AlphaBay Dark Web Marketplace, Shut Down by FBI for Four Years, Claims to Be Back in Business

It may be time to update the obituary of one of the Web's most notorious dark Web trading marketplaces.

Four years after the FBI shut down AlphaBay, which allegedly had $1 billion in transactions, a scammer is touting the launch of a new version of the illegal marketplace, according to threat intelligence firm Flashpoint.

In an online post earlier this week, someone claiming to be one of AlphaBay's original moderators said the marketplace was back in business, Flashpoint researchers noted. According to the post, products on the revamped AlphaBay will include the source code for a hacking tool that can steal victims' banking credentials and money.

Law enforcement agencies in the United States and Europe have conducted a series of crackdowns on popular dark Web forums in the last year. But the supposed resurrection of AlphaBay, known as the Amazon of the Dark Web, shows how difficult it is for law enforcement agencies to shut down some cybercrime sites.

An FBI spokesman, who announced the arrest of AlphaBay creator Alexandre Cazes in July 2017 to much fanfare, did not respond to a request for comment Wednesday.

AlphaBay's apparent relaunch also suggests that cybercriminals are under new scrutiny following the Colonial Pipeline outage in May. According to the announcement, the revamped AlphaBay will ban posts that mention ransomware.

Maria Gershuni, an analyst at Flashpoint, said cybercriminals are increasingly aware that they need to avoid taboo topics such as ransomware and fentanyl.

"We've seen some creative evasion techniques on the forums," Gershuni said, citing a ransomware ring that seeks services from "product vendors" - or those targeted for intrusion - rather than ransomware experts themselves.

"The rule is: build me a 10-foot wall and I'll show you an 11-foot ladder." Gershuni said.

Whether the revamped AlphaBay will gain as much traction with criminals as its predecessor remains to be seen. Apparently, the man who boasted that AlphaBay was back, under the alias DeSnake, has street credibility among hustlers. deSnake was one of AlphaBay's original moderators, along with Cazes, who committed suicide while imprisoned in Thailand.

"[DeSnake] has been around forever. says Ian Gray, senior director of research and analytics at Flashpoint." They were brought in [to AlphaBay] because they had technical skills." Gray said he verified the encryption key provided by DeSnake as proof of their identity.

DeSnake and the new-look AlphaBay will still have to work to regain trust in the criminal community. Another crime forum administrator expressed skepticism about DeSnake's motives, saying they were not sure if DeSnake had been "recruited" by law enforcement.

Commenting on the phenomenon, Thomas Beek, manager of the UK Photon Research Group at threat intelligence firm Digital Shadows, said, "The cybercrime market has gone through a turbulent period in recent years, with regular exit scams and law enforcement seizures leading the community to become increasingly suspicious of both emerging and established platforms. "

As of Wednesday, the new AlphaBay site was inaccessible, Flashpoint said. The reason for this is that DeSnake claims they're experiencing a distributed denial-of-service attack from a competitor.

But Gray says it's all part of the growing pains of a new cybercrime organization. "I expect there will be some vendors of cybercrime products that will migrate to this market." He said. "Just give it a few days."