Exit Scams and F.B.I. Raids Close Down Deep Web Markets

‘Exit Scam’ is a phrase that will make anyone who sells or purchases illicit products on the deep web break into a cold sweat. Among all the sources of paranoia pervading dark markets, exit scams lead the way. So what exactly is an exit scam?

To answer this question you first have to understand how these markets operate. If you manage to become a member on one of these markets, and that’s getting more and more difficult, and you want to buy something illicit, such as drugs, you need to trust the person you’re buying from. Dark markets don’t really sell anything directly. It’s not like going to Walmart. It’s more like going to Amazon. Amazon arranges for buyers and sellers to meet and interact with each other. That’s exactly what deep web markets do. But, where Amazon may reimburse buyers who don’t receive what they purchased, deep web markets will not.

Deep web markets operate within a net of trust. Buyers must trust sellers and sellers must trust the site owners. All sellers are given trust ratings. Site owners make money from transactions on their markets. To encourage safe transactions, the owners use an escrow system. To put escrow into simple terms, it basically means that the site owners hold the money for the transaction until both parties (buyer and seller) are satisfied with the outcome of the sale. If the buyer gets the product and is satisfied with it, they tell the site owners to release the money and both parties are happy. If there is some problem, the site owners can serve as a mediator as, after all, they control the money.

Now, you may think that a lot of scamming goes on in these deep web markets, but that’s rarely the case. Reputation is everything. If you lose your reputation as a trusted seller, you lose your customers and your income. This is why sellers work so hard to deliver quality products within an appropriate time. The use of Bitcoins, or other cryptocurrencies, means that buyers don’t really know who the sellers are and sellers don’t really know who the buyers are. In addition, no one knows who’s running the market. The identities are further obfuscated by these markets being accessible only through use of the Tor browser. That said, these markets work quite smoothly.

Exit scams occur when the owners of a deep web market suddenly leave and take all the money they control with them. Since no one knows who they are, they are never, or rarely ever, caught. The only thing that the owners fear is law enforcement or LE, for short. Ironically, law enforcement may be the biggest factor in maintaining trust between deep web market operators and their customers.

Actually, the fear of law enforcement infiltrating a deep web market is the second biggest source of paranoia for all participants, not just the operators. Everyone worries that a seller may really be an F.B.I. agent. But is such paranoia justified? After all, how would LE manage to infiltrate such a well-defended site? The answer is that Tor is not invulnerable. Law enforcement can compromise it if they can control enough of the entrance and exit nodes. Doing this, they can figure out who is who on these sites.

Besides law enforcement, deep web operators have to worry about being taken down by DDoS (Distributed Denial of Service) extortionists. There was an ongoing DDoS attack on what was the biggest of all deep web markets, Dream Market, in which the attackers demanded a payment of $400,000. The operators refused to pay and the problem became so severe that the operators closed the market on April 30th.

dream message

The closure of the market at this time seems somewhat suspicious. This is because, just a few days later, on May 3rd, the F.B.I. announced that they had brought down one of Dream Market’s biggest competitors, Wall Street Market (WSM). They also announced that the Finland-based Valhalla Market had previously been closed down.

My guess is that customers previously using the Dream Market and Valhalla sites migrated to Wall Street Market. Those from Dream Market may not have wanted to wait for the promised partner site (named in the notice above) to open and preferred to wait in Wall Street Market. The F.B.I. and other European law enforcement agencies had, in effect, herded all of the deep web market traffic into one corral. They were probably not sure whether Dream Market would rebrand or not and could not afford to take the chance. They had to close the noose, and the noose tightened around the necks of three German operators. A Brazilian accomplice was later arrested on May 2nd. Yes, the F.B.I. also probably knows the names of all the big buyers and sellers on the site. As United States Attorney Nick Hanna claimed, “while they lurk in the deepest corners of the internet, this case shows that we can hunt down these criminals wherever they hide.” At the time of the F.B.I. announcement, WSM had about 5,400 vendors and 1.5 million customers.

wsm web

According to the F.B.I., the investigation into Wall Street Market lasted two years. It is not clear how long they were lurking on the site and monitoring transactions before they were forced to make the arrests. It is also not clear if they were behind the DDoS attack on Dream Market, but my guess is they were. I say this because, if they were monitoring Wall Street Market, they would be in place to get the registration information for all of those new customers migrating from Dream Market. They just needed to force them to migrate. Later, they could leverage this information if Dream Market ever reopened. They could, for example, steal trusted vendor identities and use this information to penetrate future deep market sites. And they really were watching sales on the WSM site. This was admitted by the lead investigator and author of the affidavit, Leroy Shelton, when he wrote, “based on having witnessed undercover purchases of contraband on WSM…” He goes on to explain how the site operates. It was this hidden surveillance that allowed them to identify many of the top vendors, among whom were two drug sellers who went by the names of Ladyskywalker and Platinum45.

In fact, the F.B.I. and other law enforcement agencies may have been actually operating the site from the time of the arrest of the German operators on April 23rd and 24th until they made their May 3rd announcement. That gave them plenty of time to download all of the site’s information. The F.B.I. would not normally want to close a site that would give them so much information, but they claim they were forced to do so when it looked like the operators were planning an exit scam. These criminals were apparently funneling all of the money on the site into their own bank accounts.

According to the unusually detailed affidavit, “in or around April 2019, WSM experienced massive popularity and then commenced an “exit scam,” presumably in response to its increased popularity.” Gee, I wonder where that increased popularity came from? It couldn’t be that a continuous DDoS attack on Dream Market had effectively brought it down, could it? Oh, wait, “On or about March 25, 2019, WSM became broadly regarded as the pre-eminent darknet marketplace because of the advertised shutdown of another competing darknet marketplace.” In addition, according to the affidavit, “Shortly thereafter, WSM experienced an influx of new buyers and vendors”. In fact, so great was the surge that WSM had to set up new servers. Not only that, the affidavit asserts that the sudden increase in funds is what triggered the owners of WSM to consider an exit scam. They began transferring up to $30 million into their private accounts.

The Future of Deep Web Markets

 I’ve followed these deep web markets for years, and I have to admit that I’ve never seen them under more pressure than they are now. Yes, some markets persist, but the paranoia is out of control, and it should be.

The F.B.I. has openly admitted that they have the ability to infiltrate these markets, watch how they operate, become fake clients and vendors, and uncover those who operate and use them. In fact, if they want to, they can set up and operate such a market to get potential criminals to come to them. Maybe they are already doing this. The word on the paranoid deep web streets is: don’t trust anyone and only invest small sums of money that you don’t mind losing because every site is set up for an exit scam. The rationale is this. If a site suddenly receives a surge in vendors and sellers with all their money, why hang around and do all of the work of running a site for chump change when you could make a one-time haul of millions?

Then, just a few days before this writing, the administrators of DeepDotWeb, a website that gives news updates on the deep web, were arrested. How can you arrest someone for running a news site? Simple, you find evidence that they were getting kickbacks from deep web sales. Now, it looks like any site tangentially connected to a deep web market is in danger of being closed. That perception has caused panic throughout the cyber world and many sites that used to publish the most recent onion links to deep web markets have disappeared.


The result is a lot of desperate drug buyers and sellers. The thing about drugs that keep them in demand is the simple fact that they are addicting. Drug addicts need drugs and drug sellers need addicts to provide them a steady income. They need to reestablish themselves on another deep web market as fast as possible. They simply must take the risk.

A couple of markets are still operating, but the suspicion is that they are being operated by LE.

new market scam

And if they are not, a sudden inflow of money may make them run an exit scam.

A few markets appear to be soldiering on. One appears to be based in Russia – good luck with that – and another seems to have been set up to scam these desperate deep market denizens out of money. It seemed suspicious to me when I was allowed into it without having to register. Once there, however, it looks legitimate.

delta drugs

It has been reported as a scam by those who have used it.

Cooler heads within the deep web community are taking a more pragmatic view of the current low point. They are seeing this as a learning experience. They report that they now understand how to make these markets more secure and they are simply waiting for someone to set up the ultimate safe deep web market.

But those considering embarking on this quest must be ever aware of the fact that the other side is just as dedicated to stopping them. As Michael Ray of the Postal Inspection Service notes, “anyone who thinks the dark web is a safe place to conduct illegal commerce should know they are not anonymous. They will be found and they will be brought to justice.” And the battle goes on.









Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s