Those running dark web marketplaces will do almost anything to achieve their desire to make a lot of money or be the top cybercriminal market, including deceiving and manipulating their audience. Although these tactics can be advantageous, they do come with their pitfalls. If caught, a marketplace can go from hero to zero in a matter of seconds. This can leave behind a tarnished reputation, a bad taste in the mouths of their supporters, and an inevitable decline into the marketplace’s administrators performing an impromptu exit scam or simply abandoning ship and moving onto their next project. Remarkably, there will always be another marketplace waiting with bated breath, ready to take on the mantle of the “new kid on the block” and benefit from a formerly prestigious platform’s decline. If there is money to be made, there is always someone waiting to grab their slice of the pie.
This blog will explore just one example of this. In May 2020, Digital Shadows (now ReliaQuest) wrote about a popular marketplace called BitBazaar that got called out for attempted manipulation of subscriber numbers on the popular dark web platform, Dread. Roll on one month and with falling user levels, poor staff behavior, and allegations of withdrawal issues; everything points to an exit scam. Meanwhile, a new marketplace called “Neptune Market” has been waiting in the wings, preparing to fill the void. Let’s break down how BitBazaar’s alleged exit scam saga developed and look at Neptune market and its attempt to break into the cybercriminal market scene.
A brief review of BitBazaar
BitBazaar launched onto the dark web marketplace scene in mid-2019 with claims that it offered a “walletless market with escrow, auctions and anonymous orders,” low commission rates of 1% for vendors, an integrated forum, and support for multiple FIAT currencies to cater for a global audience. BitBazaar’s initial popularity increased following rival marketplace Apollon’s 2019 exit scam and law enforcement’s 2020 seizure of Berlusconi Market. BitBazaar’s administration team sourced new buyers and vendors using other platforms such as Envoy, The Hub, and Dread (on which the marketplace had even created a dedicated subdread to facilitate direct communications between the market team and its members).
In early May 2020, Dread administrator “Paris” banned BitBazaar’s subdread, accusing the platform of “massive subscriber manipulation.” BitBazaar allegedly inflated their subread’s subscriber numbers to make the marketplace appear more popular than it was. This tactic could potentially be adopted to drive up traffic numbers to any given site and enhance its reputation. Although the marketplace’s administrators refuted these claims at the time, they soon began pushing a counter-narrative, which stated that they had been on the receiving end of, “countless attacks,” that they, “only care[d] about our platform security and our users,” and that it didn’t, “make sense [to] fake our subscribers if we never care[d] about these numbers.” Ultimately, Dread’s administrator upheld the ban on BitBazaar’s subdread. They claimed a forum such as Dread would have given the marketplace “millions of impressions and thousands of clicks per 1 month period”. They likely did not want Dread to contribute further to an allegedly dishonest marketplace’s success.
1Subdread – Is a dedicated section created by a user/group of users on the Dread platform for a specific service or subject which fellow Dread users can subscribe to. This process helps to facilitate subscriber communications directly with the subdread owners and receive updates and information pertaining to the topic.
What has happened since BitBazaar’s Dread ban?
Since BitBazaar’s Dread ban, the marketplace’s growth momentum appeared to stall, and user interest levels took a nosedive. Although vendors reported that the service was still up and running as normal, they recognized a drop in the number of buyers since the Dread ban. User “oilcenter” said, “All we can say from a vendors perspective, our sales are real and our customers are real.” They added: “Sales are going down since this Dread-ban, thats for sure.” Approximately one month after the ban, BitBazaar buyers and vendors posted accusations of money withdrawal issues on Dread. Rumors of a possible exit scam also started to appear. For example, on 30 May 2020, a user posted a conversation they had had with BitBazaar staff. They outlined their difficulties withdrawing funds from the marketplace despite resetting their PIN as directed and directly sending a BTC address for their money to be paid. This user received aggressive responses from the marketplace staff, which ultimately led to the user being banned from the marketplace and their money not being refunded.
On 11 Jun 2020, a different Dread user stated, “Bit Bazaar is exit scamming within a week” and “We’re yet to known the exact story, but multiple vendors can’t withdraw, it validates the exit-scam.” A user with the moniker “BitBazaar_Support” (likely affiliated with the marketplace administration team) refuted this allegation with claims of an attack on the marketplace, and further explained that it could only remain online for a “short time” each day to allow users to withdraw their coins. The Dread community concluded this story was likely a cover for the exit scam, designed to buy BitBazaar’s administration team time. Other Dread users also shared their experience of similar issues on BitBazaar; one said, “2 options, and regardless of which one it is, the end result is, your coins are gone and you must suck it up and move on, BitBazaar is finished.” In the third thread on 14 Jun 2020, one Dread user opined, “THE SCAM IS NOW. It is the same as what Nightmare and Apollon did, locking out the vendors and luring in unsuspecting ignorants to part with their funds.”
At the time of writing, BitBazaar is inaccessible. BitBazaar_Support’s last known response on Dread was made on 11 Jun 2020 and stated, “market is online now. You can use it. withdraw/deposit/place orders and ..We have much tickets and requests due to 24 hours off-time, so please be patinent we will process all requests.” Regardless of whether BitBazaar conducted an exit scam (which is likely, given circumstances and allegations), or was hacked by an unknown entity, marketplace vendors and buyers have had trust burned once again. The episode also shows the power of forums, such as Dread or The Hub, in making or breaking of criminal marketplaces.
If BitBazaar had gotten away with its subscriber manipulation tactics, the marketplace would have likely grown steadily and cemented its position as one of the premier services. This would have increased the pot size if the site owners wanted to perform an exit scam at a later date or continue to live off the profits from being one of the top marketplaces in the cybercriminal scene.
The rise of Neptune
With BitBazaar making a sharp exit stage-right from the cybercriminal scene, there has been an array of candidates lining up to take its spot and provide a new home for BitBazaar’s abandoned vendors and buyers. One marketplace that has caught Digital Shadows (now ReliaQuest)’ attention is Neptune Market. This marketplace officially launched itself on The Hub and Dread in late June 2020 and has since established a presence on “onion.live” (a Tor network directory service) and created a dedicated subdread to provide updates and facilitate communications directly with subscribers.
The marketplace has already actively worked on incorporating new features such as Jabber and Telegram order notifications through an integrated API (this feature has not historically been seen with other dark web marketplaces). It has also undergone platform security testing with the help of threat actor “Stackz420”, who assessed that the marketplace was, “very well coded and is very secure.” Although this is the subjective opinion of one user, it acts as somewhat of a seal of approval because of Stackz420’s history of successfully performing security tests on various dark web platforms and their knowledge of the marketplace scene in general.
What does this all mean?
Well, in summary, not a lot. The dark web cybercriminal scene is familiar with exit scams, deceptive tactics, and unreliability issues. It is highly likely this latest event will have little to no impact on the broader landscape. There are already several candidates waiting patiently in line to take the place of Neptune Market, if and when it meets its almost inevitable demise! Like all new dark web marketplaces, time and patience will be essential to Neptune’s sustained growth, along with a capable administration team and support members who can answer queries and address any issues. What the future holds for Neptune Market is unknown.
It may become one of the next big platforms, or–like many of its predecessors–may simply be another small fish trying to grab a slice of the money pie. Two things are for sure:
1. Digital Shadows (now ReliaQuest) will be keeping a close eye on all the developments
2. Despite all the exit scams, law enforcement seizures, or marketplace abandonments, the dark web will never be short of candidates waiting for 15 minutes of fame.