Dream Market, today's top dark web marketplace, announced plans to shut down on April 30, next month.

The announcement came on the same day Europol, FBI, and DEA officials announced tens of arrests and a massive crackdown on dark web drug trafficking.

The timing of the four announcements immediately sent most of Dream Market's users and dark web threat intel analysts into a frenzy of theories that law enforcement might have already seized the site and are now running a honeypot operation.

DO NOT log into Dream Market. Law enforcement in some country can apparently run a darknet market for a month without shutting it down while logging all data and lying to the public the entire time. This happened with Hansa during Operation Bayonet. #darknet — DarkDotFail (@darkdotfail) March 26, 2019

The "a partner company" is bizarre. Possible rebrand. Possible retirement. Possible LE. Operation Bayonet 2.0? Somebody with a lot of money wanted the market? No mention of this on the Dream forums either FWIW. — Caleb (@5auth) March 26, 2019

Their fears are based on a similar event from June 2017 when Dutch police took over the Hansa Market and ran the site for a month while collecting evidence on the portal's users. Law enforcement later used passwords collected from Hansa Market users to gain access to accounts on other dark web marketplaces.

The message displayed today on the Dream Market homepage, and user registration sections also said the site's operations would be transferred to a "partner company" at a new URL.

However, in light of the Europol and FBI announcements, many users now fear the new site may also be an alternative honeypot and a clever trick from law enforcement officials.

Dream Market has been having technical issues

Dream Market's shutdown came out of the blue and shocked many of its customers. The portal had been in the news lately after a hacker began selling hundreds of millions of user records on the site [1, 2].

But the portal had also been facing huge technical problems as of lately, being many times under prolonged DDoS attacks.

Some users attributed the attacks to one single threat actor who allegedly found a way to exploit the Tor network itself and launched DDoS attacks on several dark web markets, as part of an extortion scheme.

Dream Market had been live for six years

Dream Market will ends its activity after a six-year run that lasted from April 2013 to April 2019. Dream is also the last standing marketplace from the once infamous "big four" portals that used to dominate dark web trading in the mid-2010s.

That list also included AlphaBay, Hansa Market, and RAMP. By the end of next month, all four sites will be down, however, only Dream will be down on its own terms (if this is indeed a voluntary shutdown).

US and European authorities seized and shut down AlphaBay and Hansa Market in June and July 2017, respectively, while Russian police took down RAMP in September of the same year.

Silk Road used to dominate dark web trading before that --with its glory days between 2011 and 2013, before being seized and shut down by US law enforcement.

If Dream manages to shut down without any drama, it will be one of the few dark web markets that does so. Most of these sites are usually seized by law enforcement, or admins run away with users' money in a tactic called an "exit scam."

With Dream ending its activity, sites like T•chka and Wall Street Market will now become the go-to places for buying illegal products such as drugs, weapons, malware, or hacked data on the dark web.

UPDATE, March 27: A day after posting a short announcement on its homepage, the Dream Market team posted a longer explanation on why they're shutting down on the Dread dark web social network site. Site moderators said Dream was closing its doors and migrating the site's userbase to a new site because of prolonged DDoS attacks that were driven by a $400,000 ransom demand the site couldn't meet.

Image: @5auth on Twitter

Related malware and cybercrime coverage: