The dark web market “Fish Market” has opted for an “exit scam” and it is currently inaccessible

The Fish Market was established in 2023, initially launched under the name "Go Fish Market", later renamed to "Fish Market", or simply known as "The Fish". The team behind this dark web market was ambitious from the start, aiming not just to create another dark web marketplace, but to stand out through a series of innovative features and unique designs. Fish Market dealt in both physical and digital products, including drugs, fraud items, defense products, software, and forgeries.

At one point, Fish Market was a rapidly growing market on the dark web. Although the user interface might have initially seemed confusing, once users got the hang of it, they found the market to be competitive with others, quickly amassing a user and vendor base. New vendors had to pay a bond of 1.5 XMR, with sales fees being very low at 3%, which could go down to 2.5%, making it the market with the lowest fees for sellers among all dark web markets.

Two months ago, Fish Market (http://gofishbybookb4a2kvviuygmwjqfxx7nqsovweogs2cxvqvexhe7edyd.onion) experienced intermittent inaccessibility. An employee of this dark web market, "/u/Byt3s", posted an announcement on the Dread dark web forum stating that due to a major targeted DDoS attack on Fish Market's primary onion link, the dark web site was temporarily down. The market's administrator, "/u/GoFish", was working to restore the website, and it shouldn't take too long.

In early September, due to another instance of inaccessibility and inconvenience in accessing Fish Market, "/u/Byt3s" posted an announcement on Dread on behalf of the Fish Market Team, sincerely apologizing to all esteemed customers and merchants. They stated that their team was working tirelessly day and night to resolve the issue, with an expectation of normal operations resuming soon. Byt3s promised to update everyone as soon as he received a response from administrator "/u/GoFish."

However, the market later became completely inaccessible. Mid-September, "/u/Byt3s" suddenly posted a thread on Dread titled "Fish Market is officially gone – An unwelcome announcement", stating that Fish Market would not return to normal operations and provided an explanation.

Byt3s wanted to take some time to discuss recent developments in the market. Although the statement was a bit late, he explained this was due to being shocked by the turn of events, never imagining he would find himself in such a situation. He aimed to provide some background information and transparency on what happened, the primary reasons for the shutdown, and his views on the outcome.

Byt3s mentioned that when he first noticed the site was down, he contacted "/u/GoFish" (Fish Market's administrator) on Jabber to inform him. Initially, Byt3s suspected a DDoS attack had taken down the main onion site, as Fish Market had been a target for DDoS attacks since being listed on a super list, a threat faced by many other dark web markets.

However, this time was different, and unfortunately, worse. After the Fish Market onion site went down, Byt3s lost access to the admin panel and private mirrors, which was unusual since these were typically accessible even during DDoS attacks. Byt3s had not received any replies from GoFish and could only try to figure out why the downtime was extended, immediately contacting Dread administrators and "/u/SamWhiskey" to keep them informed of any developments.

Finally, Byt3s received a reply from GoFish on Jabber. The message was very vague, feeling like a final goodbye, which was shocking. For operational security reasons, Byt3s did not record any Jabber messages and did not want to share them publicly, but the gist of GoFish's reply was that a VM server might have been compromised. GoFish mentioned he couldn't bring the volumes back online without risking exposing the encryption keys to a Man-in-the-Middle attack. He then apologized, saying things had to end this way.

Byt3s concluded that based on the final message, the compromise of just one virtual machine didn't really explain much. It might have been a hack, but only GoFish could truly clarify that. Byt3s confirmed he had no access to any actual market servers; his permissions were limited to handling daily support tasks. He did not have any advanced permissions.

Byt3s stated that during his time working with GoFish, he always pushed for strict operational security for both GoFish's and the market's benefit. He was a staunch supporter of OpSec and emphasized the importance of regular security audits to ensure safety. Soon after Byt3s joined, Fish Market still had a clearnet mirror (www.gofish.market:666, 85.217.222.58), which was removed for security reasons at his strong insistence.

As someone closest to the whole situation and the market, Byt3s didn't believe GoFish was arrested by law enforcement or that any data was leaked. He believed GoFish had been fair and honest during their association—at least while he was around. Byt3s sincerely apologized to the vendors and customers who lost their cryptocurrencies, stating he had tried to contribute positively but was powerless.

"ODN" initially concluded that Fish Market had opted for an "exit scam", with administrator GoFish absconding with users' cryptocurrencies. Byt3s, who had been posting announcements on Dread, was not an administrator but just an employee involved in management, and he too was deceived by the real administrator.

For more updates on dark web news, follow "ODN".