18
Jan 21

Joker’s Stash Carding Market to Call it Quits

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

The Russian and English language carding store first opened in October 2014, and quickly became a major source of “dumps” — information stolen from compromised payment cards that thieves can buy and use to create physical counterfeit copies of the cards.

But 2020 turned out to be a tough year for Joker’s Stash. As cyber intelligence firm Intel 471 notes, the curator of the store announced in October that he’d contracted COVID-19, spending a week in the hospital. Around that time, Intel 471 says many of Joker’s loyal customers started complaining that the shop’s payment card data quality was increasingly poor.

“The condition impacted the site’s forums, inventory replenishments and other operations,” Intel 471 said.

Image: Gemini Advisory

That COVID diagnosis may have affected the shop owner’s ability to maintain fresh and valid inventory on his site. Gemini Advisory, a New York City-based company that monitors underground carding shops, tracked a “severe decline” in the volume of compromised payment card accounts for sale on Joker’s Stash over the past six months.

“Joker’s Stash has received numerous user complaints alleging that card data validity is low, which even prompted the administrator to upload proof of validity through a card-testing service,” Gemini wrote in a blog post about the planned shutdown.

Image: Gemini Advisory

Then on Dec. 16, 2020, several of Joker’s long-held domains began displaying notices that the sites had been seized by the U.S. Department of Justice and Interpol. The crime shop quickly recovered, moving to new infrastructure and assuring the underground community that it would continue to operate normally.

Gemini estimates that Joker’s Stash generated more than a billion dollars in revenue over the past several years. Much of that revenue came from high-profile breaches, including tens of millions of payment card records stolen from major merchants including Saks Fifth Avenue, Lord and TaylorBebe StoresHilton HotelsJason’s DeliWhole FoodsChipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ.

Joker’s Stash routinely teased big breaches days or weeks in advance of selling payment card records stolen from those companies, and periodically linked to this site and other media outlets as proof of his shop’s prowess and authenticity.

Like many other top cybercrime bazaars, Joker’s Stash was a frequent target of phishers looking to rip off unwary or unsophisticated thieves. In 2018, KrebsOnSecurity detailed a vast network of fake Joker’s Stash sites set up to steal login credentials and bitcoin. The phony sites all traced back to the owners of a Pakistani web site design firm. Many of those fake sites are still active (e.g. jokersstash[.]su).

As noted here in 2016, Joker’s Stash attracted an impressive number of customers who kept five and six-digit balances at the shop, and who were granted early access to new breaches as well as steep discounts for bulk buys. Those “partner” customers will be given the opportunity to cash out their accounts. But the majority of Stash customers do not enjoy this status, and will have to spend their balances by Feb. 15 or forfeit those funds.

The dashboard for a Joker’s Stash customer who’s spent over $10,000 buying stolen credit cards from the site.

Gemini said another event that may have contributed to this threat actor shutting down their marketplace is the recent spike in the value of Bitcoin. A year ago, one bitcoin was worth about $9,000. Today a single bitcoin is valued at more than $35,000.

“JokerStash was an early advocate of Bitcoin and claims to keep all proceeds in this cryptocurrency,” Gemini observed in a blog post. “This actor was already likely to be among the wealthiest cybercriminals, and the spike may have multiplied their fortune, earning them enough money to retire. However, the true reason behind this shutdown remains unclear.”

If the bitcoin price theory holds, that would be fairly rich considering the parting lines in the closure notice posted to Joker’s Stash.

“We are also want to wish all young and mature ones cyber-gangsters not to lose themselves in the pursuit of easy money,” the site administrator(s) advised. “Remember, that even all the money in the world will never make you happy and that all the most truly valuable things in this life are free.”

Regardless, the impending shutdown is unlikely to have much of an impact on the overall underground carding industry, Gemini notes.

“Given Joker’s Stash’s high profile, it relied on a robust network of criminal vendors who offered their stolen records on this marketplace, among others,” the company wrote. “Gemini assesses with a high level of confidence that these vendors are very likely to fully transition to other large, top-tier dark web marketplaces.”

Tags: , ,

37 comments

  1. Carding was dead.long time ago after omerta goes bad
    Omerta was huge specially canada and usa carders

  2. The Sunshine State

    A lot of cyber-criminals walked away very wealthy

  3. We Miss you joker stash
    Someone make some Nice rip video of joker s stash
    🙁 RIP LOVE

  4. All right stash made his fortune but what about those carders who been working with stash?
    And why he said he have covid 19 that he quit why not just say he got enough money to retire now just.

    The carders do Now what? Crypto Trading?

    • First, you never talk about money
      Second, if you do mention you have enough to retire, you become even more valuable target because you confees to something, whether its true or not, whether we think that or not. As long as you confess it, from priority 1 you become 10

      Third, its weird that he has announced the covid crap, no criminal should ever do that, especially when theres apparently less than 1mil (or 250k) who required special care like him

      • Yes this is very strange and to be honest I dont believe him. There’s no reason to disclouse so much information except to distract Law Enforcement Agencies or something…

  5. what the next best site? I news ssn

  6. And now for the grand finale;
    Krebs was joker all along! Gotteem!

    PS YOU’RE GROUNDED SON!

  7. Joker, remember to put your entire website on the “Way Back Machine” archive site.

  8. Catding is finished

    Carding is finished What’s the Next Job for carders Kind of people?

  9. It’s so sad that scum of the earth recovered while so many good people don’t. These thieves are worse than politicians, they take as right from your pocket, can’t be voted out, or even put on display.

    • If you get frauded the bank always cover your losses….
      I really cant understood your statement about you try to tell here its not your money or credit its owned by bank

      • And where do you think the banks get the money to cover those losses? It sure isn’t from their own pocket. They pass the costs to their customers. The very same people who were ripped off by the thieves.
        Those who say fraud and credit card theft are victimless crimes, or either lying to themselves or are plain stupid.

        • The bank getting money from Federal reserve.

          • …actually you the consumer pay – the banks recoup the costs via transaction fees which are passed on – wait for it – through the merchant prices to you, the consumer…

            …just like shrinkage…

  10. Thx bro!

  11. Joker stash have party on yacht lol hoookers booze and alcohol
    In few months all the money spent and he will be back to making money lol money does not last for long i guess he got like 50 hookers. And a lot booze amd snooze
    Does he got instagram or facebook ?

    • You must be kidding? He is one of the wealthiest people in the world right now. Like multi-billion dollar in his left pocket.

  12. In crypto we say:” Not your keys not your coins ”
    In bank should be: “not your keys not your money”
    It goes many ways
    Rip joker! See in new York!

  13. Looking for his GoFundMe page.

  14. Joker is legend, like “Verto” (Tor Carding Forum).

  15. Thanks for the update and quick reply. I’ll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.

  16. The bank is insured. The bank expects financial losses, every business represents a certain degree of risk, fraud is part of doing business in the financial sector. My private bank pays an annual $ 10 million policy, do you think the bank / insurance company will be interested when it runs out of $ 500K? IT WILL NOT, it’s still a great business for the bank and for the insurance company. Yes, the bank includes this in its costs due to increased insurance, but it should be noted that carding is only responsible for a negligible part of the increased costs that are passed on to the bank’s end customer, ordinary ATMs and bank branches represent a much more significant fundamental factor that contributes to regular increases in hidden fees. .

    Bank harm people, Carders do not harm people, Carders damage the bank.

    by the way, there are much more serious bank frauds in which the victim does not receive compensation from the bank like a Phising fraud, Social enginiering attack on bank customer, zeus malware and other bank trojan atacks, ss7 hijaking, sim-swap on a mobile provider, SSN/identity theft frauds etc…

    carding is resistance, is not only fraud..

  17. I await to see the day this f#cker gets busted. It will happen, thats for sure.

  18. Meow?

  19. Hopefully this guy will die from covid. sSme goes for everyone who uses this site. The only way to reduce computer crime is to start treating it an actual crime, with severe penalties to the perps and their families. For banks and other accomplices, executives should get death penalty when there is a data breach. Morons like Multipla who say carding doesn’t hurt people should be tortured and disemboweled, as should it’s entire family.

  20. Extraordinary Thank you for sharing the data.

  21. Stańczyk Matejko