As World's Largest Dark Web Market Vanishes, Dodgy Links Promise a Way Back In
When a dark web market goes down, and panicked users are desperately trying to get their coins back, scammers are going to cash in.
The dark web, as is traditional every few months, is in a state of panic.
On Wednesday, AlphaBay, the largest market on the dark web disappeared. Since AlphaBay is wholly inaccessible, customers and vendors are locked out of their accounts, and, perhaps more importantly, cut off from any bitcoins they stored on the site. In order to purchase items on AlphaBay, users need to send bitcoins to the site's own wallets.
Now, some people are posting very dodgy-looking links, promising that affected users can get their precious coins back. In many previous cases, scammers have created phishing pages to steal victims' passwords. These typically allow hackers to break into a target's account on another marketplace if they used the same password.
"ab [AlphaBay] is up and running managed to save some of my coins but only one link," a Reddit user called lolitwors posted on the AlphaBay subreddit on Thursday. This subreddit is regularly used as a sort of meeting place for users of AlphaBay, where customers can publish reviews of a vendor's products, or drug dealers can announce new products.
Lolitwors then provided a link to a dark web site, pwoaa7qlef7don7r.onion, and wrote, "works fine stupid captcha doesnt work."
That is not a genuine link to AlphaBay, though. On the AlphaBay subreddit, moderators, which in the past have included staff members of the market, post a selection of legitimate links, and they don't include lolitwors'. When Motherboard entered in a fabricated username and password, the site tried to redirect to a legitimate AlphaBay URL. But with the real site being down, that obviously did not work—clearly lolitwors' link can't access AlphaBay, as he claims. Lolitwors is right that the CAPTCHA doesn't display, but that's a red flag—AlphaBay's homepage requires a user to complete a CAPTCHA to successfully login. And finally, Googling the specific .onion URL returns several reports that the site is fake.
Although it's hard to be certain, presumably lolitwors could use the page like a phishing site for Gmail or Facebook. Plenty of people run these sorts of scams, from recreating entire dark web search engines full of fake links to tricking targets to open malicious websites that automatically try and grab bitcoins.
Lolitwors, who only created their account a few hours ago, has posted several other links to the site, all trying to encourage people to click.
"The forum is back and one alt link is working but got some SQL error but you can still access your wallet," one post reads. "10% on EVERYTHING for the next 24 HOURS," another reads. Lolitwors did not immediately respond to a request for comment.
However, other AlphaBay users have been quick to notice that lolitwors is likely a scammer.
"You are real piece of shit bro posting phishing links during a time like this, scammers are the worst kind of scum," one user of the AlphaBay subreddit wrote.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.