Victory or lull? Why are criminals afraid to use the darknet version of Genesis Market?

At the beginning of last week we mentioned that liquidated in April Genesis Market continues to function successfully on the darknet. At the same time, both researchers and law enforcement officers still note a strong decline in online crime after the closure of the public version of the Genesis Market.

The thing is that criminals have not yet decided to use the darknet version of the site because of fears that it is still controlled by the FBI, and everything that happens is just a big bluff.

In the first few days after the FBI raid, known as Operation Cookie Monster, one of the Genesis Market operators tried to allay user concerns by claiming that the FBI had only confiscated public web domains and that the darknet version of the market was still anonymous and secure.

However, doubts are not so easy to get rid of. Moreover, the account of this operator was later blocked by the administration of the forum, where he assured to continue using the Genesis Market. It is quite possible that this was a kind of bait of law enforcement officers.

“While the future of the Genesis Market is still uncertain and vague, its main competitor, the Russian Market, has actually come to a standstill,” said Alexander Leslie, a cybercrime specialist at Recorded Future.

“In regards to Russian Market, we have noticed an immediate halt in the daily posting of new data hijacker entries starting April 4, 2023. The question immediately arose as to whether the person responsible for deliveries to the Russian Market and Genesis Market had been arrested as part of Operation Cookie Monster. Although it is possible that the Russian Market itself stopped posting new data as a precautionary measure,” Leslie added.

Reportedly, a week later, the listing of the stolen data on the Russian Market resumed.

Regarding another Genesis Market competitor called 2easy Shop, Leslie said the impact on him was “a little more opaque” as there were rumors for several months up to the end of 2022 that it was a trap site. However, the credibility of 2easy Shop among the criminals gradually appeared. However, this market did not show a significant increase in activity after the Cookie Monster operation, unlike the same Russian Market.

“I want to draw a parallel. After the Hydra Market was wiped out last year, it took about six months for the market to recover. I think we are seeing a similar movement here,” said Andras Tot-Csifra, senior analyst at the company. flash point.

Among its competitors, Genesis Market was the best in its class. It was (and probably still is, if the darknet version is not an FBI ruse) a generic scam platform that allows criminals to buy stolen credentials and then easily use them with a special browser plug-in, browsing the web in exactly the same way as if they would be physically open on the computers of the victims, bypassing any security systems.

Previously, the FBI said that their specialists obtained information about approximately 59,000 individual Genesis Market user accounts. Apparently, this caused concern among former users. They worry that their cryptocurrency addresses and usernames could be used by the police to establish their real identity.

In general, both the FBI and cybersecurity researchers agree that the Cookie Monster operation significantly undermined the credibility of criminals both in Genesis Market and its administrators, and in other similar sites like Russian Market and 2easy Shop. However, over time, criminal activity will still recover, so it remains only to wish the FBI good luck in eliminating other participants in the dark market.