[-] TheDeed@hexbear.net 38 points 3 months ago* (last edited 3 months ago)

Wow, yeah I can't even think of a market that shut down without exit scamming (unless they were seized by feds first). But this really takes the cake, never seen anything like it.

Never leave your money in a market wallet and never rely on a market's encryption... Use pgp.*

*Unless there is a new encryption/security measure that is used now. I stopped using markets a long time ago (like 2017) once fent started popping up in regular non-opoid drugs.

[-] cosecantphi@hexbear.net 32 points 3 months ago

There was one market that packed up and left gracefully without exit scamming: Agora.

The administrators announced it was shutting down in 2015, I recall their reasoning was they found a security vulnerability and decided maintaining the place wasn't worth the risk. They gave everyone a couple weeks to withdraw all funds before going offline for good, and that was that. Absolute legend of a market, probably the best there ever was. It kind of boggles my mind that someone in the position of those administrators running an illegal drug market would do this out of the kindness of their hearts when they could have just as easily taken the money and ran.

I smoked weed for my very first time after buying it from a vendor on Agora before my state legalized. I'll never forget it.

load more comments (2 replies)
load more comments (3 replies)
[-] SerLava@hexbear.net 38 points 3 months ago* (last edited 3 months ago)

I'm so stoked, a couple years ago I was about to buy a space heater for my office before someone pointed out I could just use my and my SO's new 3080s as a space heater. So I got a mining program thing and ran it when I wasn't using the computer, and made like 800 dollars over the winter. The mining rate plummeted later and is still extremely low (can't make hardly any money on it anymore). The price also plummeted to like 300 dollars. Now just the other week I figured out how to sell the Bitcoin and got 1000 dollars... (Minus 25 to convert... Minus another 25 for wire transfer to avoid giving some shady company literally ALL of my bank information, minus 10 dollars from my fucking bank for getting the wire transfer....)

So I got 940 dollars right at the very peak of the Bitcoin price a couple weeks ago and it's still down way below that. It might go up more later but it's not going to quintuple, there isnt enough money out there unless some more countries get taken over by Bitcoin nutjobs. I'm glad I could contribute just a little bit to the price crashing

load more comments (3 replies)
[-] glans@hexbear.net 37 points 3 months ago

I don't usually use language like this but the situation is exceptional

ballsy as fuck

[-] LainTrain@lemmy.dbzer0.com 33 points 3 months ago* (last edited 3 months ago)

DNMs are the most amazing example I've seen IRL of what it would be like to live in Ancapistan.

Granted I still prefer DNMs existing rather than not until we get legalization for all psychoactives.

[-] SorosFootSoldier@hexbear.net 33 points 3 months ago

This is good for crypto.

[-] CoolerOpposide@hexbear.net 41 points 3 months ago

Crypto believers when the crypto “entrepreneur” yet again runs an exit scam which financially ruins thousands of people’s lives (this is the third time this has happened in a single week)

[-] RyanGosling@hexbear.net 31 points 3 months ago

This is good for bitcoin

[-] hello_hello@hexbear.net 27 points 3 months ago

Anyway, this is a reminder to always use Monero or else ur a lib.

load more comments (3 replies)
[-] DinosaurThussy@hexbear.net 27 points 3 months ago

Incognito Market also now has a Payment Status tab, which states ”you can see which vendors care about their customers below.”

More like “you can see which vendors will fold at the first sign of trouble”. There’s no way the people who just stole from you and are now extorting you are trustworthy enough for the ransom to be worth it. They have all the leverage and no reason to give any of it up. Aside from having a shit ton of incriminating evidence in their possession, but the ship’s clearly sailed on avoiding that, “whitelist portal” or no.

load more comments
view more: next ›
this post was submitted on 20 Mar 2024
239 points (100.0% liked)

news

23225 readers
640 users here now

Welcome to c/news! Please read the Hexbear Code of Conduct and remember... we're all comrades here.

Rules:

-- PLEASE KEEP POST TITLES INFORMATIVE --

-- Overly editorialized titles, particularly if they link to opinion pieces, may get your post removed. --

-- All posts must include a link to their source. Screenshots are fine IF you include the link in the post body. --

-- If you are citing a twitter post as news please include not just the twitter.com in your links but also nitter.net (or another Nitter instance). There is also a Firefox extension that can redirect Twitter links to a Nitter instance: https://addons.mozilla.org/en-US/firefox/addon/libredirect/ or archive them as you would any other reactionary source using e.g. https://archive.today . Twitter screenshots still need to be sourced or they will be removed --

-- Mass tagging comm moderators across multiple posts like a broken markov chain bot will result in a comm ban--

-- Repeated consecutive posting of reactionary sources, fake news, misleading / outdated news, false alarms over ghoul deaths, and/or shitposts will result in a comm ban.--

-- Neglecting to use content warnings or NSFW when dealing with disturbing content will be removed until in compliance. Users who are consecutively reported due to failing to use content warnings or NSFW tags when commenting on or posting disturbing content will result in the user being banned. --

-- Using April 1st as an excuse to post fake headlines, like the resurrection of Kissinger while he is still fortunately dead, will result in the poster being thrown in the gamer gulag and be sentenced to play and beat trashy mobile games like 'Raid: Shadow Legends' in order to be rehabilitated back into general society. --

founded 3 years ago
MODERATORS
FidelCastro@hexbear.net
Alaskaball@hexbear.net
SeventyTwoTrillion@hexbear.net
ZoomeristLeninist@hexbear.net
carpoftruth@hexbear.net
GinAndJuche@hexbear.net
Breath_Of_The_Snake@hexbear.net