AlphaBay

AlphaBay

AlphaBay login screen
Type of site	Darknet market
Available in	English
Owner	DeSnake
Created by	DeSnake[1]
Revenue	Over USD$23M (total over operation)[2]
Commercial	Yes
Registration	Required
Users	400,000+[3]
Launched	September 2014[2]
Current status	Offline

AlphaBaywas adarknet marketoperating at different times between September 2014 and February 2023.^[2][4][5]At times, it was both anonion serviceon theTor networkand an I2P node onI2P.After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part ofOperation Bayonet,it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake.^[1][6][7]The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991,^[2][8]was found dead in his cell in Thailand several days after his arrest, with police suspectingsuicide.^{[9][10][11][12]}

AlphaBay reportedly launched in September 2014,^[2]pre-launched in November 2014 and officially launched on December 22, 2014. It saw a steady growth, with 14,000 new users in the first 90 days of operation. The darknet informer website Gwern.net placed AlphaBay Market in the top tier of markets regarding the 6-month survival probability and it had proven to be successful.^[13]In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director atDigital Citizens Alliance.^[14]

Non-standard services included customizable digital contracts around building reputations.^[15]

In May 2015, the site announced an integrated digital contracts and escrow system.^[16]The contract system allows users to make engagements and agree to provide services in the future, according to the terms of thecontract.

By October 2015, AlphaBay had over 200,000 users,^[3]and a claimed 40,000 sellers.^[17]

At the time of its demise in July 2017, AlphaBay had over 400,000 users,^[3]and around 300,000 listed items on their website.^[18]

AlphaBay is noteworthy in the world of darknet markets for accepting othercryptocurrencyin addition tobitcoin;support forMonero,supposedly more anonymous, was implemented at the end of August 2016.^[19]It also acceptedEthereum.^[17]

In April 2016, AlphaBay'sAPIwas compromised, leading to 13,000 messages being stolen.^[20]In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of usernames to be leaked. The attack was from a singlehackerwho was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously.^[21]

On March 28, 2015, AlphaBay Market made the news for selling stolenUberaccounts.^[22][23]Uber made a statement regarding a potential data breach:

"We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."

In October 2015, the London-basedtelecommunicationscompanyTalkTalksustained amajor hack.^[24]The stolen data was put for sale on AlphaBay Market, which led to the arrest of a 15-year-old boy.^[25]TalkTalkCEODido Hardingissued the following statement:

"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here."

In August 2017, AlphaBay was revealed as a possible venue by which one of the perpetrators of the2017 Jewish Community Center bomb threatsmay have sold a "School Email Bomb Threat Service." This individual, Michael Kadar, made 245 threatening calls to schools and community centers. Criminologist David Decary-Hetu noted this event as notable for being the first example of criminal services being sold over a darkmarket. He said, "All the cases I have heard of so far turned out to be law enforcement trying to find people of interest," making this case unique in his experience to that point.^[26]

By July 2017, AlphaBay was ten times the size of its predecessorSilk Road^[27](which was busted in October 2013), had over 369,000 listings,^[2]400,000 users,^[3]was facilitating US$600,000-$800,000 of transactions per day,^[28]and had reportedly built a strong reputation.^[2][29]However, a series of elementaryoperational securityerrors led to its downfall:

• About the time the service first began in December 2014, Cazes used hisHotmailaddresspimp_alex_91@hotmailas the 'From' address in system-generated welcome and password reset emails, which he also used for hisLinkedInprofile and his legitimate computer repair business in Canada.^[2]
• Cazes used apseudonym,Alpha02, to run the site which he had previously used (e.g., in carding and tech forums) since at least 2008, and variously advertised this identity as the "designer", "administrator" and "owner" of the site.^[2][30]
• When Cazes was arrested, he was logged into his laptop performing an administrative reboot on an AlphaBay server in direct response to a law-enforcement-created artificial system failure; furthermore, encryption was wholly absent on that laptop.^[2][31]
• Cazes' laptop reportedly contained an unencrypted personal net worth statement mapping all global assets across multiple jurisdictions, conveniently leading police to complete asset seizure.^[2]
• The servers were hosted at a company in Canada directly linked to his person.^[2]
• The servers contained multiple constantly open (unencrypted) hot cryptocurrency wallets.^[2]
• Cazes' flashy use of proceeds to purchase property, passports and luxury cars and frequent online boasting about his financial successes, including posting videos of himself driving luxury cars acquired through illegal proceeds, not only revealed his geographical location, but also made denying connection to the service impossible.^[2]
• Assets acquired through proceeds were held in a variety of accounts directly linked to Cazes, his wife and companies they owned in Thailand (the jurisdiction in which they lived), as well as directly held personal accounts in Liechtenstein, Cyprus, Switzerland and Antigua.^[2]
• Cazes' statements about the goal of the site — "launched in September 2014 and its goal is to become the largest eBay-style underworld marketplace" — helped to legally establish intent.^[2]

Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand:^[2]

• Early May 2017: Law Enforcement verifiably active on the site since at least this period.^[2]
• 1 June 2017: Warrant issued by United States District Court for the Eastern District of California for racketeering, narcotics trafficking, identity theft and access device fraud, transfer of false ID, trafficking in illegal device making equipment, and conspiracy to commitmoney laundering.^[2]
• 30 June 2017: Warrant is issued for Cazes' arrest in Thailand at US request.^[32][33]
• 5 July 2017
  • Canadian police raidEBX Technologiesin Montreal, Cazes' Canadian company and the reported location of the physical servers, as well as two residential properties in Trois-Rivières.^[34]
  • Cazes is arrested in Bangkok at his dwelling at Phutthamonthon Sai 3 Road in Thawi Watthana district which is searched by the Royal Thai Police, with the help of the FBI and DEA.^[2][32]
• 12 July 2017: Cazes' suspected suicide by hanging while in custody at Thailand's Narcotics Suppression Bureau headquarters in Laksi district, Bangkok, was reportedly discovered at 7AM. He was due to face US extradition.^[2][32]
• 16 July 2017: Cazes' wife was reported as having been charged withmoney laundering.^[35][36]
• 20 July 2017; U.S. Attorney GeneralJeff Sessionsannounces shutdown of the site.^[37]
• 23 July 2017: Narcotics Suppression Bureau chief is interviewed and suggests that more suspects will be arrested soon.^[38]

AlphaBay was relaunched as early as 8 August 2021.^[39]Details of the new operation surfaced after a conversation betweenWiredand a user with the same verifiedpublic keyas a former site administrator for AlphaBay. Using the alias DeSnake, the former vendor and self-described co-founder of the original AlphaBay now claims to operate the marketplace, placing a higher emphasis onoperations securitythan the previous administration, stating "there is no overkill" regarding the site.^[1]

As part of the site's relaunch, multiple new features have been advertised and new rules announced. Notable among new features are AlphaGuard (which allegedly prevents users from losing funds even if seizures on all servers occur at the same time), an automatic system to resolve disputes between buyers and sellers, exclusive use ofMonerowallets, and the offering ofI2Pmirrors.^[1]Concerning rules, items newly prohibited from sale includeCOVID-19 vaccines,firearms,products containing the narcoticfentanyl,pornography, and"hitman services".Furthermore, there is a ban on discussions of any public or private information related to the governments, organizations, or people ofRussia,Belarus,Kazakhstan,Armenia,andKyrgyzstan.^[40]This has led to loose speculation that there is a connection between the site operators and the governments of these nations.^[1]

In early February 2023, the market went into lockdown, preventing users with2FAverification from logging in. Accounts affected included all of the site staff and vendors. As admin team member TheCypriot explained in aRedditpost, the site went into partial lockdown due to one of itscanariesnot being signed in time by DeSnake.^[41]They did not reappear to rectify the problem and have not been heard from since. With its owner missing and staff unable to sign the canary to lift the lockdown themselves, Alphabay de facto ceased operations. While a number of theories about the disappearance have been proposed, none have been substantiated with evidence.^[42]

• Greenberg, Andy(15 November 2022).Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency.Knopf Doubleday Publishing Group.ISBN978-0-385-54810-6.
• Greenberg, Andy (October 25, 2022)."The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow".Wired.
• Greenberg, Andy (November 1, 2022)."The Hunt for the Dark Web's Biggest Kingpin, Part 2: Pimp_alex_91".Wired.
• Greenberg, Andy (8 November 2022)."The Hunt for the Dark Web's Biggest Kingpin, Part 3: Alpha Male".Wired.
• Greenberg, Andy (15 November 2022)."The Hunt for the Dark Web's Biggest Kingpin, Part 4: Face to Face".Wired.
• Greenberg, Andy (22 November 2022)."The Hunt for the Dark Web's Biggest Kingpin, Part 5: Takedown".Wired.