Darknet markets generate millions in revenue selling stolen personal data

Cartels reportedly used USDT to fund operations, sometimes profiting from price gaps across different crypto markets. The ongoing move toward decentralized platforms suggests the crypto drug ecosystem will remain fluid, creating new enforcement challenges. Last month, blockchain analytics firm Chainalysis uncovered direct financial ties between Mexican drug cartels and Chinese suppliers of fentanyl precursors through crypto transactions. While the SSL certificate and clean Google Safe Browsing status are positive, the connection to a darknet market (even as a gateway) inherently increases risk. Gateways to such markets are often targets for phishing or may distribute inaccurate information.

North Korea Hacks Crypto: More Targets, Lower Gains

The combination of Tor integration and user-centric design has set a new standard for secure online trade, ensuring that these platforms remain at the forefront of the digital economy. The evolution of darknet markets has been significantly influenced by the seamless integration of Tor networks and the development of user-friendly interfaces. These advancements have not only enhanced accessibility but also improved the overall user experience, making secure online trade more efficient and reliable.

Data Exploitation

The popular Silk Road was the first dark web marketplace that you could only access via the Tor Browser. Administrators and sellers on dark web marketplaces had a better 2023 than the previous year, pulling in an estimated $1.7bn in cryptocurrency-based revenues, according to new Chainalysis data. ASAP Market offers 25,000+ listings and $4 million monthly across BTC, XMR, LTC, and USDT, with a 7% share. Its 14,000+ users and 1,000+ vendors leverage multi-crypto flexibility for seamless darknet trading. Drughub Market specializes in pharmaceuticals, offering 15,000+ listings and $2 million monthly via BTC. With 8,000+ users and 600+ vendors, it commands a 10% share of darknet drug trades—a rising star since 2023.

The 10 Biggest Dark Web Markets in 2025 – Updated List & Security Insights

This shift will likely drive forum operators to introduce features like automated escrow services and enhanced anonymity to attract users. Facebook’s onion mirror allows people to access it in countries that block the platform, allowing people to connect across digital borders. That said, the social network’s data collection and tracking practices may seem at odds with many of the principles motivating dark web users. Concerns about how Meta treats user data have led many people to delete their Facebook profiles or at least limit their social media presence.

What are Darknet Markets? Complete Guide

Darknet marketplaces may look like regular online stores, but using or even browsing them comes with serious risks. From identity theft to law enforcement surveillance, the dangers are real — and often underestimated. As law enforcement agencies’ tactics improve, some markets respond by introducing more security features, like mandatory encryption or invite-only access. But no matter how polished or professional these sites seem, the risk of getting scammed — or tracked — is always high.

Subscribe to our blog for more news and updates!

One such sophisticated darknet market, Hydra, offered all that and more,” Chainalysis explained. Vice City Market runs 18,000+ listings and $2.5 million monthly trades on BTC and XMR, with a 5% share. Its 9,000+ users and 700+ vendors focus on drug trades with strong escrow security.

Criteria for Choosing the Best Dark-Web Marketplaces

Watch our cyber team share their key insights from their investigations into the biggest dark web trends in 2022. Predictive threat intelligence can help you stay ahead of emerging threats by forecasting what’s yet to come. In repressive regimes, darknets play a vital role in enabling free speech and access to uncensored information. Tools like Tor are used to bypass government-imposed firewalls and surveillance, ensuring open communication. The significance here is the preservation of civil liberties and the right to information. Businesses operating in such regions may need to adapt to the technical challenges and risks posed by using darknets for legitimate purposes.

Open-Source Intelligence

From 2013 until 2015, the multiseller network grows in terms of connectivity, showing an increasing number of edges spread across different markets. During 2016 and 2017, the edges are polarized by AlphaBay, the dominant market (see Fig. 3). Then, between 2017 and 2018, there is a drastic structural change in the multiseller network structure due to operation Bayonet, after which the connections almost vanished. This change persists until the end of the observed period of the data set (also see Supplementary Information S4).

ChatGPT Down? Anonymous Sudan Claims Responsibility for DDoS Attacks

This is a strong indicator that Google does not currently see the website as malicious. It uses ring signatures and stealth addresses to obscure transaction details. We’re back with another video in our Webz Insider video series on everything web data. Learn how to automate financial risk reports using AI and news data with this guide for product managers, featuring tools from Webz.io and OpenAI.

• Trackers note that, like several modern markets, Catharsis claims to prohibit highly harmful or reputationally damaging categories (e.g., explicit abuse material, certain forms of violence-related content).
• Specializing in the sale of Personally Identifiable Information (PII), CVV, RDP, Stealer Logs, and various fraud-related items, the Russian Market has carved out a niche for itself since its inception in February 2019.
• Further market diversification occurred in 2015, as did further developments around escrow and decentralization.
• Therefore, for security reasons, disable JavaScript on the Tor browser and enjoy an anonymous browsing experience on the dark net.
• As regulatory scrutiny and law enforcement pressure continue to mount, the rise of decentralized platforms reflects a broader trend towards more secure and private transaction methods on the dark web.
• A Canadian market established in 2021, WTN offers over 9,000 products, including narcotics, fake goods, and digital services.

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

From drug sales and breached data to scam services and malware, dark web markets are some of the most dangerous corners of the internet. These markets mimic traditional e-commerce websites, but instead of second-hand books or vintage jackets, they traffic in illegal goods and criminal services. Another key aspect of this evolution is the rise of darknet market lists, which serve as directories for users to identify reliable platforms.

Regulatory scrutiny has led major exchanges to delist privacy-focused cryptocurrencies like Monero, pushing users towards decentralized platforms for transactions. Additionally, the growing popularity of decentralized finance (DeFi) may provide new avenues for laundering money through darknet platforms. The increasing sophistication of darknet transactions, facilitated by cryptocurrencies, is likely to further entrench these markets in the digital underworld. Monero has emerged as a preferred cryptocurrency in many dark web marketplaces due to its robust privacy features. Unlike Bitcoin, which is traceable, Monero uses stealth addresses and ring signatures to obscure transaction details, offering enhanced anonymity for users.

Stolen Data and Identity Theft

If the address is in one of the cybercrime datasets, the person will receive an email that includes personalized instructions on how to clean up their computer and make it safe again. In the first 24 hours of launching Check your hack, two million people took advantage of the service. So far, five million people have used the tool, and over 13,000 victims have been notified that their computer was infected, and received instructions to help them make their device safe again.

Monero (XMR)

• UAPS, shown in the chart above, is one such example of a payment processor that many fraud shops, including the OFAC-designated Genesis Market, used in 2023.
• All content in this repository is published solely for educational use and is intended to promote ethical research and knowledge.
• This guide outlines different ways of safely accessing dark web stores and the list of reliable dark web marketplaces you can consider visiting today for research and monitoring purposes.
• Some believe STYX is the OG darknet market when it comes to financial crimes.
• This is likely due to the fact that cryptocurrency prices have been largely stagnating in H and H1 2023, which resulted in less interest shown by the mainstream population.
• Additionally, the development of user-friendly interfaces has made these platforms more accessible, attracting a broader audience.
• No dark web marketplace is safe to use because they involve illegal activity, financial risk, and potential legal consequences.

These white, synthetic stimulant powders that mimic cocaine and MDMA are highly prevalent in Russia, eastern Europe and the Balkans because they’re cheap and easy to manufacture locally. According to Dark.fail, recently, the darknet marketplace’s head moderator “Se7en” sharply criticized the phishers, LE cooperators, and doxxers of the community, and this event could be a consequence of that. Abacus Market operated as a central deposit wallet, multisignature darknet marketplace supporting both Bitcoin and Monero cryptocurrencies. Even though DuckDuckGo is the Tor browser’s default search engine, it doesn’t index dark web websites, which means you won’t be able to find .onion sites with it. Riseup is a volunteer-run collective that offers secure chat and email services primarily used by progressive activists and social justice communities.

However, trading behaviour in DWM closely resembles what is observed on regulated online platforms despite their significant differences in operational and legal nature14. Nevertheless, due to their unregulated nature, DWMs exhibit behaviours not observed in regulated marketplaces. They offer anonymity to their users by using and developing specialized tools. DWMs are accessed through darknet browsers supporting the onion routing protocol (e.g., Tor), which provides anonymous communication connections35. Additionally, transactions are made with cryptocurrencies, mostly Bitcoin, which also provide anonymity to the transaction parties6,36.

Exploitation of Anonymity for Harm

Many operators have since moved to accepting only Monero (XMR),” Chainalysis added. In terms of vendor behavior, the change is largely dominated by wholesale vendors. Meanwhile, retail vendors, who operate on a smaller scale, are holding more of their illicit earnings in personal wallets, delaying conversion to fiat to avoid detection.

Therefore, the S2S network appears to be more resilient than the multiseller network but less than the multibuyer network. The same pattern is observed in the whole S2S network (see Supplementary Information Section S5). Some, such as Julia Finess, have become popular and also made a name for themselves on TikTok. “They show an affluent lifestyle with expensive apartments, luxury brands, but with a touch of illicit intrigue.” Many of Telegram’s Russian drug bloggers are most likely sponsored by new darknet drug shops. They often wear clothes with shop logos and publish price lists and post links. It’s not established yet how the drugs were brought to occupied Ukraine but the dealing network likely has some connection with Russian soldiers or non-combat staff.

The dangers of darknet marketplaces

On average, the marketplace consists of more than 11,000 items and 1000 vendors. Besides this, it supports wallet-less transactions and accepts payments through Bitcoin, Litecoin, Monero, and Zcash. However, you must wait some time to reassess this marketplace because it’s been shut down. It issued a press release revealing that, from December 2021, the website will no longer be functional. The website allows visitors to view all the goods and services on display before they buy something.

But while anonymous email services can help protect your identity, they don’t make you immune to threats like email spoofing or social engineering. And it’s still essential to use strong passwords and two-factor authentication (2FA) to help keep your account secure. ProPublica is one of the safer Tor sites to visit, because it doesn’t link to illegal content or activities. Instead, it focuses on publishing stories and holding powerful institutions accountable. Other major news sources blocked in some countries, like the BBC, also have dark web versions.

Amid the cyber warfare between those vying to succeed Hydra, Russia’s drug trade, most of it orchestrated via darknet marketplaces continues almost in plain sight. The Hidden Wiki is a longstanding directory of dark web sites that offers a way to browse onion services. It’s been around for many years and helps users navigate the dark web by curating links to various resources. Note that Hidden Wiki links sometimes lead to unsafe content, so be wary about what you click.

Marketplaces that maintain strict moderation policies—banning excessively harmful or exploitative products—also gain popularity among more ethically minded users. An intuitive, user-friendly interface is crucial, especially given the complex nature of dark-web interactions. Users favor marketplaces with straightforward navigation, efficient search functions, and clear product categorizations.

Our research details a thriving underground economy and illicit supply chain enabled by darknet markets. As long as data is routinely stolen, there are likely to be marketplaces for the stolen information. In total, there were 2,158 vendors who advertised at least one of the 96,672 product listings across the 30 marketplaces. On average, marketplaces had 109 unique vendor aliases and 3,222 product listings related to stolen data products. Marketplaces recorded 632,207 sales across these markets, which generated $140,337,999 in total revenue. On average, marketplaces had 26,342 sales and generated $5,847,417 in revenue.

In some countries, like Russia or China, dark web access itself may be blocked or penalized. The CIA’s onion site allows users to securely report threats or suspicious activity, especially in regions where online surveillance is common. Its presence on the dark web also supports intelligence gathering and helps track cybercriminal activity. Onion sites, or dark web websites, are sites on the dark web that can typically only be accessed using special software like the Tor browser. These sites use “.onion” domains, which are made up of random letters and numbers up to 56 characters long. Dark web websites won’t show up on Google, but they are indexed by dark web search engines such as Torch.

Some believe STYX is the OG darknet market when it comes to financial crimes. It trades in hacked bank accounts, stolen credit card information, and other services that facilitate cryptocurrency laundering. The stolen data can be just anything from full names, credit card details, passwords to social media accounts, bank account information, and social security details, among others.

• The hidden part of the internet is the larger portion that features over 95% of the entire internet.
• DOJ cases confirm that criminals often purchase stolen card data from darknet shops such as Brian’s Club and then re-encode it onto physical cards for fraudulent transactions.
• Its 10,000+ users and 800+ vendors rely on 2FA and escrow security for private cryptocurrency trading.
• As the world navigated an evolving cybersecurity landscape in 2024, trends in malware, ransomware, and dark web activities highlighted the increasing sophistication of cybercriminal tactics.
• When your data is found on the dark web, it means that you’ve been compromised.
• The findings by TRM Labs align with other investigations into the intersection of cryptocurrency and the drug trade.
• By following these suggestions, you can deter unwanted intruders from accessing your accounts at home or work.

Therefore, for security reasons, disable JavaScript on the Tor browser and enjoy an anonymous browsing experience on the dark net. The website has a sleek design and interactive user interface, making it the most preferred choice in terms of user experience. You can pay through Monera and Bitcoin using the escrow system or the traditional market account after making a purchase on this shop. The ASAP is a moderate design marketplace on the dark web that offers helpful tools like mandatory PGP encryption and two-factor authentication for a safe browsing experience. Like other marketplaces, ASAP Market also requires you to register for an account. But since its relaunch, the developers are focusing more on operational security and ensuring that users can have a good experience on this site.

Its emphasis on user anonymity and document forgery makes it a core tool for identity fraud. Founded in 2014, BriansClub remains one of the oldest and most infamous dark web markets for stolen credit cards, fullz (complete identity kits), and dumps. It’s another dark net marketplace that grabbed a lot of attention was the Hydra market. It accepted payments through Bitcoin and the Escrow system and ensured that users’ identities remain anonymous during their purchases. DarkFox Market is the largest dark web shop selling various products and attracting more vendors and users.

The most important thing is to ensure that you never click on links that you’re not sure of their source. Also, it should be common knowledge not to share personal information online. Also, set up two-factor authentication (2FA) to add an extra layer of protection in case someone manages to figure out your password.

However, in April 2022, this site went offline after American and German federal government law enforcement agencies seized the website servers. It’s recommended not to use new alternative links, as they could just be planned exit scams. The vendors aren’t required to register or apply for a vendor account while using this platform. It ensures the buyer’s identity is kept hidden and accepts payments through cryptocurrencies, including Bitcoin, Litecoin, Ethereum, and Monero. Background research tasks included learning from past drug lords, researching legal matters, studying law enforcement agency tactics and obtaining legal representation. Patterns recommended to avoid include hiring hitmen like Dread Pirate Roberts, and sharing handles for software questions on sites like Stack Exchange.

With a growing user base and expanding inventory, Vortex is positioning itself as an “all-in-one” darknet marketplace. It blends illegal trade with features like gambling, all while maintaining a clear and accessible structure. Its intuitive interface and advanced search features make it easy to find local and global products. The marketplace extensively vets vendors listed within its deep web environment that offer a wide range of product portfolios, including security solutions, digital services, and specialized equipment.

In addition to that activity, markets like these host vendors that advertise their own cashout or swapping services, resulting in tens of millions of dollars in laundered funds. Tor2door Market manages 25,000+ listings and $4.5 million monthly trades via BTC and XMR, with a 7% share. Its 13,000+ users and 1,100+ vendors prioritize speed and escrow security in darknet trading.

This ongoing cat-and-mouse game poses a significant technical challenge in combating the activities within darknets. Dark markets include features similar to those found in legitimate e-commerce platforms, such as product listings, user reviews, ratings, and customer support. These features help create a sense of ‘trust’ among users, even in the criminal ecosystem. To access darknets, darknet markets active users typically need to download and configure the Tor Browser; a modified version of Mozilla Firefox that routes all traffic through the Tor network. This browser enables access to websites with .onion domain extensions, which are specific to the Tor network. These addresses cannot be resolved by conventional DNS servers, contributing to the hidden nature of darknets.