Thursday, March 23, 2023



Category: CyberCrime

The United States Department of Justice(DOJ) in cooperation with international law enforcement agencies shutdown Bitzlato Limited, a Hong Kong-based cryptocurrency exchange, and arrested its founder and major shareholder for facilitating the transfer of illicit funds.

Seizure banner uploaded on Bitzlato's website.

According to an announcement by the DOJ, Bitzlato was founded in 2016, by 40-year-old Anatoly Legkodymov, a Russian citizen who resides in China. Legkodymov and his co-founder run Bitzlato with minimal Know Your Customer (KYC) requirements.
Bitzlato's lack of effective anti-money laundering requirements made it a favorite among crypto users who engaged in illicit activities. The exchange allegedly received hundreds of millions of dollars from suspected criminals such as ransomware attackers and users of dark web marketplaces such as the now-defunct Hydra Market.

The Connection Between Bitzlato and Hydra

According to the Criminal complaint, investigations into Bitzlato's operations reportedly revealed that a majority of the exchange's users were also Hydra users. Bitzlato was Hydra's second largest counterparty. Hydra buyers funded their purchases from accounts at Bitzlato, while the vendors on Hydra cashed out via accounts at Bitzlato. A total of approximately $700 million in cryptocurrency was exchanged between the two platforms.
Blockchain analysis revealed that between May 2018 and Hydra's shutdown in April 2022, Hydra users sent approximately $170 million in cryptocurrency to Bitzlato wallets. In the same period, Bitzlato received an additional $218 from non-Bitzlato addresses that had received funds from Hydra users.
During the same period, Bitzlato users sent over $124.4 million to Hydra. An additional $191 million was sent to Hydra from addresses that had received funds from Bitzlato wallets.
In addition to facilitating Hydra transactions, Bitzlato was reportedly used to cash out more than $15 million in crypto received from addresses that had received proceeds of ransomware attacks.

Bitzlato's Personnel Role in Illicit Transactions

Bitzlato's employees sometimes blocked accounts of users suspected of engaging in illicit activities but in most cases let the customers be. Communications between Bitzlato's customers and support representatives reportedly showed that the employees knowingly helped the customers transfer funds to Hydra.
In one such case, a customer who contacted Bitzlato's support on October 18, 2020, and asked if he could transfer funds from his Bitzlato wallet to Hydra was told, “you can transfer BTC to any actual address. There are no restrictions for any individual services.”
Bitzlato's support also knew that most of their customers used accounts created under the identities of other individuals. The support representatives allowed such customers to continue using the exchange without restrictions.
Legkodymov and his co-founder were aware of the high volume of illicit funds transferred through the exchange but decided that blocking users who engaged in illicit activities would hurt the exchange's bottom line.
Bitzlato’s role in illicit activities was highlighted in a document titled “Competitor Analysis,” made by Bitzlato’s marketing director, and shared with the platform’s management. The document included "no KYC" as one of Bitzlato’s pros while "dirty money" and "lots of scams" were listed as some of the exchange's cons.

US-based Customers on Bitzlato

Bitzlato is also accused of offering its services to US customers even though it was not based in the US. In cases where Bitzlato provided data regarding customers placed under investigation by US authorities, the data showed that the customers had been accessing the exchange from IP addresses in the US.
Information received from an undisclosed US-based cryptocurrency exchange reportedly showed that 1,600 of the exchange’s US-based customers had transferred a total of approximately $2.4 million to Bitzlato.
Legkodymov also managed the exchange while he was in the US. Legkodymov entered the US in October 2022 and had been residing in Miami, Florida. Information acquired from his ISP in Florida showed that he had been accessing Bitzlato’s management server.
Legkodymov was arrested on January 17, 2023, by US authorities in Miami. During Legkodymov's arrest, an international operation led by French authorities in partnership with law enforcement agencies in Spain, Portugal, the Netherlands, and Cyprus under Europol's coordination took down Bitzlato and seized its crypto assets.

Category: CyberCrime

A distributed denial-of-service (DDoS) attack targets websites and servers by disrupting network services. A DDoS attack attempts to exhaust an application’s resources. The perpetrators behind these attacks flood a site with errant traffic, resulting in poor website functionality or knocking it offline altogether. During a DDoS attack, a series of bots, or botnet, floods a website or service with HTTP requests and traffic. Essentially, multiple computers storm one computer during an attack, pushing out legitimate users. As a result, service can be delayed or otherwise disrupted for a length of time.

It’s possible that hackers can also infiltrate your database during an attack, accessing all kinds of sensitive information. DDoS attacks can exploit security vulnerabilities and be targeted at any endpoint that is reachable, publicly, through the internet.
Denial-of-service attacks can last hours, or even days. These cyber assaults can also cause multiple disruptions throughout a singular attack. Both personal and business devices are susceptible to them.
Types of DDOS attacks
There are several different types of DDoS attacks. In general, a DDoS attack falls under three primary categories: volumetric attack, protocol attack, and resource layer attack.
1. A volumetric attack overwhelms the network layer with—what, initially, appears to be legitimate—traffic. This type of attack is the most common form of DDoS attack. An example of a volumetric attack is DNS (Domain Name Server) amplification, which uses open DNS servers to flood a target with DNS response traffic.
2. A protocol attack causes a service disruption by exploiting a weakness in the layer 3 and layer 4 protocol stack. A SYN attack, which consumes all available server resources (thus making a server unavailable), is an example of such an attack.
3. A resource (or application) layer attack targets web application packets and disrupts the transmission of data between hosts. Examples of this type of attack include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks.
Cyber-attackers might use one or multiple types of attacks against a network. For instance, an attack might start off as one class of attack and then morph into or combine with another threat to wreak havoc on a system.
Additionally, there are a variety of cyber attacks within each category. The number of new cyberthreats is on the rise, and expected to climb, as cybercriminals become more sophisticated.
If you suspect your network is under attack, it’s important that you act fast—on top of downtime, a DDoS attack can leave your organization vulnerable to other hackers, malware, or cyberthreats.

Why darknet markets are a target

May be for various reasons like extortion, a competitor trying to steal users or even law enforcement.
Most of the time like we have seeing in the past the attackers demand a ransom bounty like in cases that involved defunct markets: Empire and Nightmare market.

Market posts about ongoing DDoS

But what are the effects that an DDOS attack causes in a market.
Loss of revenue
The downtime can be extremely costly for markets, because without uptime you don’t have sales and without sales there’s no revenue, so vendors become to think about other markets to stand up business
and customers need a new way to buy their products. And other factor is that people start asking if the market it’s going to be up again sometime and all the FUD starts, we have hundreds of examples in the past.
Damage to brand reputation
Some industries and business such as darknet markets relay heavily on their reputation for service availability. If customers can’t trust that a vendor will be consistently online and available, they can easily spread the word online, via Reviews, forums or other social media channels. To acquire new customers in a highly competitive environment a market must maintain a positive reputation.
Maintenance costs
Scrambling to recover scripts and codes during and after a DDoS attack incurs additional labor costs, such as overtime or the need to use outside consultants. And, the fallout can affect more than just the staff; a DDoS attack and the associated downtime can impact a markets public relations, and strain existing customer support teams who may be scrambling to respond to customer complaints disputes or requests.
To keep the market online when a ddos attack is happening is not a easy thing, admins have to burn a lot of money on servers trying to escalate the attack. On the actual scene this type of strategy is not working so they had to find other solutions.

Current scene

DDOS attacks happens since early days of tor and markets always have fight against it, so this time is not different.
You can find the rotational mirrors directories for markets here
Rotating links it’s a good strategy and its working for some markets, some users are against it for Opsec reasons, having a clearnet mirror can be dangerous and some markets admins are total against it, but tough times need tough decisions sometimes.
The other solution is the I2P Network
The Invisible Internet Project (I2P) is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected. In some cases people rely on the network when they need to be discrete or are doing sensitive work. A lot of markets are providing i2p mirrors for users and have a really stable uptime. About the security and how it works you can find all info here.
One thing that can help fighting the DDOS is the Proof-Of-Work system added to the TOR network.
Proof of work is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. Is the technology implemented on bitcoin and a lot of other cryptocurrencies.
Some users are discussing about it on the /R/TOR subreddit

It's been in the working for 7 years now. Several members of the tor project have offered proposals for token-based validation. Shoot, even CloudFlare offered a road map for PoW that the tor project could easily implement.
I understand this is a complicated matter, but 7 years? They've patched major vulnerabilities in weeks, and given the recent ongoings with the government of Iran allegedly ddosing anti-regime onion services, PoW is of the utmost importance. Tor becomes a lot less valuable if a script kiddie can knock out your site with a github script.
Every so often we'll hear about a proposal or plans to include it in the next update, yet here we are. As a regular supporter of the Tor Project, I'm really starting the question whether or not my money is being used wisely.
So, given how pressing the issue is and how many adequate solutions for PoW are out there, why haven't we seen any real implementation of PoW?
Edit: I'm talking about using captchas and in-browser tokens, as this is the most popular and one of the easier methods to implement PoW. I am ONLY discussing the use of PoW for preventing ddos attacks on onion services.

Tor devs have recently decided to work on implementing PoW. However, the deadline has been postponed for four months to the end of 2022. Whether it will be finished in time and whether or not it works remains to be seen. But hopefully, it will resolve the current issue revolving around darknet markets and DDoS attacks.

Murder for Hire Darkweb
Category: CyberCrime

The Berlin public prosecutor’s office has accused a 28-year-old of trying to hire a hitman on the darkweb to kill the ‘partner’ of the man he loved.

A 28-year-old allegedly searched for a hitman on the darkweb to kill “the partner of a man who did not love him back.” Based on the machine-translated text, I believe this is a homosexual love triangle(?).

In early 2020, the defendant fell in love with someone in a committed relationship with the intended victim of the murder-for-hire plot. The defendant initially tried to win the man’s love by using so-called “witches curses” available on the internet. The curses predictably failed.

At the end of 2021, the couple moved into an apartment, causing the defendant’s jealousy to increase. In February 2022, the defendant allegedly decided to have his rival murdered. He found a website on the darkweb that advertised murder-for-hire. The defendant created an account and provided the site with the name of the intended victim, a description, the victim’s address, and pictures of the victim. The hit was supposed to look like an accident or a robbery.

On March 7, 2022, the defendant sent the website administrator $24,000 in Bitcoin to complete the job. On March 12 and 15, 2022, the administrator requested more money, and the defendant sent the requested money.

On March 18, 2022, the site administrator announced that the murder would occur on March 23. On March 21, the administrator told the defendant that the hitman had been arrested. By then, the defendant had sent the administrator $24,000 in Bitcoin. The admin had another hitman ready to complete the job but would require an additional payment. The defendant paid the new fee.

Finally, on April 4, 2022, the administrator revealed to the defendant that he had fallen for a scam and would not receive his money back.

murder for hire Darkweb

An investigative journalist uncovered the plot and sent the information to the police, resulting in the defendant’s arrest. The 28-year-old is now facing charges for attempted incitement to murder at the Berlin Regional Court.

 USPS Seized $2.4 Million Worth of Drugs
Category: CyberCrime

A collaboration between Chicago police and the United States Postal Service (USPS) resulted in the seizure of $2.4 million of illegal drugs.

Chicago police, USPS, and the United States Postal Inspection Service (USPIS) launched a joint task force in February 2021 to prevent packages of drugs and illegal guns from entering Chicago.

“We want to play our part in helping defend our communities from the illegal things that come into those communities,” USPIS employee Bill Hendricks said.

According to a press release published by CBS, the task force intercepted 42 guns and $2.4 million worth of illicit substances, including cocaine, fentanyl, and meth.

task force 

Feds Seized RaidForums
Category: CyberCrime

The United States Department of Justice announced the seizure of RaidForums, “a popular marketplace for cybercriminals to buy and sell hacked data.”

An ongoing investigation led by the FBI’s Washington Field Office and the U.S. Secret Service resulted in the seizure of the popular cybercrime forum RaidForums and the arrest of the alleged creator of the site, Diogo Santos Coelho. Police in the United Kingdom arrested Coelho on January 31, 2022.

A recently unsealed six-count indictment charged Coelho with conspiracy, access device fraud, and aggravated identify theft. The indictment accuses Coelho of creating and operating RaidForums from January 1, 2015, to January 31, 2022. On April 11, 2022, the Department of Justice announced the seizure of “,” “,” and “”

“RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials, and social security numbers. Before its seizure, RaidForums members used the platform to offer for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the United States and internationally.”

In addition to creating and administrating the site, Coelho allegedly sold hacked or stolen information to RaidForums users and operated a fee-based “Official Middleman” service. According to the indictment, “Coelho offered to accept cryptocurrency from the purchaser and files, including stolen access devices and means of identification, from the seller.” Coelho then ensured the buyer and seller were satisfied with the transaction and released the funds to the seller and the files or data to the customer.

During the investigation, law enforcement officers operating in an undercover capacity purchased social security numbers, email addresses, passwords, and bank routing and account numbers from sellers on RaidForums. Coelho interacted with undercover law enforcement officers on several occasions, including his alleged role as a middleman and seller. In one interaction described in the indictment, feds spent $4,000 in Bitcoin on 1.1 million “payment card account numbers, names, addresses, and phone numbers associated with the payment card account numbers” but received nothing in return.

“On or about December 16, 2018, COELHO, who was using the moniker “Downloading,” made a posting on the RaidForums website, which offered for sale 2.3 million payment card account numbers, including the names, addresses, and phone numbers associated with the payment card account numbers, which were purportedly obtained from a breach of records belonging to United States hotels.”

“On or about March 4, 2019, in the Eastern District of Virginia and elsewhere, COELHO, who was using the moniker “Downloading,” provided an undercover law enforcement officer with three stolen access devices, to wit, payment card account numbers, card verification values, expiration dates, and the names associated with the payment cards. COELHO agreed to this exchange to convince the undercover law enforcement officer that “Downloading” could be trusted to sell approximately 1.1 million stolen access devices in exchange for a Bitcoin amount that was equivalent to approximately $4,000 at the time.”

“On or about March 5, 2019, in the Eastern District of Virginia and elsewhere, Coelho, who was using the monikers “Downloading,” “Omnipotent,” and “Shiza,” arranged to both sell and serve as the middleman in the transaction to sell approximately 1.1 million stolen access devices to the undercover law enforcement officer. Coelho received a Bitcoin amount that was then equivalent to approximately $4,000; however, he did not provide the stolen access devices.”

In a different undercover transaction described in the indictment, the RaidForums user “SubVirt” listed 30 million records stolen from a major telecommunications company and wireless network operator. The records included “customer names, social security numbers, dates of birth, driver’s license numbers, phone numbers, billing account numbers, customer relationship manager information. Mobile Station Integrated Services Digital Network (MSISDN) information. International Mobile Subscriber Identity (IMSI) numbers, and International Mobile Equipment Identity (IMEI) numbers.” A third-party operating on behalf of the hacked telecom company then purchased the data, using Coelho’s middleman service.


The indictment also accuses Coelho of falsely registering a domain name.

“On or about June 6, 2018, Coelho, using the moniker “Omnipotent,” transferred the false registration of the domain “” to a U.S.-based domain registrar based in Phoenix, Arizona using the alias “Kevin Maradona.” Coelho falsely registered the domain name knowing that it was used to support the RaidForums website in furtherance of the conspiracy.”

Several law enforcement agencies assisted the FBI and USSS in the investigation, including the Joint Cybercrime Action Taskforce (Europol), National Crime Agency, Swedish Police Authority, Romanian National Police, Judicial Police, Internal Revenue Service Criminal Investigation, and the Federal Criminal Police Office.

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

Coelho is in custody in the U.K. pending the results of an extradition hearing.



Top Dark Web Links

Dark Web Search Engines & Hidden Wiki's

Dark Web Links

Dark Web Search Engines & Hidden Wiki's

How Do I Access Hidden Services? In order to access .onion websites you need to download and install the Tor browser. You can download it for any operating system using...

By Administrator - Oct.11

Dark Net Links 2022

Dark Web Links

Dark Net Links 2023

TOP DARK NET MARKETS 2023   DeepMarket - is a secure and anonymous marketplace with Multisig Escrow System. Here you can find trusted sellers and buy the most popular products in DeepWeb...

By Administrator - Oct.11


Dark Web Links


Forums. This list contains forums, imageboards, and other platforms for discussion on the darkweb including Underdir, Blackhat Chat, 8chan, and Germany in the Deepweb. The forums listed here focus on...

By Administrator - Oct.11

Safe Darknet Email Provider

Dark Web Links

Safe Darknet Email Provider

Best Anonymous Email Services in 2021 .In this anonymous email piece, I’ll mention some of the best onion (and their clearnet domain versions, when available) email services which prioritize privacy...

By Administrator - Oct.11

 Top DarkNet Markets 2022

Dark Web Links

Top DarkNet Markets 2023

DeepMarket - is a secure and anonymous marketplace with Multisig Escrow System. Here you can find trusted sellers and buy the most popular products in DeepWeb (Recommended) TorBuy Money transfers Paypal, Western...

By Administrator - Oct.11

Open Source Software

Dark Web Links

Open Source Software

Open Source Software 1. OnionShare OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Link: http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ 2. Whonix Whonix ™...

By Administrator - Oct.11

Privacy Service

Dark Web Links

Privacy Service

Privacy Service 1. Snopyta Snopyta runs online services based on freedom, privacy and decentralization. Link: http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/ 2. RiseUp Riseup provides online communication tools for people and groups working on liberatory social change. We are a...

By Administrator - Oct.11