Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business

The new-look AlphaBay will have to work to regain trust in the criminal underworld.
dark web, hacker
(Getty Images)

It might be time to update the obituary of one of the web’s most notorious marketplaces for hacking tools and drugs.

Four years after the FBI shut down AlphaBay, which registered a reported $1 billion in transactions, a scammer is touting the launch of a new version of the illicit marketplace, according to threat intelligence firm Flashpoint.

In an online posting earlier this week, someone claiming to be one of the original moderators of AlphaBay said the marketplace was coming back into business, Flashpoint researchers noted. Among the offerings on the revamped AlphaBay, according to the posting, will be the source code of a hacking tool that steals banking credentials, and money, from victims.

U.S. and European law enforcement agencies have in the last year conducted a series of crackdowns on popular dark-web forums. But the alleged resurrection of AlphaBay, dubbed the of the dark web, shows how difficult it can be for law enforcement agencies to keep some cybercrime venues shuttered.


A spokesperson for the FBI, which announced the arrest of AlphaBay creator Alexandre Cazes to much fanfare in July 2017, did not respond to a request for comment on Wednesday.

The apparent rebooting of AlphaBay also points to the new scrutiny that cybercrooks are under after the Colonial Pipeline disruption in May: The revamped AlphaBay will forbid posts mentioning ransomware, according to the announcement.

Maria Gershuni, a Flashpoint analyst, said that cybercriminals are increasingly aware that they need to steer clear of taboo subjects like ransomware and fentanyl.

“We’ve seen some creative evasion techniques” on forums, Gershuni said, citing a ransomware gang that solicited services from “access providers” — or those that hack targets — rather than ransomware specialists themselves.

“The rules are: Build me a 10-foot wall and I’ll show you a 11-foot ladder,” Gershuni said.


Whether or not the revamped AlphaBay gains the clout among criminals that its predecessor enjoyed remains to be seen. The person who apparently boasted that AlphaBay is back, who goes by the alias DeSnake, has street credibility among crooks. DeSnake was one of the original moderators of AlphaBay along with Cazes, who committed suicide while imprisoned in Thailand.

“[DeSnake has] been around. They’re established,” said Ian Gray, senior director of research and analysis at Flashpoint. “They were brought in [to AlphaBay] because they had technical skills.” Gray said he verified the encryption key that DeSnake provided as proof of his identity.

DeSnake and the new-look AlphaBay will still have to work to regain trust in the criminal underworld. Another criminal forum administrator has cast doubt on DeSnake’s motives, saying they were unsure if DeSnake had been “compromised” by law enforcement.

Thomas Beek, U.K. Photon Research Team manager at threat intelligence firm Digital Shadows, said of the phenomenon that “cybercriminal marketplaces have gone through a tumultuous time in recent years, with regular exit scams and law enforcement seizures resulting in the community becoming increasingly suspicious of both emerging and established platforms.”

As of Wednesday, the new AlphaBay website was inaccessible, Flashpoint said. The reason? DeSnake claimed they were the victim of distributed denial-of-service attacks from a rival scammer.


But Gray said that is all part of the growing pains of a new cybercriminal enterprise.

“I anticipate there will be a migration of vendors to this marketplace,” he said. “Just give it a few days.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts