AlphaBay’s darknet market owner, known as “DeSnake” went AFK nearly a month ago, causing the darknet market to lose functionality. From DDoS attacks to 2FA in its entirety failing. This caused mayhem in the darknet community with many speculating the website now functions as a honeypot, and some even linking DeSnake’s disappearance to the Turkey/Syria earthquake. Let’s explore and break down some of these conspiracy theories, and we can finally conclude whether this is an Exit Scam.
The short answer, DeSnakes’ disappearance likely points to an exit scam.
AlphaBay Goes Offline
We last reported on this issue on February 10th, explaining that all AlphaBay darknet vendors and users who use 2FA were locked out of the website and greeted with an error message. Since then we’ve received some clarification over the situation, but many more questions.
Soon after our post, AlphaBay staff member “Peke” reached out to our LiveDarknet.com team. Peke explained the following.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
Hello livedarknet.com
I am peke, staff at AB. I am confident that it’s not LE as withdraws are still working.
Logically, if LE took the market, they would want to leave it up and gather information- not lock everyone out.
I expect TheCypriot to take over or DeSnake to come back soon.
—–BEGIN PGP SIGNATURE—–
iNUEARYKAH0WIQQIuSK8nhh0XQrJYV4i69jPuSN1+AUCY+dFwl8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MDhC
OTIyQkM5RTE4NzQ1RDBBQzk2MTVFMjJFQkQ4Q0ZCOTIzNzVGOAAKCRAi69jPuSN1
+JeSAQCQJAP61r020yVZgn6/P2qBpbXl3pQzHb47Xjjn2EMZ+AEAsP14S6fHPNf1
0imG/woGvOFwP+WvqMdNtTJ146eCYQ0=
=149G
—–END PGP SIGNATURE—–
Darknet Market Moderator, Peke
This left us in a pickle as we waited for AlphaBay admin TheCypriot to release some information to the public. Over the next few days, many darknet users began speculating about what was going on. Most agreed that it was simply DeSnake on sabbatical, unaware that there was an issue.
While he had updated the public Canary on January 25th, he hadn’t updated it on the backend. This caused the AlphaGuard to kick in, locking everyone out. The one thing AlphaBay had going for themselves was that users that didn’t use 2FA could still access the site and withdraw their funds (Which worked perfectly.)
As of the date of this article, the website is no longer accessible through it .Onion address and the I2P route, as it had been previously, indicating the worst. Even Dark.Fail added a warning to all looking to access AlphaBay
ALERT: AlphaBay’s admin disappeared, and the site is potentially exit scamming.
AlphaBay Law Enforcement Take Over
A popular theory that surrounded the situation was that DeSnake had been detained by authorities, and Law Enforcement was now in control of the darknet marketplace. This theory comes with one major flaw.
If law enforcement planned to use a darknet market as a honeypot, they would want it to be functional. While the website was still accessible, all vendors were forced to enable 2FA, so even though some users could access the website, no vendor could even view the orders. Processing them would be pointless, too, as they can not access their funds.
DeSnake Died In Turkey/Syria
The next popular conspiracy popped up on Reddit saying, ” DeSnakes disappearing coincides with the Turkey/Syria earthquake.” indicating the belief that DeSnake had been affected by the earthquake.
The theory works on the basis that Syria doesn’t have an extradition treaty.
Also I remember an interview awhile back where DeSnake said he resides in a country with no extradition to US. Syria has no such extradition treaty? What do ya think?
– u/northernexposure89
This may be plausible if you think about it for less than a second. DeSnake’s disappearance took place a few days before the earthquakes. The only realistic situation on this issue is that his servers were Turkey/Syria based, but this is once again unlikely.
AlphaBay Lead Admin Says Stay Away From AlphaBay
Which left two of the most realistic situations. Darknet market owner DeSnake has died, or this is an exit scam. But don’t take it from us; we finally heard from the Alphabay admin, TheCypriot.
Along with a PGP-signed message posted on Reddit, TheCypriot broke his silence, informing Darknet users, “Do not use the market. Easy to say since you can not use the market even if you want to.”
In his post, he explained the hierarchy of the market. Although moderator “Peke” believed that TheCypriot could take over and rectify the issue, this was not the case. The hierarchy works as follows:
- DeSnake – Owner: Private keys server access, total control
- TheCypriot – Admin: Runs day to day market and staff when it’s running. Does not have private keys or server access but has most staff authority
- Tempest – Senior Moderator
- Amades – Junior Moderator
- Wxmaz – Junior Moderator
- EvZen – Junior Moderator
- Parsed – Scam watch and PR: Incredibly patient normally deals with these types of things but I decided to create an account since this is the longest we have had a lockout.
- Peke – Forum Moderator
The Darknet Market admin then explained how AlphaGuard set in, and locked vendors, users, and even staff out of the darknet marketplaces.
The Canary is a lock on our PGP module, which handles all signing and creation of PGP messages. This has a direct impact on any account with 2FA (Staff and vendors mandatory, customers encouraged). You will get an error message saying ERROR: Data signing failed. This means the market is locked because DeSnake has not signed with his PGP key for a month, and the market locks down for safety.
This led to some confusion for people who are willfully ignorant or do not use and understand the way AlphaBay worked. DeSnake signed in the market, put the main back online and I thought signed the PGP lock on 15 January but this is a guess. DeSnake signed into the market on 25 January and signed the text canary, and posted it to the market for all to read. But did not Update the Canary that affects AlphaGuard.
AlphaBay Admin, TheCypriot
TheCypriot carried on explaining a few aspects on PGP, and the reason he doesn’t personally believe this is an Exit Scam, nor an LE takeover, but did admit that users should steer clear of the market for the time being. It seems that The Cypriot does have some good intentions over the situation, and wasn’t trying to shill to calm the people down.
Until the 2FA issue is solved with DeSnake logging in, nobody should use the market because it is locked down. If DeSnake comes back and signs the key, then you can argue among yourselves if you should use the market or not like any other market… In my experience, this is not an exit. I mean if it doesn’t come back it would be, but it would be the most poorly planned and executed exit in the history of the markets. Doesn’t mean that it wasn’t.
TheCypriot
Conclusion: AlphaBay’s reign has come to an end
No matter the outcome from here, AlphaBay’s reputation has been damaged almost irreparably. DeSnake played a critical part in the growth of the darknet and its marketplaces but hasn’t been able to successfully keep control over a marketplace for the second time.
As Cypriot explained in his message, its up to you whether AlphaBay would even be worth returning to should DeSnake return with some excuse. Still, for all we know, he’s sitting in the Bahamas, sipping on a Piña colada. We suggest taking a look at Archetyp or Bohemia for the time being.
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.