WSM Destruction: How is the world's second largest dark market market collapsed?
Dark net black is also very cattle, there is an organization dedicated to the Internet to the dark network access agent entrance, word of mouth to do it, slowly accumulate user traffic, and then casually engage in hijacking, stealing user cryptocurrency. Then, let's take a dark web service navigation, and there is also a cryptocurrency currency. If you don't have the privacy and security skills, don't just go to the dark net…——Slow fog technology cosine
On May 3, local time, law enforcement agencies across multiple countries announced in Germany that they successfully closed the world's second largest dark market: The Wall Street Marketplace (WSM), and captured three managers ( It is also the founder) and a number of suspects. According to a report released by Europol, law enforcement agencies have seized more than $600,000 in cash, up to six-digit bitcoins and Monroe, and a large amount of other illegal items.
Illegal items seized by police when arresting WSM-related personnel | Source: New York Times
The arrest lasted about one and a half years, bringing together the power of law enforcement agencies in Germany, the Netherlands, the United States, Romania and other countries, although the relevant departments claimed that this may be the most difficult enforcement action against cybercrime so far, but from each According to the information exposed by the party, the fall of WSM is quite similar to that of its predecessors – history is always rhyming.
01 Dark Net and WSM Brief History
To understand how WSM fell, let us look at the history of the past dark market.
The pioneer of the dark-net market is naturally the famous "Silk Road". After it was shut down by the FBI in September 2013, the traffic of a dark-net market called "Reloaded" grew rapidly. Because the former user needs a new platform to meet their trading needs. However, two months later, the platform was forced to choose to go offline because of the unbearable traffic explosion.
Another dark-net market, called the Sheep Market, was launched in March 2013, and the collapse of Silk Road also made it a good source of revenue. However, the good times did not last long. In December of the same year, two Florida hackers stole the Bitcoin worth $6 million from the site’s users, causing the police to pay attention and the site stopped running.
The experience of the dark net market in these two "silk roads" era has been followed by the development of similar markets, and two dark lines have been laid:
One platform will get a lot of traffic because of the collapse of another platform, but it may cause the website to be unloaded;
The other line is: the platform may be devastated by hacker theft and then go offline; or, if the platform realizes that it is being targeted by the police, it will generate an “Exit Scam”.
The development of the platform in the post-Silk era is basically in line with the above dark lines.
2015 was a watershed for the dark-net market. In March of that year, a dark market called “Evolution” conducted a large-scale “Exit Scam”, stealing the value of users and merchants. After 12 million US dollars of bitcoin (this value is equivalent to half of the entire dark network market at that time), it will be shut down directly.
Then the leader in the market is: Black Bank and Agora, but the former was suspended in the name of “maintenance” in May of the same year. (but the exact amount is unknown).
The successive platform running events and the pressure of public opinion from users and merchants have forced each platform to adjust its own hosting mode and operating mode.
It is in this context that WSM was born in 2016. At the beginning of the line, it tried to introduce some new mechanisms: support Monera to enhance the privacy of transactions; on-line Multisig's bitcoin hosting mode, Coexisting with the traditional platform hosting model, reducing the risk of customers and merchants being escaping from the platform; it also set up an “in-depth FAQ” section to help customers understand their platform; in addition, it still Dread (the dark market forum), Reddit invited the commissioner to deal with the problem for customers and merchants, and maintain the public relations between the platform and the outside world.
A series of novel measures have attracted a large number of loyal fans who have migrated from other platforms. From the report released by Europol, it has seen more than 5,400 registered merchants and more than 63,000 illegal goods (including but not limited to drugs, controlled weapons, counterfeit banknotes, malware, etc.). It also has more than 1.15 million registered customers.
Andy Kraag, director of the National Criminal Investigation Department of the Netherlands, pointed out that it is difficult for law enforcement to assess the overall transaction volume of WSM, but only the drug dealers on the WSM in the Netherlands have a transaction volume of 100 million euros. The scale of the giant.
02 Cheng also Xiao He, defeat also Xiao He
However, WSM's measures have not blessed it for a long time – after all, the black swan is the normal state of the world: in April this year, WSM's peers, and the largest dark-net market, Dream announced that it will actively shut down and let users Migrate to other platforms.
WSM, which has a reputation in the industry, has naturally become the best choice for everyone. The massive influx of users has greatly increased the load on the website, and WSM has been forced to enter the “maintenance state”.
WSM Operations Specialist at Dread indicates that the site is working to upgrade its hardware and software | Source: darkwebnews
At the same time, the site’s pool of funds was different: a large number of users and merchants’ Bitcoin were locked out and they could not transfer them to their accounts. Dread's founder, administrator, Hugbnter, also prompted WSM or the risk of running in the relevant section of Dread.
Based on the sources of the parties, the bitcoin that was locked at that time was about $14 million – $30 million, and if the WSM was successful, they could take at least $11 million in cash.
The short-term change of large sums of funds caught the attention of law enforcement agencies. The German police said afterwards: "When we saw WSM withdrawing funds, we immediately started the action."
And the commissioner Med31ln, who helped WSM operate Dread and Reddit, gave the law enforcement department a god assist:
Perhaps it is the perception that the platform is about to run. The WSM commissioner has begun to extort customers and merchants. He asks the latter to pay him 0.05 bitcoin. Otherwise, he will pass the relevant personnel's information directly to the law enforcement department and let them Being trapped.
It may be that the amount of extortion did not reach the expectations of the commissioner. He broke the mentality of breaking the can and directly exposed the relevant information of his own login to the WSM backstage on the Internet, in order to make the third party see all the way in this way. The user and the merchant's information made the latter feel a greater threat and then transferred him 0.05 bitcoin.
However, while it may satisfy his lust, it also exposes the real IP of WSM, which obviously increases the possibility of police solving the case.
From the collapse of other platforms, the WSM, the direct cause of destroying it, is not like a deja vu.
The WSM process is roughly the same as above, but there is still a question that remains unresolved: How does the law enforcement department determine the criminal's wallet address?
03 lost a thousand cents
The flaw was revealed by Frost, one of the founders of WSM.
The first is that law enforcement has tested and found a VPN that might be used by WSM. Coincidentally, the VPN stopped working for some reason, but the criminal team still visited the WSM website (no VPN, the user's data is equivalent to losing the protection color), which makes the law enforcement department smoothly obtain some information of Frost (including its Specific location and possible name).
Then, the law enforcement department turned to the analysis of Frost's wallet address, and after removing its layered "protection layer," the law enforcement found a suspected WSM management address and an anonymous address for trading on the Hansa Market. Consistent.
Then, the law enforcement agency transferred the address on Lufthansa to an unnamed bitcoin transaction service provider and found that the name of the controller behind it was “Martin Frost” and the relevant email address, which was accidentally closed with the law enforcement department. The information found after the stop was the same, and Frost was locked. The law enforcement department used a similar approach to find two other WSM administrators.
Law enforcement will reverse the trading history of Bitcoin | Source: sciencemag
It should be noted that although the failure of the VPN provides important clues for law enforcement, the success of the final case has a lot to do with the “disassembly” of the Bitcoin address. The United Post Office (The United) is responsible for this work. States Postal Inspection Service). When the Silk Road was shut down, the relevant bitcoin was also reversed by the law enforcement agencies, and the FBI was responsible for this work.
It is not difficult to predict that in the case of WSM being shut down, the means used by law enforcement agencies will be used in the next similar arrest, and in the expected time, there will be many re-going predecessors according to the dark network platform. old road.
The end of WSM is obviously not the end of the dark network, nor the end of the struggle between law enforcement and the dark network platform. The former will learn from the lessons of the WSM fall, may establish a more secure VPN, use more complicated hand short to hide the trace of cryptocurrency, and even create a new anonymous cryptocurrency;
The law enforcement agencies will rely on the vast amount of information obtained in the WSM case to trace the source and find more suspects, as well as consumers and merchants engaged in related transactions.
The binding of cryptocurrency to the dark-net market is the pollution and entanglement of humanity's evil thoughts on technology. When can I break this link, maybe time will give an answer.
Editor: Jiang Xiaoyu