Alexandre Cazes

AlphaBay was a darknet market operating at different times between September 2014 and February 2023. At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake. The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide.

History

AlphaBay reportedly launched in September 2014, pre-launched in November 2014 and officially launched on December 22, 2014. It saw a steady growth, with 14,000 new users in the first 90 days of operation. In October 2015, it was recognized as the largest online darknet market according to Dan Palumbo, research director at Digital Citizens Alliance.

Non-standard services included customizable digital contracts around building reputations.

In May 2015, the site announced an integrated digital contracts and escrow system. The contract system allows users to make engagements and agree to provide services in the future, according to the terms of the contract.

By October 2015, AlphaBay had over 200,000 users, and a claimed 40,000 sellers.

At the time of its demise in July 2017, AlphaBay had over 400,000 users, and around 300,000 listed items on their website.

In addition to bitcoin, AlphaBay implemented support for Monero in August 2016. It also accepted Ethereum.

Site breaches

In April 2016, AlphaBay's API was compromised, leading to 13,000 messages being stolen. In January 2017, the API was once again compromised, allowing over 200,000 private messages from the last 30 days and a list of usernames to be leaked. The attack was from a single hacker who was paid by AlphaBay for the disclosure. AlphaBay reported that the exploit had only been used in conjunction with this attack and not used previously.

News coverage

On March 28, 2015, AlphaBay Market made the news for selling stolen Uber accounts. Uber made a statement regarding a potential data breach:

"We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."

In October 2015, the London-based telecommunications company TalkTalk sustained a major hack. The stolen data was put for sale on AlphaBay Market, which led to the arrest of a 15-year-old boy. TalkTalk CEO Dido Harding issued the following statement:

"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here."

In August 2017, AlphaBay was revealed as a possible venue by which one of the perpetrators of the 2017 Jewish Community Center bomb threats may have sold a "School Email Bomb Threat Service." This individual, Michael Kadar, made 245 threatening calls to schools and community centers. Criminologist David Decary-Hetu noted this event as notable for being the first example of criminal services being sold over a darkmarket. He said, "All the cases I have heard of so far turned out to be law enforcement trying to find people of interest," making this case unique in his experience to that point.

Seizure and shutdown

By July 2017, AlphaBay was ten times the size of its predecessor Silk Road (which was busted in October 2013), had over 369,000 listings, 400,000 users, was facilitating US$600,000-$800,000 of transactions per day, and had reportedly built a strong reputation. However, a series of elementary operational security errors led to its downfall:

* About the time the service first began in December 2014, Cazes used his Hotmail address ''pimp_alex_91@hotmail.com'' as the 'From' address in system-generated welcome and password reset emails, which he also used for his LinkedIn profile and his legitimate computer repair business in Canada.
* Cazes used a pseudonym, Alpha02, to run the site which he had previously used (e.g., in carding and tech forums) since at least 2008, and variously advertised this identity as the "designer", "administrator" and "owner" of the site.
* When Cazes was arrested, he was logged into his laptop performing an administrative reboot on an AlphaBay server in direct response to a law-enforcement-created artificial system failure; furthermore, encryption was wholly absent on that laptop.
* Cazes' laptop reportedly contained an unencrypted personal net worth statement mapping all global assets across multiple jurisdictions, conveniently leading police to complete asset seizure.
* The servers were hosted at a company in Canada directly linked to his person.
* The servers contained multiple constantly open (unencrypted) hot cryptocurrency wallets.
* Cazes' flashy use of proceeds to purchase property, passports and luxury cars and frequent online boasting about his financial successes, including posting videos of himself driving luxury cars acquired through illegal proceeds, not only revealed his geographical location, but also made denying connection to the service impossible.
* Assets acquired through proceeds were held in a variety of accounts directly linked to Cazes, his wife and companies they owned in Thailand (the jurisdiction in which they lived), as well as directly held personal accounts in Liechtenstein, Cyprus, Switzerland and Antigua.
* Cazes' statements about the goal of the site — "launched in September 2014 and its goal is to become the largest eBay-style underworld marketplace" — helped to legally establish intent.

Timeline

Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand:
*Early May 2017: Law Enforcement verifiably active on the site since at least this period.
*1 June 2017: Warrant issued by United States District Court for the Eastern District of California for racketeering, narcotics trafficking, identity theft and access device fraud, transfer of false ID, trafficking in illegal device making equipment, and conspiracy to commit money laundering.
*30 June 2017: Warrant is issued for Cazes' arrest in Thailand at US request.
*5 July 2017
**Canadian police raid ''EBX Technologies'' in Montreal, Cazes' Canadian company and the reported location of the physical servers, as well as two residential properties in Trois-Rivières.
**Cazes is arrested in Bangkok at his dwelling at Phutthamonthon Sai 3 Road in Thawi Watthana district which is searched by the Royal Thai Police, with the help of the FBI and DEA.
*12 July 2017: Cazes' suspected suicide by hanging while in custody at Thailand's Narcotics Suppression Bureau headquarters in Laksi district, Bangkok, was reportedly discovered at 7AM. He was due to face US extradition.
*16 July 2017: Cazes' wife was reported as having been charged with money laundering.
*20 July 2017; U.S. Attorney General Jeff Sessions announces shutdown of the site.
*23 July 2017: Narcotics Suppression Bureau chief is interviewed and suggests that more suspects will be arrested soon.

Relaunch

AlphaBay was relaunched as early as 8 August 2021. Details of the new operation surfaced after a conversation between ''Wired'' and a user with the same verified public key as a former site administrator for AlphaBay. Using the alias DeSnake, the former vendor and self-described co-founder of the original AlphaBay now claims to operate the marketplace, placing a higher emphasis on operations security than the previous administration, stating "there is no overkill" regarding the site.

As part of the site's relaunch, multiple new features have been advertised and new rules announced. Notable among new features are AlphaGuard (which allegedly prevents users from losing funds even if seizures on all servers occur at the same time), an automatic system to resolve disputes between buyers and sellers, exclusive use of Monero wallets, and the offering of I2P mirrors. Concerning rules, items newly prohibited from sale include COVID-19 vaccines, firearms, products containing the narcotic fentanyl, pornography, and "hitman services". Furthermore, there is a ban on discussions of any public or private information related to the governments, organizations, or people of Russia, Belarus, Kazakhstan, Armenia, and Kyrgyzstan. This has led to loose speculation that there is a connection between the site operators and the governments of these nations.

In early February 2023, the market went into lockdown, preventing users with 2FA verification from logging in. Accounts affected included all of the site staff and vendors. As admin team member TheCypriot explained in a Reddit post, the site went into partial lockdown due to one of its canaries not being signed in time by DeSnake. They did not reappear to rectify the problem and have not been heard from since. With its owner missing and staff unable to sign the canary to lift the lockdown themselves, Alphabay de facto ceased operations. While a number of theories about the disappearance have been proposed, none have been substantiated with evidence.

References

Further reading

*
*
*
*
*
*

{{Portal bar, Internet, Anarchism, Thailand

Internet properties established in 2014
Tor onion services
Carding (fraud)
Internet properties disestablished in 2017
Defunct darknet markets