On the 22nd of January, the world’s largest darknet market AlphaBay suffered a major breach, allowing unencrypted private messages and user names to be read due to a API vulnerability.

Following the breach, the moderators of /r/darknetmarkets/ swiftly announced sanctions against AlphaBay due to:

Multiple accounts of AlphaBay staff requesting a user’s private keys without publicly sanctioning the staff member

The two counts of API breaches allowing access to all retained private messages and user names

We are therefore in favor of removing AlphaBay from the superlist for now. We would also like to replace it with detailed warnings about the four issues mentioned above.

The /r/darknetmarkets superlist is one of the most trusted source of market links, subject to a high degree of scrutiny from the community and the moderators in turn. The only comparable link sources are officially affiliated subreddits, the privately managed market list on DeepDotWeb and the lesser-known but functional dnstats.net.

All other market entry points are subject to heavy levels of phishing typically via easily customisable MITM rewrites such as utilised by Crimewave, or other types of cloned sites. Hidden wiki entry points, social media forums and even dedicated shady ‘darknet market information’ sites are all popular vectors of phishing. Note, any link you see on Wikipedia should reference dnstats.net or DeepDotWeb and never be taken at face value — such links are often maintained by myself.

AlphaBay continues to blame their users for being phished:

To put this simple: It might sound harsh, but people who get phished get phished because of their own stupidity. People who get phished do not have the skills to cross-check links on “official sources” because their official sources are repositories of phishing links, and they even less know the rules of the auto-mod. They will therefore google for “alphabay official link” and find “official” places such as Wikipedia (which constantly gets defaced), “List of official marketplace links” on Wikipedia which still contains phishing links and ignores our requests for change, and so on. The best course of action is therefore to put any warning you need, but leave the link up

AlphaBay have never once contacted me about defaced Wikipedia links, it’s therefore unclear why they would make such a statement.

Amendments / corrections welcome

With AlphaBay removed from the superlist, this was supposed to send a clear message from the community to AlphaBay that their security practices were unacceptable. It was temporarily removed from direct listing on the superlist and placed behind an additional warning a user had to click-through.

Some users were quick to point out the double standard whereby AlphaBay was not subject to stringent sanctions that would affect a smaller market:

My most relevant qualm I have at this point is that were this any of the smaller markets they would be removed from the superlist, put on the wall of shame, end of argument. If we do not hold all markets to the same standards how can we call ourselves a credible community?

And of course, what do do about similar shady operations with a history of complaints:

Bitcoinfog has 26 links next to its name as evidence of misconduct yet it remains on the list. while I know these are all essentially the same evidence of misconduct. It still remains on the list, which lets the user decide if they wish to use that service or not. I would think the correct course of actions would be to simply make a warning next to Alphabay with each infraction and links to support each claim of the infraction and then carry on.

However the user backlash against the link removal was fierce:

Attempting to prevent people from using a functional marketplace REEKS of either personal greed or law enforcement infiltration. The motive is extremely obvious.

and even more strongly:

Dude fuck you guys. Alphabay might have some asshole mods (but then again, so does this subreddit) and some shady phishing links and opportunists waiting to capitalize on the unsuspecting, but any market that size will have those unseemly characters and traits. It’s a black market for fuck sake. And IMHO the best and most stable of the top tier markets, with the best team running it.

It was looking as if the moderator’s decisions were not going to sit well with the community. AlphaBay was however pressured to announce new security measures:

We will find a way to implement a “security hotline”. We had a similar thing in the past (bug reports forum) but it kept getting flooded with support requests and shitposts. We’re looking for a new solution.

Following the community debate, the link was reinstated just three days later. The moderator executing these decisions let me in on the internal discussions around this reversal:

yes, the old mods made some good points about the superlist being for providing information. putting these big red warnings and the links there fulfills that goal. if users still want to use alphabay despite the issues listed directly above the addresses we can not stop them. however the links on the warnings do everything to give the user the facts about the incidents so he can decide for himself if he wants to use alphabay.

And such it appears that other than some new bright red warning text, life in the darknet markets continues:

What’s that Skippy? The world’s most popular market you say?

Until next time.