Illustration: Si Weon Kim
The sudden demise of darknet site Monopoly Market may have coincided with an exit scam. Experts say such con jobs could grow more common as law enforcement takedowns pressure dark web operators.
A popular darknet market disbanded last month in what may have been a carefully orchestrated scam.
Monopoly Market had been one of the longest-running hubs for buying and selling illegal goods and services on the dark web.
But now dark.fail, a site that tracks ever-changing URLs for active darknet sites, warns that none of the URLs associated with Monopoly Market work anymore:
“ALERT: Monopoly Market’s servers were seized. If you conducted blockchain/cyber research on this platform be aware that your transaction history may be in unknown hands.”
What happened? Some darknet experts and forum users say Monopoly Market’s mysterious downfall may have been the site’s administrators deciding to take customers’ money and run.
It can be hard to separate rumor from reality on the dark web, where illegal activity is often buried under layers of anonymizing software and password-protected pages. But I’ve spent years watching markets and forums come and go in my part-time role doing cyber threat intel for a major Canadian bank and have picked up on some of the telltale signs of scammers being scammed. Monopoly Market’s crash illustrates how cybercriminals exploiting other cybercriminals can disrupt underground trading networks, with repercussions for cryptocurrency and money laundering.
Darknet markets typically use the eBay online retailing model to help people buy and sell illegal goods and services, with caveats. If someone selling sneakers on eBay takes your money but doesn’t ship you a pair of shoes — a classic exit scam — eBay will cooperate with law enforcement as necessary. But if you’re buying phishing kits, methamphetamine, or 3D-printed gun parts, the cops obviously won’t help.
The first darknet market was the Silk Road, which operated on the Tor Network in various versions from its February 2011 launch until the FBI and Europol shut it down in November 2014. Since then, dozens of other darknet markets have come and gone, though precise numbers can be hard to pin down.
“After Silk Road, exit scams have been pretty much inevitable in darknet markets. Very few shut down ‘honourably,’” true crime writer Eileen Ormsby told README. Ormbsy’s books about the dark web include Silk Road and The Darkest Web.
Markets typically have an escrow feature, where buyers transfer their cryptocurrency payment to the market to hold. The vendor receives those funds only once the buyer receives their goods and they’re happy. Or at least, that’s how it’s supposed to work.
“The escrow nature of illicit market places combined with the irreversibility of cryptocurrency transactions creates an ever present risk and temptation,” said Julien Savoie, a computer networking whiz who does cyber threat intelligence work on the dark web. “I believe [exit scams] will always be a risk, but it comes down to how centralized (or not) we get with these markets.”
Was the death of Monopoly Market an exit scam?
Monopoly Market was launched in summer 2019. By January 2022, the site no longer existed. Darknet markets frequently change their URLs to evade law enforcement, so services like dark.fail are crucial tools for checking whether sites are truly gone. A recent check of dark.fail’s Tor Network URL directory revealed Monopoly Market’s most recent URL was inactive.
Vendors who sell goods and services ranging from illegal drugs to malware usually keep the same username as they move from market to market. That username is their brand.
User accounts can also have reputation scores: If other users find that a vendor sells what they say they sell, their reputation improves. Scores slump if, say, a ransomware seller “Ransoms4u” fails to deliver any malware, or a customer never follows through with a cryptocurrency payment.
Ormsby noted that she’s seen “a move to direct deals as buyers come to trust specific vendors that they have been dealing with over the long term more than they trust the new markets that pop up.”
“The escrow system, once the cornerstone of the darknet markets, has become less relevant, as it is only as trustworthy as the person who holds the funds,” she added. “I wouldn’t be surprised if the future of darknet markets is a move to decentralized markets.”
Dark web exit scams follow a familiar pattern: Either a vendor won’t sell the buyer what they paid for, or a market administrator will seize money in buyer and seller accounts and shut the market down.
The Dread discussion site — the dark web’s answer to Reddit — has a “subdread” dedicated to Monopoly Market news, /d/Monopoly. Users in the forum have debated in recent weeks about whether Monopoly Market was exit scammed.
“The admin came on the forum two days after he exit scammed and said f**k you to everyone in a post,” one user, /u/pabloxanbar, wrote.
Such a noisy send-off wouldn’t be unprecedented: seven years ago, one marijuana seller on the now-defunct Evolution marketplace announced their own exit scam alongside an effusive apology, as Vice reported at the time. (The entire Evolution dark web market would fold in another, larger exit scam a few weeks later.)
Other Dread users aren’t convinced that Monopoly Market met a similar fate. /u/emerald_citi said “a server seizure or hardware failure of some sort is the most probable explanation followed by some sort of personal emergency.”
The dark web site’s administrator “was prickly and difficult to speak with at times, but he was scrupulously fair and ran a tight ship,” emerald_citi added.
More darknet collapse
It can be dizzying to keep track of which markets are still active.
Dream Market was hot. Then it was not: Law enforcement took it down. Empire Market ruled for a time. Then it succumbed to its crimes and now exists no more.
Another darknet exchange, Wall Street Market, ran from roughly 2017 to early 2019. By 2019, Wall Street Market was considered the second most lucrative darknet market ever — behind only Dream Market at the time. Europol said that when law enforcement authorities seized Wall Street Market, the site had 1,150,000 user accounts, over 63,000 offers, and more than 5,400 vendor accounts.
It took a combined international effort from German police, Dutch National Police, Europol, Eurojust, the DEA, FBI, IRS, Homeland Security Investigations, U.S. Postal Inspection Service, and the U.S. Department of Justice to find and arrest Wall Street Market’s leaders and shut the site down. The operation kicked into high gear as soon as the administrators tried to pull off an exit scam by taking some $11 million held in escrow and user accounts, DOJ said.
The dual threats of law enforcement takedowns and exit scams have left darknet vendors and customers increasingly paranoid. Not only do they have to frequently migrate to new markets and build their reputations anew, but they must also reckon with the fact that any of their money held in a market could be stolen without warning.
It’s not clear how this heightened anxiety will affect the wider cyber threat landscape, but each new scam chips away at an underground ecosystem that fuels crises ranging from drug overdoses to ransomware. And many key players, like Monopoly Market, end up caving in.
