12 March 2024

Incognito Market admins pull exit scam, extort users


Incognito Market admins pull exit scam, extort users

Administrators of Incognito Market, a dark web narcotics bazaar, are extorting all of its users, demanding between $100 and $20,000 for not publishing all of their cryptocurrency transactions and chat records, cybersecurity journalist Brian Krebs reported.

The development comes shortly after Incognito Market admins reportedly exit scammed, leaving the platform’s users unable to withdraw millions of dollars worth of funds. The Incognito Market exit scam began on February 19, 2024, with Bitcoin transactions suddenly ceasing on the platform.

Pharoah, the Incognito Market admin posted the extortion message on the site.

“We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. By the way, your messages and transaction IDs were never actually deleted after the ‘expiry,’” the post reads.

“We will be publishing the entire dump of 557k orders and 862k crypto transaction IDs by the end of May, whether you or your customers’ info is on that list is totally up to you,” it continues.

The Incognito homepage now includes a list of vendors by name, indicating in green which vendors have supposedly already paid to keep their customer data from being published.

Incognito has established a tiered pricing system for vendor extortion, determined by their status or “level” within the marketplace. Vendors at Level 1 purportedly have the option to have their information removed for a fee of $100, while higher-ranking “Level 5” vendors are required to pay $20,000.

Last week, reports emerged that the infamous ALPHV/BlackCat ransomware gang responsible for the recent UnitedHealth Group breach pulled an exit scam, posting a bogus message about the law enforcement takedown on their data leak site. In a message on the hacker forum, ALPHV administrators said that they decided to shut down the operation and are now selling ransomware source code for $5 million.

Back to the list

Latest Posts

Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024
US seizes 32 domains linked to Russian Doppelganger influence campaign

US seizes 32 domains linked to Russian Doppelganger influence campaign

The domains, used to disseminate propaganda, were seized as part of a broader effort to disrupt Russia’s attempts to interfere in the 2024 US Presidential Election.
5 September 2024