March 11, 2024

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

An extortion message currently on the Incognito Market homepage.

In the past 24 hours, the homepage for the Incognito Market was updated to include a blackmail message from its owners, saying they will soon release purchase records of vendors who refuse to pay to keep the records confidential.

“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users. “We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.”

Incognito Market says it plans to publish the entire dump of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May.

“Whether or not you and your customers’ info is on that list is totally up to you,” the Incognito administrators advised. “And yes, this is an extortion!!!!”

The extortion message includes a “Payment Status” page that lists the darknet market’s top vendors by their handles, saying at the top that “you can see which vendors care about their customers below.” The names in green supposedly correspond to users who have already opted to pay.

The “Payment Status” page set up by the Incognito Market extortionists.

We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers’ info is on that list is totally up to you. And yes, this is an extortion!!!!

Incognito Market said it plans to open up a “whitelist portal” for buyers to remove their transaction records “in a few weeks.”

The mass-extortion of Incognito Market users comes just days after a large number of users reported they were no longer able to withdraw funds from their buyer or seller accounts. The cryptocurrency-focused publication Cointelegraph.com reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits.

CoinTelegraph notes that Incognito Market administrators initially lied about the situation, and blamed users’ difficulties in withdrawing funds on recent changes to Incognito’s withdrawal systems.

Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers. Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.

New Incognito Market users are treated to an ad for $450 worth of heroin.

The double whammy now hitting Incognito Market users is somewhat akin to the double extortion techniques employed by many modern ransomware groups, wherein victim organizations are hacked, relieved of sensitive information and then presented with two separate ransom demands: One in exchange for a digital key needed to unlock infected systems, and another to secure a promise that any stolen data will not be published or sold, and will be destroyed.

Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace. Level 1 vendors can supposedly have their information removed by paying a $100 fee. However, larger “Level 5” vendors are asked to cough up $20,000 payments.

The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators, said Brett Johnson, a convicted and reformed cybercriminal who built the organized cybercrime community Shadowcrew many years ago.

“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said. “The Truth of Darknet Markets? ALL of them are Exit Scams. The only question is whether law enforcement can shut down the market and arrest its operators before the exit scam takes place.”


66 thoughts on “Incognito Darknet Market Mass-Extorts Buyers, Sellers

  1. Roger A. Grimes

    These exit scammers are putting a price on their heads for the rest of their lives by doing this, I’m guessing. Trading money which they will surely blow in a short time for their lives is an interesting solution.

      1. John Douglas

        Y all dope users and addicts deserve what u get. Why dont continue investing in canninas stocks like the dumb asses you are. Always so cool and think you’re finding a way that makes u dopier than the next dummy. I would say good luck but that would be a lie. Pay up losers.. haha you get what u deserve

        1. anonymous

          Dude, you sound pathetic, insulting people for their vices and misfortunes. You must be a saint. Pray you don’t suffer in life for anything you do that others don’t agree with. Remember, laugh now…cry later.

        2. John Doofus

          Who hurt you grandpa? Why are you so mad at people that are mostly just trying to get medicine that they can’t get through ‘legal’ means.

          You need some serious help bro. Yikes.

    1. Jerry Horton

      Guess there is always a career in door-to-door sales or telemarketing after these grifters leave the Dark Web. Those are marginally safer…

    2. Nunya

      They aren’t even going to be able to cash this out. Evolution exit scammed many many years ago, and still had a ton of wallets with 500 BTC in them that never have, and likely never will move. Even markets that didn’t scam (like agora) still have thousands of coins laying around, that they will never get to.

      1. Dino

        Pardon my ignorance but why would they be unable to cash out? What happened after Evolution?

        1. Fish

          It’s hard to cash out that much crypto into real-world currency without getting put on a dozen different watchlists, I’d imagine. It’s not like they can just go to the bank and say “I want to cash out a few billion dollars worth of crypto”. Also, there’s only so much stuff you can buy with pure crypto, so they can’t really cash out via goods and services, either.

          They’ll at least be living comfortably off of the small cashouts they make here and there (until the value of crypto tanks again), but they aren’t going to become filthy rich.

          1. Anonymous

            Not hard – you just swap the Btc into monero through Localmonero.co and once you have the monero you can send it to a private wallet first then to an exchange, impossible to track.

            1. anonymous

              “just”
              How much liquidity does any one swap have?
              You have to remember, for a swap to exist at all, someone has to be willing to make that trade. This isn’t magic money, every faceless exchange site, no matter how big, has someone’s intents behind every possibility on it.
              How long would it take to move 500 BTC from one wallet through localmonero.co, and how many people would you have to trust with that wallet, or pieces of it? It’s a monumental task. You say it’s “not hard” because you haven’t tried it, or really even thought about it for longer than it took you to write that comment.

        2. Fr00tL00ps

          Older crypto coin blockchains, such as Bitcoin are traceable, therefore the wallets containing their funds are constantly being tracked. The wallets true ownership is unknown, but the exit scammers know that divesting those funds will have a high chance of them getting caught, so the wallets remain untouched.

          The administrators froze the users escrow accounts, shutdown the site and disappeared with the funds.
          https://en.wikipedia.org/wiki/Evolution_(marketplace)

      2. Darknet Lord

        Why do you think they can’t cash out Bud? are you delirious

  2. Peet

    Who would have thought that you wouldn’t be able to trust criminals? I’m shocked, shocked, to find that there is no honor among thieves.

    The next question is whether you can trust the people behind these darknet markets to actually delete your information after you pay. Why shouldn’t they hang onto it and just demand another payment at some point?

    Another thing I wonder is how dangerous their customers are. If you extort the wrong people and they can find out who you are, you might find yourself underwater wearing cement overshoes.

  3. Paul

    Your LinkedIn link does not work unless you are logged in as Brian Krebs. Please update it as it leaks your email address.

  4. David

    What data is it that they could actually dump in this scenario? Aren’t all transactions done using PGP encryption? Therefore, only the vendors would have access to the personal data of where anybody had sent packages. I’m confused about their actually threatening to expose.?

    1. Bill Castle

      They are hosting a marketplace. Like any other host, the encryption makes sure the traffic to the host is encrypted. Once it’s in there, they can do with it what they will.

      Think about that the next time Facebook asks you to dump your contacts list to them so they can see if your friends are on FB, and the next time your friends do that to you and expose whatever private data they have on you.

      1. Maffiu

        That’s not quite true. Sellers and buyers use personal PGP encryption to communicate with each other, unless they’re stupid, and the site has no way of decrypting that. Considering they took a 5% cut of every transaction, this exit scam seems pretty stupid and far less profitable in the long-run.

      2. Stupidasspeople

        Negative. ENCRYPTION CAN ONLY BE UNENCRYPTED BY THE USER WITH THE KEY TO OPEN IT

    2. kat

      yes but incognito had an option to auto encrypt messages when sending them privately. many people chose to use this option without using PGP key pairs and many vendors still choose to interact with these individuals.

    3. Tommy Tallarico

      incognito has a “auto encrypt” system. if a customer sends their shipping information to a vendor encrypting the message themselves, the idea is the market would automatically encrypt it with the vendor’s pgp key. incognito says they were instead storing the messages in plain text.

      something similar happened with hansa market. feds compromised the market, then compromised the pgp auto encrypt system, photo metadata-stripping functionality etc to get as much data on users as possible.
      incognito basically did the same thing, but is now threatening vendors and customers with this information.

      assuming theyre telling the truth and a ton of people were relying on the market to protect them, the potential leak would impact those people.

    4. Frenchman

      The recipient’s address is encrypted only if the recipient (the buyer) encrypts the address themselves, using the vendor’s public key. But many buyers do not bother and rely on the site to automatically encrypt their address, which is usually an option. This option, however, was apparently never enabled, and the admins of the site were able to capture the names and addresses of the buyers. Makes sense?

    5. Charlie Tuna

      That’s what they’re saying. Lots of people too lazy to use PGP so they have a stash of info.

    6. Dan

      On most darknet markets, users and sellers are encouraged to use GPG to encrypt their DMs between each other. This is so that the website itself doesn’t have access to shipping information. In the case of Incognito, they offered an “auto-encrypt DMs” option which… left the encryption to be handled serverside. The website was able to read all messages “encrypted” in this way.

      I’d assume that not everyone used this system, so there will be plenty of leaked messages that are still secure. However, a lot of people probably did opt for the “convenience” option… lol

    7. Jack

      The site had an “autoencrypt” function. People too lazy to set up their own PGP key and software could use that to send “encrypted” messages to sellers, like their address. They were skimming all that data and are going to release it. Only morons would use that function. Every high level person or really anybody that had been around for a while knew this would happen and didn’t use it. These people just put a very, very large price on their heads. I don’t see how this ends well for the people pulling this.

    8. Michael

      They had a self encrypting system where users wouldn’t have to encrypt their information and the website would do that but it seems that they kept the data that users would submit since users thought it would be safe to do a transaction without using PGP encryption

    9. Yo mama

      It says that a lot of people opted to use their “self-encryption option” instead of using pgp and good OPSEC.

    10. Justin

      They had an “auto encrypt” feature that was supposed to be a “just in case” backup, but I’m assuming many people were lazy and just sent clear unencrypted text, putting them in the situation they are now in.

  5. Dan

    Ehh, not every darknet market exit scams when it closes. Dream Market and Tor Market are examples of markets in recent years that shut down ethically with advance notice and allowed users to complete their transactions and withdraw their funds.

    That said, anyone who uses darknet markets and doesn’t manage their own encryption under the assumption that the market will eventually either exit scam or be taken over be law enforcement is very silly. Nothing about the Incognito situation should be a surprise to anyone.

  6. Catwhisperer

    If the drugs were just legalized for recreational use, there would be no place for businesses like Incognito Market. As long as there is demand, supply will attempt to fulfill it by whatever means necessary. The example of recreational marijuana in US states where it is legal is telling. There is still illegality and smuggling, but it is mostly focused on smuggling marijuana that would be legal in the state were it was grown to a state where MJ is still illegal.

    So why keep recreational drugs illegal? We’ve been through this cycle since at least the 60’s. The only thing I can rationalize is that the Judicial System is big business…

    1. It just don't work like 'at

      It’s actually pretty simple: some drugs are highly and physically addictive. These tend to lead people down a path that sees them spend all of their money on the drug while also, typically, losing their legal means of making the money required to procure it. These folks then need to find an alternate means of acquiring money to buy their drugs and they often resort to crime. That’s not going to change if heroin is legalized. The drugs don’t act differently in your body because of their legal status. People won’t behave differently if it’s legal, either. If it were legal, they’d still need (likely more) money to buy it. Simple, savvy?

      1. Anon

        If govmt legalize the heavy drugs like heroin, then they can collect taxes on them and use the money to fund anti-drug advertising (so prospective users at least know what they’re getting into) and rehab facilities for the users that want to rehab. Sounds better than leaving it all up to the criminals IMO.

      2. Dopey2Timez

        This kind of reductive argument for pro-criminalization is wholly intuitive, and subjective. People should be held accountable for choices and actions, themselves. There are plenty of indicators to suggest that the current War on Drugs has proved an ineffective deterrent in influencing the consumption of illicit narcotics. While failing to achieve it’s main purpose, it has also served to facilitate a massive financial incentive for violent, foreign cartel groups and opened the doors for far more dangerous substances to flood the market (see: Chinese Fentanyl).

      3. steven

        People only spend all of their money because of the high black market prices caused by high risk and little competition. Theres no reason why cocaine couldn’t be as cheap as essential oils if the market were opened up to educated, legitmate business people.

      4. Jay

        You do realise that the entire reason why they’re so expensive in the first place is BECAUSE THEY ARE ILLEGAL….? If they were legalised, the prices would hugely decrease because people are no longer risking their freedom/life when manufacturing/selling them….

    2. Yaseppochi

      There are people where “dope will destroy your soul” is a religious belief. There are people who just don’t believe in fun. Most of these drugs do impair judgment or reaction times when you’re driving, carrying a gun, or arguing with your spouse, and there’s valid reason to worry. And “think about the children!”
      I’m with you—I believe legalizing the drugs would be a net win. But there’s a lot of political support for the drug ban outside of the self-interest of the police unions.

      1. DEA Worker

        I implore you to look at street walking videos of cities where hard drugs are completely legalized. Look at Kensington Street in Philly or East Hastings in Vancouver. People who have nothing better to do but resort to mind-numbing addictive substances to cope with their life are in dire need of re-education.

  7. DelilahTheSober

    I’m just glad that I was born and raised in the world that existed before the internet and social media. Whatever a person does now online in this life can be revealed to the world. I vaguely recall as a teenager saying something loud and rude and stomping out of a bank branch in frustration because not a single person working behind the counter spoke English. As an educated grownup, I would never do or say such a thing today. But how would my life have turned out if that same event was recorded on video and shown to the world through social media?

    1. Phil

      I did the same thing over a frozen account, so im with you on this. I guess we got lucky!

    2. Johnny Donny Doe

      Meh… I grew up with the internet and all modern devices, I am so happy to have been born in this time! Every generation has it’s own challenges, and a lot of risks also means a lot of opportunities 😉

      Imagine having to ask someone or read dozens of books if you want to learn something… I can literally learn every topic 24/7 from wherever I want. If this is not something amazing I dont know what is. Just one of the many great things about growing up nowadays.

      Times always change. How people live life, always changes. Old people saying “when I was young, everything was better” is a tale as old as time. I guess in 40 years I will also think like that… but I hope not!

  8. Darfur

    What is so sad to me, is that Incognito Market had all the makings of a fair and honorable site.
    What a pitiful end – no doubts, heads will roll at some point.

    1. mealy

      “all the makings of a fair and honorable site.” Oh? Like what.

  9. Cytaro

    I think that buyers wouldn’t be so disturbed about exit scams, but extortion is next level. I believe that if this becomes a trend, dark markets will lose their reputation. Why would anyone use a market unless it forces you to use your own pgp encryption and monero? Criminals are so evil, it’s not enough for them to make millions off their customers, now they want more.

    1. Richard Z. Feinstien

      There are rumours already abt some ..organizations are keen on collecting lost income . With interest.

      But I guess we’ll never know unless they choose to make it an example.

  10. Mug

    And this is why you always manually encrypt your messages with PGP

  11. rsr

    “The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators”
    Because when they are seized the exit scam is made by the law enforcement keeping the money and rarely paying any of the victim when is the case.

    1. Frisco Melt

      Cartels use the dark web. They also use the heads of their enemies for soccer balls. True Story.

  12. Not myname

    Someone please tell me where I should go for the next good marketplace?

        1. Osbert

          I played with TAILS for a minute. Pretty neat really.

          1. mealy

            It’s super simple. It’s like the 80’s macintosh version of CYA linux.

  13. Jay

    I doubt anyone that buys is gonna be in the deep, they usually go for the dealers and the owners of this stuff instead of some guy that might have been a used name a few times for an order. They usually have good leads on the guys they’re trying to nail but some random dude from 2 years ago could take legal action if their doors are kicked in by steel toe boot Johnny America at 4 in the morning with no real evidence.

  14. Josh

    This is a smart way to extort drug dealers. I’m pretty sure they don’t want to be outed for selling narcotics.

  15. Ed

    If they sold to wealthy well connected darker individuals or criminal gangs and networks, they are certainly putting a price on their own heads by doing this. In the long run I don’t think this won’t end well for them

  16. Anonymous

    I believe that these two are part of a much larger operation in a structured fraud beginning with the financier of the Lockbit as well as, Alphv (Blackcat) Ransomware both were seized then unseized and, Incognito Market as well as, Darknet Live or whatever is just part of the fraud that people like Mr.Beast or Mr.Wilin are involved in.

  17. Mike Palmeter

    Every market ends with an exit scam and experienced users plan for it.

    Users who are paying attention always use VPN (in addition to TOR), route deposits and withdrawals through disposable single-use wallets and never send any message that isn’t 256-bit AKE. The weak point is trusting the vendors and their public keys.

    Vendors typically operate on multiple markets concurrently. Regular customers maintain relationships based on those public keys and the exit of any one market is usually not significant beyond the loss of transactions and banked funds that are caught in the exit event itself.

  18. RatsAreScum

    If these Administrators think that Chainanalysis wont be able to trace all the bribe money any of the vendors send, and I hope not one sends a penny, then they are the biggest morons to ever run a DNM.

    This might take awhile like all things do with the Feds but it is going to blow up spectacularly in the face of these mods and I cant wait

  19. RatsAreScum

    oh and ive been buying Xanax and Adderall for 9 year on the DNM using the auto PGP and im still free as a bird these guys are bluffing so hard its sad

  20. Rats

    oh and ive been buying Xanax and Adderall for 9 year on the DNM using the auto PGP and im still free as a bird these guys are bluffing so hard its sad

Comments are closed.