239
submitted 7 months ago* (last edited 7 months ago) by CoolerOpposide@hexbear.net to c/news@hexbear.net

On March 10th, several days after Incognito Market was assumed to be shut down or no longer be processing transactions, the site posted a message to its homepage that reads as follows:

”Expecting to hear the last of us yet? We got one final little nasty suprise for y'all. We have accumulated a list of private messages, transaction info and order details over the years. You'll be surprised at the number of people that relied on our "auto-encrypt" functionality. And by the way, your messages and transaction IDs were never actually deleted after the "expiry"...”

”SURPRISE SURPRISE !!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up. We'll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers' info is on that list is totally up to you. And yes... YES, THIS IS AN EXTORTION !!! As for the buyers, we'll be opening up a whitelist portal for them to remove their records as well in a few weeks.”

”Thank you all for doing business with Incognito Market”

Exit scams are not uncommon on dark web markets, but this one is particularly large and openly threatening compared to most. Incognito Market requires the loading of cryptocurrency to a site-based wallet, which can then be used for in-house transactions only. All cryptocurrency on the site was seized from user’s wallets, estimated to be anywhere from $10 million to $75 million. After seizing the cryptocurrency wallets of all of the marketplace’s users, the site now openly explains that it will publish transactions and chat logs of users who refuse to pay an extortion fee. The fee ranges from $100 to $20,000, a volume based 5 tier buyer/seller classification.

Incognito Market also now has a Payment Status tab, which states ”you can see which vendors care about their customers below.” and lists the some of the market’s largest sellers. Sellers which have allegedly paid the extortion fee to not have their transaction records released are displayed in green, while those who have not yet paid are displayed in red.

Additionally, in a few weeks the site claims it will have a “whitelist portal” which would allow buyers to wipe their transactions and re-encrypt chat records.

Whoever is behind the website must be extremely, extremely confident in their anonymity, already working with government agencies, or both, because a bounty on this person is likely worth millions.

you are viewing a single comment's thread
view the rest of the comments
[-] supafuzz@hexbear.net 70 points 7 months ago

we never did what we were claiming to do with your data but this time we'll really delete it if you pay us, promise

[-] RyanGosling@hexbear.net 59 points 7 months ago

I feel like paying for your data to be removed will be used as further evidence by the Feds of your identity. If you just leave it be, you can claim plausible deniability and suggest that anyone can use any address as a decoy/dead drop, which is a common tactic for dark web vendors.

[-] CoolerOpposide@hexbear.net 39 points 7 months ago* (last edited 7 months ago)

Yeah that’s a fairly common understanding of the situation thus far. Speculation at this point is that they are already in cooperation with the Feds and have been for some time

[-] jackmarxist@hexbear.net 13 points 7 months ago

I won't be surprised if this is a CIA fundraising thing.

[-] RyanGosling@hexbear.net 2 points 7 months ago

The CIA definitely works with crypto to acquire black market cyber tools, among other illicit activities, but I can’t imagine the profits from a market ransom being that great compared to traditional gun running and drug trafficking (or just creative banking and front orgs).

[-] CoolerOpposide@hexbear.net 52 points 7 months ago* (last edited 7 months ago)

And also we super promise that even though we have a bounty of probably millions on our heads right now that we will totally be honest with your extortion transaction and not only not leak your data to the only people (govt agencies) who will care about protecting us, but also we super promise to permanently delete your data. We also super promise to delete our backdoor key to the site-wide auto encryption so any transaction and chat data which already exists will be inaccessible forever.

[-] RyanGosling@hexbear.net 35 points 7 months ago

To be fair anyone who’s foolish to use an on-site encryption feature is foolish. Almost every basic deep web guide explicitly says to use your OS’ pre-downloaded encryption apps and to never trust a site’s encryption.

[-] CoolerOpposide@hexbear.net 30 points 7 months ago

I mean yeah of course, but it tracks 100%. People who already think they are smart for using the dark web and crypto would many times be the exact people who think they’ve already taken adequate precautions. A learned fool is more of a fool than an ignorant fool.

this post was submitted on 20 Mar 2024
239 points (100.0% liked)

news

23532 readers
628 users here now

Welcome to c/news! Please read the Hexbear Code of Conduct and remember... we're all comrades here.

Rules:

-- PLEASE KEEP POST TITLES INFORMATIVE --

-- Overly editorialized titles, particularly if they link to opinion pieces, may get your post removed. --

-- All posts must include a link to their source. Screenshots are fine IF you include the link in the post body. --

-- If you are citing a twitter post as news please include not just the twitter.com in your links but also nitter.net (or another Nitter instance). There is also a Firefox extension that can redirect Twitter links to a Nitter instance: https://addons.mozilla.org/en-US/firefox/addon/libredirect/ or archive them as you would any other reactionary source using e.g. https://archive.today . Twitter screenshots still need to be sourced or they will be removed --

-- Mass tagging comm moderators across multiple posts like a broken markov chain bot will result in a comm ban--

-- Repeated consecutive posting of reactionary sources, fake news, misleading / outdated news, false alarms over ghoul deaths, and/or shitposts will result in a comm ban.--

-- Neglecting to use content warnings or NSFW when dealing with disturbing content will be removed until in compliance. Users who are consecutively reported due to failing to use content warnings or NSFW tags when commenting on or posting disturbing content will result in the user being banned. --

-- Using April 1st as an excuse to post fake headlines, like the resurrection of Kissinger while he is still fortunately dead, will result in the poster being thrown in the gamer gulag and be sentenced to play and beat trashy mobile games like 'Raid: Shadow Legends' in order to be rehabilitated back into general society. --

founded 4 years ago
MODERATORS