Incognito Market admins pull exit scam, extort users

Incognito Market admins pull exit scam, extort users

Administrators of Incognito Market, a dark web narcotics bazaar, are extorting all of its users, demanding between $100 and $20,000 for not publishing all of their cryptocurrency transactions and chat records, cybersecurity journalist Brian Krebs reported.

The development comes shortly after Incognito Market admins reportedly exit scammed, leaving the platform’s users unable to withdraw millions of dollars worth of funds. The Incognito Market exit scam began on February 19, 2024, with Bitcoin transactions suddenly ceasing on the platform.

Pharoah, the Incognito Market admin posted the extortion message on the site.

“We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. By the way, your messages and transaction IDs were never actually deleted after the ‘expiry,’” the post reads.

“We will be publishing the entire dump of 557k orders and 862k crypto transaction IDs by the end of May, whether you or your customers’ info is on that list is totally up to you,” it continues.

The Incognito homepage now includes a list of vendors by name, indicating in green which vendors have supposedly already paid to keep their customer data from being published.

Incognito has established a tiered pricing system for vendor extortion, determined by their status or “level” within the marketplace. Vendors at Level 1 purportedly have the option to have their information removed for a fee of $100, while higher-ranking “Level 5” vendors are required to pay $20,000.

Last week, reports emerged that the infamous ALPHV/BlackCat ransomware gang responsible for the recent UnitedHealth Group breach pulled an exit scam, posting a bogus message about the law enforcement takedown on their data leak site. In a message on the hacker forum, ALPHV administrators said that they decided to shut down the operation and are now selling ransomware source code for $5 million.

Back to the list

Latest Posts

UAC-0219 targets Ukraine’s government agencies with WRECKSTEEL stealer

UAC-0219 targets Ukraine’s government agencies with WRECKSTEEL stealer

This activity has been ongoing since at least the fall of 2024.
3 April 2025
Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

As a result of the operation, 79 arrests were made, 1,393 suspects identified, and over 3,000 electronic devices seized.
2 April 2025
Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025