Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Those running dark web marketplaces will do almost anything to achieve their desire to make a lot of money or be the top cybercriminal market, including deceiving and manipulating their audience. Although these tactics can be advantageous, they do come with their pitfalls. If caught, a marketplace can go from hero to zero in a matter of seconds. This can leave behind a tarnished reputation, a bad taste in the mouths of their supporters, and an inevitable decline into the marketplace’s administrators performing an impromptu exit scam or simply abandoning ship and moving onto their next project. Remarkably, there will always be another marketplace waiting with bated breath, ready to take on the mantle of the “new kid on the block” and benefit from a formerly prestigious platform’s decline. If there is money to be made, there is always someone waiting to grab their slice of the pie.
This blog will explore just one example of this. In May 2020, Digital Shadows (now ReliaQuest) wrote about a popular marketplace called BitBazaar that got called out for attempted manipulation of subscriber numbers on the popular dark web platform, Dread. Roll on one month and with falling user levels, poor staff behavior, and allegations of withdrawal issues; everything points to an exit scam. Meanwhile, a new marketplace called “Neptune Market” has been waiting in the wings, preparing to fill the void. Let’s break down how BitBazaar’s alleged exit scam saga developed and look at Neptune market and its attempt to break into the cybercriminal market scene.
BitBazaar launched onto the dark web marketplace scene in mid-2019 with claims that it offered a “walletless market with escrow, auctions and anonymous orders,” low commission rates of 1% for vendors, an integrated forum, and support for multiple FIAT currencies to cater for a global audience. BitBazaar’s initial popularity increased following rival marketplace Apollon’s 2019 exit scam and law enforcement’s 2020 seizure of Berlusconi Market. BitBazaar’s administration team sourced new buyers and vendors using other platforms such as Envoy, The Hub, and Dread (on which the marketplace had even created a dedicated subdread to facilitate direct communications between the market team and its members).
In early May 2020, Dread administrator “Paris” banned BitBazaar’s subdread, accusing the platform of “massive subscriber manipulation.” BitBazaar allegedly inflated their subread’s subscriber numbers to make the marketplace appear more popular than it was. This tactic could potentially be adopted to drive up traffic numbers to any given site and enhance its reputation. Although the marketplace’s administrators refuted these claims at the time, they soon began pushing a counter-narrative, which stated that they had been on the receiving end of, “countless attacks,” that they, “only care[d] about our platform security and our users,” and that it didn’t, “make sense [to] fake our subscribers if we never care[d] about these numbers.” Ultimately, Dread’s administrator upheld the ban on BitBazaar’s subdread. They claimed a forum such as Dread would have given the marketplace “millions of impressions and thousands of clicks per 1 month period”. They likely did not want Dread to contribute further to an allegedly dishonest marketplace’s success.
1Subdread – Is a dedicated section created by a user/group of users on the Dread platform for a specific service or subject which fellow Dread users can subscribe to. This process helps to facilitate subscriber communications directly with the subdread owners and receive updates and information pertaining to the topic.
Since BitBazaar’s Dread ban, the marketplace’s growth momentum appeared to stall, and user interest levels took a nosedive. Although vendors reported that the service was still up and running as normal, they recognized a drop in the number of buyers since the Dread ban. User “oilcenter” said, “All we can say from a vendors perspective, our sales are real and our customers are real.” They added: “Sales are going down since this Dread-ban, thats for sure.” Approximately one month after the ban, BitBazaar buyers and vendors posted accusations of money withdrawal issues on Dread. Rumors of a possible exit scam also started to appear. For example, on 30 May 2020, a user posted a conversation they had had with BitBazaar staff. They outlined their difficulties withdrawing funds from the marketplace despite resetting their PIN as directed and directly sending a BTC address for their money to be paid. This user received aggressive responses from the marketplace staff, which ultimately led to the user being banned from the marketplace and their money not being refunded.
On 11 Jun 2020, a different Dread user stated, “Bit Bazaar is exit scamming within a week” and “We’re yet to known the exact story, but multiple vendors can’t withdraw, it validates the exit-scam.” A user with the moniker “BitBazaar_Support” (likely affiliated with the marketplace administration team) refuted this allegation with claims of an attack on the marketplace, and further explained that it could only remain online for a “short time” each day to allow users to withdraw their coins. The Dread community concluded this story was likely a cover for the exit scam, designed to buy BitBazaar’s administration team time. Other Dread users also shared their experience of similar issues on BitBazaar; one said, “2 options, and regardless of which one it is, the end result is, your coins are gone and you must suck it up and move on, BitBazaar is finished.” In the third thread on 14 Jun 2020, one Dread user opined, “THE SCAM IS NOW. It is the same as what Nightmare and Apollon did, locking out the vendors and luring in unsuspecting ignorants to part with their funds.”
At the time of writing, BitBazaar is inaccessible. BitBazaar_Support’s last known response on Dread was made on 11 Jun 2020 and stated, “market is online now. You can use it. withdraw/deposit/place orders and ..We have much tickets and requests due to 24 hours off-time, so please be patinent we will process all requests.” Regardless of whether BitBazaar conducted an exit scam (which is likely, given circumstances and allegations), or was hacked by an unknown entity, marketplace vendors and buyers have had trust burned once again. The episode also shows the power of forums, such as Dread or The Hub, in making or breaking of criminal marketplaces.
If BitBazaar had gotten away with its subscriber manipulation tactics, the marketplace would have likely grown steadily and cemented its position as one of the premier services. This would have increased the pot size if the site owners wanted to perform an exit scam at a later date or continue to live off the profits from being one of the top marketplaces in the cybercriminal scene.
With BitBazaar making a sharp exit stage-right from the cybercriminal scene, there has been an array of candidates lining up to take its spot and provide a new home for BitBazaar’s abandoned vendors and buyers. One marketplace that has caught Digital Shadows (now ReliaQuest)’ attention is Neptune Market. This marketplace officially launched itself on The Hub and Dread in late June 2020 and has since established a presence on “onion.live” (a Tor network directory service) and created a dedicated subdread to provide updates and facilitate communications directly with subscribers.
The marketplace has already actively worked on incorporating new features such as Jabber and Telegram order notifications through an integrated API (this feature has not historically been seen with other dark web marketplaces). It has also undergone platform security testing with the help of threat actor “Stackz420”, who assessed that the marketplace was, “very well coded and is very secure.” Although this is the subjective opinion of one user, it acts as somewhat of a seal of approval because of Stackz420’s history of successfully performing security tests on various dark web platforms and their knowledge of the marketplace scene in general.
Well, in summary, not a lot. The dark web cybercriminal scene is familiar with exit scams, deceptive tactics, and unreliability issues. It is highly likely this latest event will have little to no impact on the broader landscape. There are already several candidates waiting patiently in line to take the place of Neptune Market, if and when it meets its almost inevitable demise! Like all new dark web marketplaces, time and patience will be essential to Neptune’s sustained growth, along with a capable administration team and support members who can answer queries and address any issues. What the future holds for Neptune Market is unknown.
It may become one of the next big platforms, or–like many of its predecessors–may simply be another small fish trying to grab a slice of the money pie. Two things are for sure:
1. Digital Shadows (now ReliaQuest) will be keeping a close eye on all the developments
2. Despite all the exit scams, law enforcement seizures, or marketplace abandonments, the dark web will never be short of candidates waiting for 15 minutes of fame.