Darkweb drugs site Incognito Market threatens to out users who paid in crypto
Incognito Market, a darknet platform connecting sellers of illicit substances to potential customers, was suspected of pulling an exit scam earlier this month.
Not satisfied with stealing users’ crypto deposits, however, the admin upped the ante by extorting their former user base via sensitive order information, which they claim to have harvested “over the years.”
Darknet markets are used to buy drugs anonymously online and are often believed to offer a safer experience and more reliable product than in-person interactions. However, exit scams are relatively commonplace.
Worries about Incognito Market began to circulate last week when users were unable to withdraw bitcoin and monero (a privacy-focused cryptocurrency) from the platform. Initial efforts to explain away the issue as technical issues were later dropped.
The simple exit scam took a more sinister turn when Incognito Market’s homepage was replaced with a message announcing a ‘nasty surprise,’ leaving users in no doubt: “YES, THIS IS AN EXTORTION ! ! !”
🚨BREAKING🚨Pharoah, the Incognito Market admin, has posted the following extortion message. It remains to be seen if someone will call his bluff. However, if he dumps information on 557k orders that users made.. this will go down as the largest leak in Darknet Market history, by… pic.twitter.com/tn66b0dw8r
— Dark Web Informer (@DarkWebInformer) March 9, 2024
Read more: Buying darkweb drugs with crypto still a risk — even if you leave a review
The message states that sensitive information will be published at the end of May, including “private messages, transaction info, and order details.” It contains a thinly veiled threat that “if anything were to leak to law enforcement, I guess nobody never slipped up.”
Over half a million order details and 862,000 crypto transaction IDs are supposedly at stake.
Depending on their ‘level,’ vendors must pay between $100 and $20,000 to protect their data, with prices doubling on April 1. Buyers will supposedly be able to remove their records “in a few weeks.”
Hinting that the auto-encrypt feature on their site was not to be trusted, the site may have accumulated the sensitive info via a man-in-the-middle attack. Additionally, given Incognito Market states that ‘expired’ information was never deleted, trusting that a payment will lead to records being scrubbed seems somewhat naive.
‘Double whammy’
Cybercrime expert Brian Krebs compares Incognito Market’s scheme to that of ransomware groups that regularly hack into corporations.
Read more: Bitcoin ransomware gang claims to have hacked major UK water provider
After obtaining sensitive customer data, the hackers demand payment, usually in bitcoin, first for a digital key needed to unlock infected systems and then again to secure a promise that any stolen data will not be published or sold, and will be destroyed.