Incognito Market, the largest English darknet marketplace, has shifted from a recent exit scam to blackmailing its users, threatening to publish their transaction details unless ransom demands are met. The extortion notice, posted on the dark website, targets vendors and buyers, demanding payments between $100 to $20,000 to prevent the leak of sensitive information, including cryptocurrency transaction IDs and chat records.
Key Insights
- Incognito Market’s head Admin issued an extortion notice threatening to leak user transactions and chat records.
- The extortion notice plans to release 557,000 orders and 862,000 cryptocurrency transaction IDs by the end of May.
- Ransom fees range from $100 to $20,000, depending on the vendor level, with a doubling in fees if not paid by April 1st.
- An exit scam was reported on March 5, 2024, with users unable to withdraw Bitcoin and Monero.
- Prior to the scam, Incognito Market prompted users to deposit ETH and DAI.
- Incognito’s administrator initially blamed withdrawal issues on system upgrades.
- Allegations of Incognito buying Darknetlive.com to manipulate users surfaced.
- Hugbunt3r, a head administrator on Dread, claimed Pharaoh tried bribing him to silence scam allegations.
- A “Payment Status” page on the website shows which vendors have complied with the ransom.
- A whitelist portal is promised to remove transaction records from market history for compliant users.
Just days after the confirmation of one of the largest crypto ‘exit scams’ in recent weeks, owners from the Incognito market posted an extortion notice on the homepage of their dark website. The notice threatened to extort all of the darknet’s vendors and buyers.
The Incognito Market is one of the largest darknet markets in the English market and is known for trading narcotics on the darknet. Owners from the website posted a blackmail message notice threatening to publish cryptocurrency transactions and chat records of its users.
The blackmail notice indicated its intentions to leak “557k orders and 862k crypto transaction IDs at the end of May.” Vendors of the darknet marketplace could prevent their information from being leaked if a ransom fee ranging from $100 to $20,000 is met.
What We Know about the Incident
On March 5th, 2024, rumors surfaced of a darknet market exit scam. The first reports circulated on Dread when users of the Incognito Market reported a problem with withdrawing Bitcoin and Monero. The exit scam potentially left thousands of users without access to millions of dollars worth of funds on the platform.
Just a week before the reported exit scam, the Incognito Market invited all users of its users to deposit ETH and DAI as options for payments. The invitation was a possible last-ditch attempt to secure new users before finalizing their last escrow payments and exit scam.
The circulating reports on Dread triggered a response from one of the site’s administrators, “Pharoah.” The administrator went on to blame the withdrawal issues on upgrades being made in Incognito’s withdrawal system.
Pharoah said in a post “Please note that the initial stages of this upgrade may briefly affect usability in the first few days since the servers are multitasking on both old data synchronization and new requests.”
Pharoah assured Incognito’s users that “the coins would arrive, as they always do and always have been,” and that the site was in the process of processing “154 withdrawals of both BTC and XMR.”
He also went on to promise users that the website would launch its major interface and currency upgrades before its third anniversary. Meanwhile, deposits on the darknet marketplace remained open.
Reports of withdrawal issues continued to circulate, which led to Dread’s head administrator ‘u/Hugbunt3r’ to address the matter in a post. Hugbunt3r went on to say that he had been in discussions with Incognito’s site administrator.
Hugbunt3r pointed out in a post that Incognito Market had bought Darknetlive.com as a means to influence users to use the marketplace. However, Hugbunt3r may have managed to convince Pharoah to sell Darknetlive to a thirdparty; this is yet to be confirmed.
After a heated discussion between the two site administrators, HugBunt3r claimed in a post to have been offered a bribe from Pharaoh. The bribe offer was a request to remove any posts concerning Incognito Market from Dread. Hugbunt3r’s refusal to accept the bribe and remove the posts confirmed the allegations of an exit scam.
However, if that wasn’t enough, owners of the Incognito Market went on to post an extortion message on the site’s homepage. The message reads “Expecting to hear the last of us? We got one final little nasty surprise for y’all.”
The blackmail message went on to say
“We have accumulated a list of private messages, transaction info, and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.”
Owners of the darknet market expressed their intentions to publish a list of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May. Vendor’s and customer’s information would be excluded from the list if a ransom were paid before the deadline.
“Payment Status” page
Owners of the website included a “Payment Status” page with their extortion message. At the top of the payment status page, a message said “You can see which vendors care about their customers below.”
The payment status page exposed vendors of the marketplace by their handle names and indicated whether a vendor has agreed to pay the ransom demands. Allegedly, vendor’s names that appear with a green label have opted to pay the ransom demands, while the ones in red are non-compliant.
Extortion prices for vendors
The Incognito Market ranked their vendors according to the amount of transactions made within the market. ‘Level 1’ vendors are expected to pay $100 in ransom demands, while ‘Level 5’ vendors are subsequently being charged $20,000. In addition, if the ransom demands were not met by April 1st, the demand fee would double.
Furthermore, administrators from the Incognito Market promised to open up a “whitelist portal” in a few weeks. The whitelist portal would allow buyers to remove their transaction records from the darknet marketplace’s history. Besides, who’s to say that paying out the extortion pricing will do anything. Pharoah clearly has no ethics here, and this could set a bad precident for the future.
The good news is that should anyone have followed all OpSec guidelines, they need not worry.