Home » Featured » A Globally Coordinated Operation Just Took Down Alphabay and Hansa
Click Here To Hide Tor

A Globally Coordinated Operation Just Took Down Alphabay and Hansa

On July 20, “after a globally coordinated operation” between law enforcement agencies worldwide, the United States Department of Justice announced the takedown of Alphabay and Hansa marketplace. Other countries involved in the takedown held their own press events, and one announcement in particular came with an unexpected twist. Dutch law enforcement, unaware to much of the world, took control of Hansa market since June 20. In almost a perfect honeypot operation, global law enforcement brought down two major marketplaces, caught the admin of Alphabay and owners of Hansa, and captured the addresses and identities of at least 10,000 Hansa customers.

In early July, Alphabay went down. Mass chaos ensued. Some called the outage a server update, some called it an exit scam, and some believed law enforcement captured the operators. Canadian law enforcement raided several locations on the same day—in search of “computer equipment.” They also spoke of an international operation wherein police in Thailand already captured a suspect. Days later, we discovered that a Canadian “computer programmer” ended his own life in a jail in Thailand. The connection to Alphabay, according to some members of the community, was obvious.

Screenshot_2017-07-20_17-57-49.png

That one Canadian suspect—Alexandre Cazes—was, in fact, linked directly to the downfall of Alphabay. According to the Department of Justice documentation, the late Alexandre Cazes was known as “admin” and “alpha02.” The/an owner of Alphabay. A surprising twist for some; Cazes’s skillset fit that of Alphabay’s “DeSnake,” not the elusive alpha02.

And according to the agency that had taken down the child abuse website “Playpen” with an illegal hacking tool, no such technique was needed in the Alphabay investigation. Instead, according to the Complaint, Cazes’s personal email was in the header of 2014 emails that welcomed new users to the darknet marketplace. The complaint explained that the email headers contained the owner’s email address, Pimp_Alex****@hotmail.com. From there, the connection between the Pimp Alex email address and Cazes was easily established with even simple OSINT gathering techniques.

Screenshot_2017-07-20_18-20-44.png

Prior to Cazes’s arrest, German authorities arrested the “managers” of Hansa market, a 30 year old and a 31 year old from North Rhine-Westphalia. Authorities held both men, allowing Hansa users to buy and sell as if business had not changed. Dutch law enforcement discovered that Hansa was hosted on servers in Lithuania. Officials seized the equipment and simultaneously switched the site to an “exact copy of the marketplace.” According to Motherboard, authorities received assistance from a private security company called BitDefender. Motherboard’s Joseph Cox wrote that Europol implied that the Dutch police used a hacking tool to access and effectively restructure parts of the Hansa marketplace.

Screenshot_2017-07-20_17-58-17.png

Dutch authorities monitored Hansa while the site still functioned as a darknet marketplace. They noted the high number of sales every day:

On average, 1,000 orders were made per day in response to some 40,000 advertisements. The market last year had 1765 different vendors. Since taking over the management of Hansa Market [investigators] counted more than 50,000 transactions, especially for soft and hard drugs.”

Additionally, they gathered identifiable information on buyers—or at least buyers who had forgotten to use PGP encryption for their name and address:

Police intercepted in recent weeks tens of thousands of unencrypted messages between sellers and buyers orders. With a large number of orders the delivery address could be traced. Some 10,000 foreign addresses of buyers Hansa Market are transferred to Europol.
More than 500 Dutch shipping addresses have been reported in post and courier companies in order to stop the deliveries
.”

Screenshot_2017-07-20_18-01-47.png

Then, come July 4, authorities took Alphabay offline. The go-to market, for many users, was Hansa market—especially with the implementation of multi-sig transactions that would hopefully prevent buyers and sellers from losing money to the marketplace in the event of a hostile takedown or simple exit scam. Dutch police said that new registrations on Hansa spiked from 1,000 users per day to 8,000 per day. They eventually had to shut down new user registration in an effort to keep Hansa operating smoothly, reopening not long before the permanent takedown.

Martijn Egberts Cyber ​​Officer of the OM said that the Prosecution seized more than $2,700,000 from Hansa because “crime should never pay.” The FBI nabbed roughly eight million from Alphabay.

At the DoJ announcement, the Active Deputy Administrator for the DEA announced that because of the work completed by international authorities during the Hansa takeover, police gathered information on thousands of drug buyers that could end in thousands of arrests between the US and international partners.

So far, there are three known arrests: the managers of Hansa and the owner of Alphabay, alpha02. Alpha02, as we previously explained, took his own life in Thailand, one hour before meeting with an extradition attorney. So, authorities in Germany have two suspects, and the FBI’s only incarcerated suspect died. Regardless, the FBI are proud of their work. And the win, for the FBI, was likely more rewarding than the Operation Pacifier conclusion. In that operation, their illegal hacking tool ruined many cases. And since they used an email address from a “welcome email” instead of an exploit to eliminate Alphabay, they might get a conviction. Of course, Alphabay marketplace never sent welcome emails—but that is another matter.

Screenshot_2017-07-20_18-08-17.png

The FBI publicized a list of Alphabay identities that they had identified, including Trappy, DeSnake, Disc0, and several other members of the Alphabay “team.” From owner (DS) all the way down to public relations manager, Trappy.

Screenshot_2017-07-20_18-00-02.png

And the Alphabay closure requested by many members of the community finally happened: law enforcement threw their seizure banner up in place of the Alphabay landing page. Hansa market, too, hosts a seizure banner. It indicates that whoever published the banner has a real desire to portray an image to the public: the Hansa logo was modified and the ship is now half submerged.

More arrests to follow, assuming the authorities told the truth.

71 comments

  1. lol

    we aint never ganna stop playing by our own rules.

    LE will never win this war.

  2. So, as I had suspected, big_muscles who wrote on reddit on last month not was the real big_muscles. maybe a LE infiltrated with goal of redirect vendors on Hansa.
    STAY AWAY FROM REDDIT

    • I think your advice on staying away from Reddit is good, but I don’t think BigMuscles was compromised by LE. He’s just a Russian dumbass who can barely speak English.

      He wasn’t a really important mod or anything, so I doubt he was kept in the loop about anything by the admins, which explains his confused posts on Reddit. I also don’t recall him ever pushing anybody to go to Hansa.

  3. It’s just artificial selection at work here. Those admins who are able to adapt will survive, and perhaps, even prosper. Those who don’t will face extinction. TLAs/LE are simply making the Deep Web stronger, not weaker, by eliminating those players who, in the evolution of this technological life and world, were and are destined to perish.

  4. hey umm AGORA, time for a come back???
    ;)

  5. illuminati official

    Anyone else online the second hansa went down? Couldn’t belive my eyes. Thought I clicked on a bad listing or something

  6. Can someone write a guide how to release the funds with buyers key. thx.

  7. Everything that is good lasts little Ha

  8. If there wasn’t stupid idiots overdosing then this wouldn’t be a problem. How about this FBI stop the fucking idiots from using it. It’s called natural selection and if you are fucking dumb enough to overdose on drugs you don’t understand then you deserve to die and not to take down the sites. Jesus fucking christ. I know not to fuck with dumb shit drugs because you know what I researched them before hand. Either these fucks that are overdosing wanted to kill themselfs because of depression or because they hate the feds and wanted to die anyway to avoid your shit.

    • KLENDATHU 1A

      This is dust and sand to the eyes, diversion.
      Keep GPG anything you write, boot unconnected, and VPN before doing anything online. Simple routine.

      This is how they do, when they feel outdated. They attack, and pump chests.

      Soon enough, there will be totally secured and unreachable person-to-person markets, coins, and platforms. And there’s nothing they can do about this simple principle of exchange : it’s market, in its pure form. Like Wall Street, yes mthrfckrs.

      This whole thing is the future, for advanced drug consumers, not stupid dumb kids OD-ing on pure products.
      That’s the truth. They just can’t handle the fact that people can deal with it by themselves, without state and pharma lobby medication, and that most of the traffic here isn’t for opiods…

      We need to keep fighting for freedom and responsibility.
      Be safe people.

      • Sorry, but I don’t understand how VPN can help?
        Ok, how we know for FBI *TOR* browser not problem and they can find your VPN IP. VPN – this is just some company, which will give all info about you and your real IP. or how it’s works?
        And one more thing.. Silkroad idea started from safe cryptocurrency – BTC.
        Today FBI can see all BTC transactions. So, how to win this war? We need new really safe cryptocurrency! This is first thing! Why nobody can do it???
        Thanks

  9. Ok i need alternative market. Any ideas? We can move !

  10. Hello everyone from HANSA. Where we move now ? I need alternative market.

  11. HUMONGOUS MUSCLES

    I’m sure that pyle of crap “BigMuscles” was quick to offer his credentials to the authorities for a quick peek at a cops little muscle and five days off his massive sentence he will get whacked upside his moron head with. Take AB and take Hansa you morons we made those you think we can’t prevail with even better markets? you better put a “we are hiring” ad on those “we think we’re cool cause we arrested five people out of millions” ads you put in place of our marketplaces cause you’re gonna need some serious help to take us down!!! I second the dillholes that OD I’m always saying if a MFer OD’s then they had suicidal thoughts in them somewhere cause you know damn well when you do that drug or do that much that there is a chance you are going down, when I get hi I know for a fact the dose I am doing there’s no way it’s gonna take me out (at least not immediately). MORONS OD on some street dope so we can continue to destroy your grandma’s bank account AHHHAHHHAAA SUCKERS! YOU WILL NEVER TAKE DOWN THE CARDERS, THE INTERNATIONAL DOPE DEALERS AND DOPE FIENDS, YOU CAN’T STOP US BEEEEAAATTCHHH!!!!!

  12. You got to be kidding me

    In the future when drugs become legal, just like alcohol after the ban, we will laugh at this thinking how stupid the FBI and other LE departments were to think that people will stop buying drugs.

  13. They have only won a little battle, stopping the freedom of others, when along the governments are stick it up there nose or in prostitutes.

    Full of shit and Hypocrites

    TYT

  14. RIP Hansa and Alphabay

    It continues to surprise me that admins make such rookie mistakes like leaving a personal hotmail address in a welcoming message – this led to the arrest of Alexandre Cazes.
    Also, many users did not encrypt their delivery address when ordering stuff.. guys, remember that LE WILL infiltrate these sites sooner or later, especially the big ones. So never, never leave any information on the site that can easily be linked to your identity!
    I hope users and admins learn from this case and take additional measures to ensure their safety.

    Last but not least: RIP Hansa and Alphabay..

    • I am soo new to DNM, i join fist Dark Net 3 months ago, i made some orders, but all digital, and just 2 Phisic, always using PGP Encryption am I safe?? Also I made some Withdraws to my own BTC wallet , safe too?

      Amount on orders and BTC was small. thanks.

      also what market to use now? Would like one with a forum like AB and HANSA

      • RIP Hansa and Alphabay

        If you have used the vendors key to encrypt your name and address, then you are probably safe. Also, how did you obtain your bitcoins? I recommend using something like a paysafecard combined with a facility like ukashexchange (access the site through Tor). That way you never provide any personal info.

  15. LOL wtf? Hansa still indicated as online here on ddw.

  16. So why is Hansa still listed in the green on the Markets Availability List and Status on the right side of this very page? Idiots.

  17. No way Cazes was alpha02 or “Admin”, the timelines and MOs just don’t add up. I definitely think he was DeSnake though.

    From what I’ve heard on some Russian boards, Cazes was definitely most likely DeSnake, but either way, he was ultimately just an expendable fall-guy for the real admins (who are likely located in Russia).

    • Hmmm.. if not all admins are caught, then perhaps alphabay may rise again, hopefully with better security. Time will tell if this will happen!

      • AAA

        I doubt it. Though I definitely don’t think LE got everything and everybody associated with AlphaBay, I think they hit just enough of its infrastructure to render it permanently inoperable.

        Cazes (DeSnake) definitely had an important and even a leading role to play on the market, but at the end of the day, it seems the higher ups just saw him as a lackey to take the fall and buy them time to get away. He wasn’t really one of them anyways.

        I think that $4,000,000+ BTC transaction that happened around the same time AlphaBay went down may now make some sense. Cazes had a crapload of BTC that either belonged to him or the market and the ship was sinking fast and he was desperately trying to save the coins, but he likely was too late.

    • Lucas

      It has been confirmed in police reports that Cazes was alpha02. Suspect in United States may be DeSnake.

      • The story of alpha02 goes back well over a decade before AlphaBay began. I seriously doubt Cazes, a software developer, hung out on Russian carding forums back then.

        My question for now is, how and where did alpha02 and Cazes (DeSnake) meet? And what necessarily pushed Cazes to the dark net in the first place?

    • C. Aliens

      DeSnake was one of the main admins who tried to spin the Russia propaganda. However, Cazes absolutely fit the DeSnake profile except for the part where a security engineer used Hotmail and made several rookie mistakes. DeSnake & Cazes had the same skills and whatnot. One could consider the possibility that alpha02 and DeSnake were one in the same, but the feds were thorough in their work. And alpha02’s messages were unique in comparison to any other alphabay staff member. The English was on par with Trappy’s English. DeSnake wrote like someone who knew English but was not from the US originally. No “Language barrier” aka BigMuscles though.

      • OAKMONT

        It’s important to note that “alpha02” and “Admin” were not the same person. In late-2015, alpha02 sold AlphaBay to some unknown person(s) and retired.

        On Hansa, penissmith (who knew alpha02 on TCF) noted that there were some serious personality changes between alpha02 and the new admin. The new admin was less active on the market and overall had a colder demeanor.

        You can’t always go by their knowledge of English because some Russians (especially the fraudsters) actually speak really good English.

        He also posted picture proof that the new admin did not fully trust DeSnake and saw him as little more than an expendable.

  18. does anyone know where i can locate the vendor Drugstar

  19. For every market they take down another one is gonna step up and take its place because its all about the money. Im sure their are a group of people working to get the next Alpha Bay up and running. Listen DEA if you want to win the war on drugs then legalize them all and set up dispensing facilities all over the US.1. It would be taxed so since so many people like to get high I guarantee withing 5 years our country would no longer be in debt.2 The overdose and deaths from opiate abuse would drop by(im guessing) at least 75% because the dispensaries would be selling pure government issued drugs. So if someone comes in and wants heroin the person working there will go to the back and get it and show you on the scale the weight you want and again it will be pure government heroin(so you know exactly what your getting) and none of that heroin cut with fentanyl thats killing half our country.3. It would put drug dealers out of business because why would someone risk their life going to a drug dealer when they can go to one of the highly guarded facilities and know 100% exactly what their getting. And number 4 probably the most important one of all THEIR WOULD BE NO MORE MEXICAN CARTELS! Which means the violence percentage would drop drastically and so would the murders. There would be no way for them or ISIS to make tons of money from selling drugs. Now after reading all that you still don’t think that legalizing all drugs and setting up guarded and secure dispensaries across the US is a good idea and would save millions of lives and produce trillions in revenue then there’s something wrong with you or you just have it out for drugs and want to live in a drug free world which will never happen. So instead of “The War On Drugs” that we have been trying and failing for the last 80 or so years why not try this? All the evidence is there. This would be the best way to handle the drug problem in America.

    • Though I definitely think drugs should be legalized; I don’t think the government should have any business dealing drugs, because they’ll just use their power to lock out all competition from the market. A free market should be in charge of who wins and loses.

  20. In the email address was his real name and YOB.
    Programmer > Alexnader > YOB 1991
    Even child would catch him.

  21. Its time to have a decentralized market, because maybe not join the i2p and the Monero with the source code of the OpanBazaar? Like something DarkBazaar?

    OpenBazzar with a based software
    Monero with a currency
    I2P with anonymity method

    R.I.P AlPha Bay and hansa!

  22. IT WILL NEVER END , IT MAY SEEM LIKE IT, BUT ONLY STRONGER MARKETS WILL TAKE ITS PLACE, ITS TOO MUCH MONEY TO BE MADE. May old leaves die ,for new ones to grow.

  23. Why not just leave someone else’s email address in the code. Seed an IP that belongs to someone else. I am not sure if I believe this story.

    People are overdosing because pills sold on these markets can be fake and have 10 times the expect dose due to a rounding error.

  24. where now thought? multisig and no exit scam….valhalla sucks and dream is already compromised. kys LE

    • I use dream daily. if your gonna make a claim that its compromised show proof cuz Dream Market was my second favorite market next to alpha bay and i havent had any problems with it.

      • On /r/DarkNetMarkets, a user posted proof that their server(s) leaked their IP address, which was then confirmed by the mods there.

  25. come back hansa. where is our multisig? they got too lazy handling all those alphy requests? whats the next market? no wallet on site, fuck dream. where do we go now?

  26. Fuck the Police

  27. Silkroad2 and Hansa Servers find in Lithuania. Guys! Why not Africa with army 20-50 solders + AK47 ?
    It will cost you just 50$ a day :D why not in some country where is easy pay to politics and Mafia? North Korea for example. Can Use some Lands or moon :) or super fucking encrypted system. WTF is going on? Turn on Brains! Immured server in Skyscraper! :)

  28. Looking for a vendor zeuss on alphabay and was known as valve12 on hansa?.
    Now hansa and alphabay are gone were do we go?. Dream seems whack!

  29. This worries me

  30. Decentralizedunstoppablemarketsplease

    Has anyone noticed vendors on dream who were on hansa and alpha acting weird?

    I have, and I dealt with my guy for a while, and knew how he acted. Replacement LE acts nothing like him.

  31. Decentralized Market

    The next will be decentralized marketplace, when that time comes, good luck taking it down as well.

  32. Alexandre Cazes

    1. fuck the police
    2. it’s not illegal to receive mail
    3. fuck the police

  33. Deam the best choice down

    Don’t forget that Deam been around since 201e there support suck according to who’s the mod you get but so there good and for working with LE I doubt it

  34. Hey

    I ordered on hansa and didn’t encrypted my adress. Can I order on other sites or is this now to dangerous?

    • you could still go on other sites, but first, to be safe, you should cut all ties with current email and existing accounts. basically a new identity. and always ALWAYS encrypt, not just checking the “encrypt” box, but actually doing it so you can confirm it’s encrypted.

  35. Hey

    I ordered on hansa and didn’t encrypted my adress. Can I order on other sites or is this now to dangerous?

  36. LE still have not figured out whats the problem..

    drug dealer/criminal/terrorist is byproduct of capitalist system. economy system that extract value from each others, worker is disposable, inhumane eventually turned society into bandits..these environment & “criminal encouraging behavior” is created by government and big businesses

  37. The drug war is over. Drugs won. It will take the Neanderthals and troglodytes a while to get used to these facts. But when the folks paying for it don’t want to anymore, they’re screwed. And most folks are damn tired of paying for it.

  38. It was aimed at Pirate_Sec dudes

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *