DOJ Claims Responsibility for Shutting Down Cryptomarkets AlphaBay and Hansa

"This ranks as one of the most successful coordinated takedowns against cybercrime in recent years," says Europol's Rob Wainwright.


Attorney General Jeff Sessions announced this morning that the Justice Department, in coordination with law enforcement agencies around the globe, was responsible for shutting down the cryptomarket AlphaBay on July 4 as part of Operation Bayonet. The Hansa Market, meanwhile, was secretly taken over by the National Police of the Netherlands on June 20.

The Justice Department claimed today AlphaBay, started in 2014, contained "250,000 listings for illegal drugs and toxic chemicals…and over 100,000 listings for stolen and fraudulent identification documents and access devices."

By comparison, Silk Road, the market it replaced after the arrest of its creator, Ross Ulbricht, in 2013 hosted 14,000 listings for illicit products and services at the time it was taken down.

AlphaBay, Hansa, and Dream, the last of which is presumably still in operation, comprised the three largest drug markets on the dark web.

Sessions also confirmed that 25-year-old Canadian national Alexandre Cazes, who committed suicide in a Thai jail on July 12, was the site's suspected creator and administrator. An unsealed indictment for Cazes, filed June 1 in the Eastern District of California, refers to anonymous Alphabay vendors in Fresno and Merced, as well as two redacted California counties.

Like all cryptomarkets reachable on the Tor browser, AlphaBay used PGP encryption to protect messages between users, and a process called "tumbling" to disguise ownership of various cryptocurrencies. So how did the Justice Department crack AlphaBay?

The Cazes indictments lists 11 transactions in which undercover agents purchased marijuana, heroin, fentanyl, methamphetamine, fake driver licenses, and an ATM skimming machine from vendors on AlphaBay. The Justice Department press release, meanwhile, names alleged vendors in South Carolina and Florida who sold synthetic opioids to buyers who then overdosed and died on the drugs.

But the biggest breakthrough in the case, notes Motherboard's Joseph Cox, is that Cazes included his personal Hotmail address in the header of the welcome email new users received:

||| Justice Department
Justice Department

AlphaBay redditors had pieced together some kind of federal involvement as of last week. But what no one knew is Hansa, one of two major cryptomarkets users fled to after AlphaBay went down on July 4, has been secretly under the control of the Dutch government since June.

According to a statement that now greets visitors of Hansa, Dutch law enforcement "modified the source code…to capture passwords, PGP-encrypted order information, IP-addresses, Bitcoins, and other relevant information that may help law enforcement worldwide to identify users of this marketplace."

While the dark web is arguably the safest venue for users to purchase illegal drugs, as of this year only eight percent of global drug users had purchased substances on a cryptomarket. I'm curious to see whether today's news increases drug prices or has a chilling effect on the remaining cryptomarkets.