Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed.
Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are particularly vulnerable. As these markets grow in popularity and amass large amounts of transactions, the potential payout of an exit scam can be enormous, as seen with the Evolution market exit scam in 2015, totaling roughly 12 million in stolen Bitcoins.
A common tactic in these types of scams is to initially freeze transactions for “technical difficulties,” followed by taking the entire market offline and grabbing the funds.
What the users say
Wall Street Market appears to have followed a similar trajectory, with frozen transactions leading to side channel messages warning of scams, to a mass vendor exodus. Notable in the saga is that at least one actor appears to have compromised a market admin account to notify users of potential issues.
What the money might say
While now empty, the public address (32Eup1TPADYTAa46wq48c7qmg7AuFwigeM) has been identified by users of Wall Street Market as being the destination of funds stolen from escrow accounts. A recent series of withdrawals totaling about 2,067 BT— around $11.5 million USD—is being broken down and likely laundered through various means so that thieves can cash out their profits.
Average market traffic patternsStarting with the transaction on April 14, 2019, at 7:15:35PM, the market admins appear to have modified the process that occurs during the release of escrow funds once an order is completed. Instead of funds being released to vendors, all the funds were instead diverted to the fraudulent account.
Redirection of traffic to a single address, correlating to user complaintsAfter moving from this address, funds appear to be following a similar pattern of being grouped into 70 BTC amounts.
At this point, most of the funds currently remain untouched except for a few transactions, which appear to be initial tests to cash out funds. For instance, following the outputs of transaction (8b36afc40700c51941fd4218873fd219a19bd36beeaac2f06082362f5327642c) eventually leads us to the known wallet address for Houbi, a large Crypto exchange originally founded in China.
What does it mean?
While we can’t prove intent to scam, the transaction pattern over the past few days, in addition to admin behavior mirroring that of previous exit scams, suggests the market admins might not have the best of intentions with their customers’ Bitcoin.
Due to a paucity of fraud controls other than reputational built into most marketplace systems, the temptation to exit scam has gotten the best of more than one dark net market. Unfortunately, the best advice available to customers at present time is caveat emptor.
The post Wall Street Market reported to have exit scammed appeared first on Malwarebytes Labs.
Powered by WPeMatico