Background
Since the inception of darknet marketplaces, "exit scams" have been a persistent problem, following the precedent set by the original Silk Road. Just last week, Incognito Market had executed an exit scam, with the operators, the Incognite Team, absconding with a large amount of Bitcoin (BTC) and Monero (XMR) belonging to customers and vendors.
The Exit Scam
Typically, after an exit scam, a marketplace simply shuts down. However, in this case, the Incognito market operators apparently were not satisfied with just taking users' cryptocurrency and wanted to extract even more, resorting to blackmailing users and vendors who used the platform.
The Extortion
"Do you want to hear our final words?" Incognito market administrator "Pharoah" detailed in a message. "We bring you one last unpleasant surprise. Over the years we have accumulated a list of private messages, transaction information and order details."
Pharoah added:
You'd be surprised how many people relied on our "auto-encryption" feature. Btw, your messages and transaction IDs were never really deleted after "expiration".
The information at risk of being exposed to law enforcement, according to Incognito's operators, includes a combined dump of 557,000 orders and 862,000 cryptocurrency transaction IDs. The ransom note ominously states: "Whether your and your clients' information is on that list is entirely up to you."
The Ransom Demand
Incognito's operators claim they will set up a whitelisted portal for users who pay the ransom, offering them the opportunity to have their records deleted. Ironically, the Incognito administrators "thank" customers and vendors for "doing business with Incognito Market" and display a page showing users who have and have not paid the ransom.
Dread Forum Discussion
On the Dread forum, users have been actively discussing the situation and potential courses of action.
- User "augitetermy" posted a "Vendor Warning" thread, stating that "This vendor sent my tracking information completely unencrypted in the order details on Incognito Market. I messaged him to ask him to delete it and he said 'orders are automatically deleted' and that tracking numbers aren't sensitive info. I messaged the mods and they claimed they can't see order details, but anyone with web dev experience knows that someone has full access to the database and none of this info is private. I can still see that plain text tracking number which links a darknet purchase to a real-world tracking number with my address on it, and now this website is trying to extort all users and vendors."
- In a thread titled "Thoughts on Incognito exit scam and extortion," user "73nny9876" expressed uncertainty about whether law enforcement would use the leaked data as evidence, especially since he is just a small buyer. He speculated that law enforcement likely already has some sort of database and it's hard to believe they would need or use this new data instead of their own surveillance, unless it's information about specific vendors or high-volume buyers that law enforcement is already tracking.
- Concerns about the payment currency used were also raised in the posts. User "mewslol" started a thread asking "Should Incognito buyers be worried about their coins being traced if we didn't use Monero? Should we only use XMR from now on?" He further asked, assuming physical addresses linked to purchases are not a concern, what should Incognito buyers be worried about? He mentioned that he purchased his Bitcoin on Binance, sent it to a mixer, and then to Incognito. He stated that he's not talking about a few hundred dollars, but rather large, regular purchases that might interest law enforcement. "Everyone says to use Monero…" but he can make a good case for only buying Bitcoin, because wouldn't buying large amounts of Monero from an exchange raise red flags? Binance doesn't even list it. How do other high-volume buyers do it?
Conclusion
The Incognito Market exit scam and subsequent extortion attempt is a disturbing development in the darknet marketplace landscape. It highlights the risks associated with using these platforms and the need for users to take precautions to protect their privacy and security.