A dark web drug-trafficking site runs away with users' virtual currency and threatens to release drug-trafficking history unless a ransom is paid.

In March 2024, Incognito Market , a dark web drug trading platform, ran away with virtual currencies such as Bitcoin (BTC) and Monero (XMR) that were in users' accounts. Furthermore, it has been discovered that the administrator of Incognito Market has threatened users who have conducted drug transactions on the platform, ``If they do not pay a ransom, their transaction history will be made public.''

The #1 darknet drug market – Incognito – took all of its users' money earlier this month.

Now the admin is demanding that every user pays a ransom of $200 to $20k by May. Otherwise he will snitch + post their personal info – including order details – online for police to see.

pic.twitter.com/odhLj1LPie

— Rebecca Tidy (@DrRebeccaTidy) March 12, 2024

Incognito Darknet Market Mass-Extorts Buyers, Sellers – Krebs on Security
https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/

Incognito Market was known as a dark web drug trading platform, but on March 5, 2024, users reported that they were unable to withdraw virtual currency.

In response, a person calling himself ``Pharoah'', the operator of Incognito Market, claimed on the dark web bulletin board site ``Dread'' that the cause was a change in Incognito Market's withdrawal system. 'During the early stages of this upgrade, usability may be temporarily impacted for the first few days as the servers process both syncing old data and processing new requests,' Pharaoh wrote in a post on Dread. 'There is,' he explained.

However, after this, the problem of not being able to withdraw money continued, so Mr. Hugbunter, who is known as a security expert related to the dark web, started an investigation. Then, when Hugbunter talked with Pharaoh, he was offered a deal to delete posts about Incognito Market in return for a bribe.

Through his interactions with Pharaoh, Hugbunter became convinced that Incognito Market had carried out an 'exit scam' in which he ran away with virtual currency. Hugbunter said: 'Unfortunately, we are 100% sure that it is an exit scam. While this warning cannot affect funds already lost from Incognito Market, it can prevent future losses. .Users please stay away from Incognito Market.'

However, it was discovered that Incognito Market is not just an exit scam, but also threatens vendors who sell drugs on the platform, saying, ``If a ransom is not paid, transaction information and private messages will be made public.''

This is the threatening text actually posted on the top page of Incognito Market. 'We have a little sneaky surprise for you. We have been collecting private messages, transaction information, and order details for years. We were surprised to see how many people relied on our 'auto-encrypt' feature.' By the way, your messages and transaction IDs have not been deleted even after the ``retention period'' has passed... Surprise me!'' At the end of May 2024, a total of 557,000 orders and 86 It claims to release data on 2,000 virtual currency transaction IDs.

Incognito Market is threatening vendors with a ransom to remove them and their customers from the list of exposed data. Incognito Market ranks vendors according to the frequency of transactions within the market, etc., and 'Level 1' vendors are paid $100 (about 15,000 yen), and 'Level 5' vendors are paid $20,000. They are demanding payment of approximately 3 million yen.

In addition, if you look at the screenshot below posted by the security blog Krebs on Security, it states that if the ransom is not paid by April 1st, the amount will be doubled.