Blog Archive

DeepDotArchive

2014 in The Dark Net Markets: By The Numbers

10 minute read

Posted by: DeepDotWeb

January 3, 2015

Amazing writeup by Gwern (All credit goes to him – reddit profile link): posted in /r/darknetmarkets (original) Reposted here, Cleaned from Reddit formatting and added links to sources:

I list marketplaces which opened & closed, why, describe their lifetimes and risks, guess about reasons, and extract some predictions.

I also list all known 2014 arrests, convictions, or sentencing of DNM sellers/buyers/operators.

Marketplaces

(This is based on preliminary results from my marketplace table and draft code; the analysis should be done… some day. The R code for this specific analysis is on Pastebin.)

It has been a chaotic year for the blackmarkets. We saw no less than 43 different blackmarkets open up to try to take a crack at the jackpot SR1 (good job, FBI, telling the world how much it made!); in alphabetical order:

  • 1776 / Abraxas / Alpaca Marketplace / AlphaBay / Andromeda / Area51 / Armory Vendor Market / BlackBank Market / Black Goblin Market / Breaking Bad / Cannabis Road / Cannabis Road 2 / Cannabis Road 3 / Cantina / Cloud-Nine / DarkBay / Darknet Nation / Deepzon / Diabolus / Doge Road / drugslist / evolution / EXXTACY / Freedom Market / GreyRoad / Hansa / Hydra / Middle Earth Marketplace / Mr Nice Guy / Nucleus Marketplace / Onionshop / Panacea / Pigeon Market / Red Sun Marketplace / Sanitarium Market / Silk Street / TOM / Topix 2 / TorBazaar / TorEscrow / Tortuga 2 / Underground Market / Utopia

(I imagine most of these have been long forgotten, but nevertheless. If anyone needs mirrors, PM me.)

46 markets closed:

  • 1776 / Alpaca Marketplace / Andromeda / Armory Vendor Market / BlackBox Market / Black Goblin Market / Black Services Market / Blue Sky / Breaking Bad / BuyItNow / Cannabis Road / Cannabis Road 2 / Cannabis Road 3 / Cantina / Cloud-Nine / DarkBay / Darknet Nation / Deepzon / Doge Road / drugslist / EXXTACY / FreeBay / Freedom Market / GreyRoad / Hansa / Hydra / Mr Nice Guy / Onionshop / Pandora / Pigeon Market / Pirate Market / Red Sun Marketplace / Sanitarium Market / Silk Road 2 / Silk Street / The Marketplace / TOM / Topix 2 / TorBay / TorBazaar / TorEscrow / Tortuga / Tortuga 2 / Underground Market / Utopia / White Rabbit

Yes, the number of closures > number of openings and so the net active marketplace count went down. That said, many of the markets were incompetent get-rick-quick schemes by people who heard the FBI’s gleeful spreading of the good news that SR1 had made so much money, and we are all better off that they are gone. Flomarket was a teen trying to pay for audio equipment and coding it at school; Black Goblin was a German kid didn’t understand the idea of ‘anonymity’ and thought he could just run Drupal on his server; Cantina was an idiot American who outsourced development & was doxed by just what was on his server; Pandora was run by a git who felt entitled to rip off his customers for a hack that was his fault and then ripped them all off; Red Sun and Sanitarium were high on the grandiose and low on the execution; and so on. Few tears will be shed for them, and we can at least say of the survivors that they seem to be more serious and more competent.

Unfortunately, not all the closures were as amusing as Cantina or Black Goblin Market; people lost real money on SR2 all throughout the year and probably Pandora (but at least nothing nearly as epic as Sheep), and it is sad to see that The Marketplace, despite pioneering multisig, never got real adoption of it and closed after Operation Onymous. (It’s even more disappointing to see that uptake of multisig among users has been close to nil, with sellers accepting it reporting that almost no buyers are interested in using it, and centralized markets are back to being the standard.) It’s not easy to figure out whether a site vanishing is a scam or not, but my best estimate of the 2014 closure reasons thus far is:

  1. voluntary (possibly exit scams): 20
  2. scams: 12
  3. hacked: 9
  4. law enforcement/bust/raided: 6

Of the LE-caused closures, 3 were accompanied by site-operator arrests so far (implying a LE risk for operators so far of ~3/46):

  1. Utopia
  2. Silk Road 2
  3. Hydra

With this additional data, we can fill out our picture of the lifecycle of blackmarkets with a more precise survival curve drawing on the full dataset:

Blackmarkets thus far seem to have a steady mortality rate for the first year, but then it looks like risks shoot up steeply: very few blackmarkets thus far have passed the first-year mark, but it’s hard to be sure why, it may be that most of them died too young or not enough time has elapse for them to reach that mark. It may be better to break down the deaths by cause as above, to get a ‘competing risks’ survival curve:

(This would benefit from a confidence interval like the survival curve graph, but I haven’t figured out how to add those yet.) I draw a few lessons from eyeballing the graph:

  • early on, the main threats to markets is the operator giving up (blue) or it being hacked (black); it’s new, untested, unpopular, and unprofitable.
  • as time passes, hacking seems to be less of an issue. Either long-established markets are genuinely more secure, or possibly the operators are just better able to cover up hacking (akin to SR1 paying off a hacker, and SR2 simply brazening it out and hiding it in the 2 known instances)
  • law enforcement (red) is not a serious threat to a market until nearly a year in.In fact, the exception here proves the rule: the case of Utopia, which is that little blip in the red line almost at the start, demonstrates this lag time. Utopia was busted a week or two after opening, because much of its staff had been employed on BMR, which is where the Dutch police investigation started – except BMR shut down gracefully after 886 days of operation and the investigation followed the staff to Utopia and arrested them then! Backopy had a very close call; who knows how close the Dutch investigation was to nailing him or getting the staff to de-anonymize him?This point should be of serious concern to the operators of the_avid’s writeup of the alarming history of Western carding forums, and given the carryover of people and personal contacts from the recently-closed Tor Carding Forum/TCF to Evolution, the clock started ticking on Evolution before Agora and I think it is likely that there are already some CIs or UCs attempting to penetrate or on staff at Evolution.
  • The temptation to exit scam is constant; market operators are always tempted to seize the money and run

So what markets are still operating?

(This is just English-speaking marketplaces. For forums, vendor shops, and foreign-language marketplaces like RAMP or Silkittie, see DeepDotWeb.) As you can guess, most opened up in 2014:

  • Abraxas / AlphaBay / Area51 / BlackBank Market / Diabolus / evolution / Middle Earth Marketplace / Nucleus Marketplace / Panacea

It might be fun to extrapolate survival predictions from the survival model for the still active markets. Unfortunately, when I did so, some of the estimates are obviously idiotic:

Market Six Month Survival Probability One Year
Dream Market 100.0 100.0
Agora 65.6 65.6
Outlaw Market 72.3 72.3
evolution 17.5 17.5
BlackBank Market 13.1 13.1
Area51 57.7 28.1
Middle Earth Marketplace 56.8 28.8
Diabolus 34.7 0.0
Nucleus Marketplace 15.7 0.0
Panacea 89.7 34.4
Abraxas 85.9 51.2
AlphaBay 92.5 48.4

I’m not sure if I extracted the estimates wrong or if the model is just bad. 100% survival for Dream Market is wrong (I’m not entirely convinced that’s a real market), and it’s also obviously wrong that the survival estimate doesn’t decrease over time for some of the markets like Agora or Outlaw. I agree with some of them (does anyone seriously expect Diabolus to be around in a year?) but not others (why are Panacea/Abraxas/AlphaBay ranked so highly in the short-run?). Oh well.

Overall sales data is harder to estimate. There haven’t been any big analyses based on crawls released like there have been for SR1; the DCA has garnered a lot of publicity for itself by noting that listing counts on the major markets seem to have grown substantially over 2014 and listing count has considerably exceeded SR1 when it was busted. This is consistent with /r/DNM subreddit traffic statistics: we’re up to something like #840 in subreddits, and our February 2014 pageviews of 1,053,923 have grown steadily and in December 2014 the subreddit racked up 3,383,672 pageviews. (It’s also consistent with my experience crawling the blackmarkets – Evolution and Agora take forever to finish.)

People

So I looked at the markets. How about the users? Drawing on my arrest lists, let’s look back.

2014’s been a somewhat rough year for buyers & sellers. We saw Hydra (although there aren’t many details about the latter); and there’s been a trickle of arrests across the various markets, some new, some left over from 2013 and SR1 such as Charlie Shrem being sentenced for helping a SR1 Bitcoin-seller launder his cash. But on the whole, there haven’t been that many.

In no particular order:

  • BMR left a toxic legacy, in the Utopia bust and then a rat’s-nest of cases I haven’t been able to unravel:
  • the prosecution of Ross Ulbricht continued its labyrinthine convolutions as the lawyers duke it out with Bharara in pre-trial motions; some of the investigation looks quite dubious and it’s interesting that Tarbell has left the FBI for the dollar-lined pastures of private-sector computer security, but the judge doesn’t seem to be giving the defense an inch. Things look bad for him.
  • the rest of the SR1 staff continue working out their separate fates: SSBD is being extradite, Libertas I’m not sure (last I heard he hadn’t appeared in Ireland), Chronicpain has his plea-bargain, and Cirrus seems to have continue being flipped and helped bring down SR2
  • Digitalink, the first SR1 seller to be flipped, was sentenced.
    • Digitalink probably helped bust “edgarnumbers”, whose sentencing was also in 2014 as part of the unsealing of that case
  • a Bard College student got off lightly.
  • an Australian SR1 buyer was sentenced after his friend died using a psychedelic.
  • Luke Hanley pled guilty.
  • another Aussie was sentenced.
  • as were 2 leftovers from SR1.
  • and 1 from SR2.
  • a NZer convicted.
  • not to mention this NZer.
  • A Launceston Tasmania man was busted.
  • unusually, a Japanese buyer was arrested.
  • the “XTCExpress” members were sentenced.
  • SuperTrip’s bust became public knowledge, as well as that of his associate “UnderGroundSyndicate”/”BTCMaster”
    • despite a great deal of speculation, thus far it seems the Bungee54 team has not been arrested; they can’t be sleeping too easy though, after what happened to SuperTrips
  • Charlie Shrem and BTCKing were arrested
  • and who can forget the entire “XanaxKing” operation being rolled up and CDs down to his customers (almost 60 of them, the police claimed), and one of them being arrested thanks to Facebook?
  • “CALIGIRL” should still be in recent memory
  • the late, not too lamented Willy.Clock.
  • Markets:
    • 5 arrested for Utopia
    • 1 for Hydra
    • 1? for SR2 (just Benthall?)

I think this is mostly comprehensive: I’ve omitted cases I haven’t looked into enough, cases which sound like blackmarkets but where there was no clear confirmation, and ones reported solely by Redditors and forumites. But please post if I missed anyone.

Conclusion

So. We saw a flood of new markets; we saw a flood of closures, with a hefty number of scams. Market volume seems to be up compared to 2013, with Evolution+Agora+SR2 having many more listings than SR1+BMR did. Law enforcement action was nontrivial, but for the most part irrelevant. The main risks to buyers and sellers seems to be getting profiled & traced back, or getting CDs, respectively. Technologically, the DNM scene remains unchanged: people continue to use Tor hidden services + centralized markets + Bitcoin, despite some attempts to use I2P, multisig, and Darkcoin /Litecoin / Dogecoin; the structural flaws of centralized markets & hidden services remains, but it seems people like the convenience and are aggregatively uninterested in more complicated setups. (This makes for the easiest prediction ever about OpenBazaar or Syscoin or P2Pox: they’re not going to take off.)

To sum up 2014: “sturm und drang, little change”!

Updated: 2015-01-03

Updated:

You may also enjoy