Incognito Market admins pull exit scam, extort users

Incognito Market admins pull exit scam, extort users

Administrators of Incognito Market, a dark web narcotics bazaar, are extorting all of its users, demanding between $100 and $20,000 for not publishing all of their cryptocurrency transactions and chat records, cybersecurity journalist Brian Krebs reported.

The development comes shortly after Incognito Market admins reportedly exit scammed, leaving the platform’s users unable to withdraw millions of dollars worth of funds. The Incognito Market exit scam began on February 19, 2024, with Bitcoin transactions suddenly ceasing on the platform.

Pharoah, the Incognito Market admin posted the extortion message on the site.

“We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. By the way, your messages and transaction IDs were never actually deleted after the ‘expiry,’” the post reads.

“We will be publishing the entire dump of 557k orders and 862k crypto transaction IDs by the end of May, whether you or your customers’ info is on that list is totally up to you,” it continues.

The Incognito homepage now includes a list of vendors by name, indicating in green which vendors have supposedly already paid to keep their customer data from being published.

Incognito has established a tiered pricing system for vendor extortion, determined by their status or “level” within the marketplace. Vendors at Level 1 purportedly have the option to have their information removed for a fee of $100, while higher-ranking “Level 5” vendors are required to pay $20,000.

Last week, reports emerged that the infamous ALPHV/BlackCat ransomware gang responsible for the recent UnitedHealth Group breach pulled an exit scam, posting a bogus message about the law enforcement takedown on their data leak site. In a message on the hacker forum, ALPHV administrators said that they decided to shut down the operation and are now selling ransomware source code for $5 million.

Back to the list

Latest Posts

Hackers exploited zero-day flaw in Gladinet CentreStack software since March

Hackers exploited zero-day flaw in Gladinet CentreStack software since March

The issue stems from a hardcoded machineKey in the web application’s configuration file.
10 April 2025
Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

The advisory focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps.
9 April 2025
One of largest bulletproof web hosting providers Media Land got its internal data leaked

One of largest bulletproof web hosting providers Media Land got its internal data leaked

Researchers believe the hacker behind the breach is likely the same group responsible for the previous BlackBasta leak.
9 April 2025