Wall of Shame copy from /r/DNMSuperlist
PLEASE READ FIRST
This page contains a copy of the Wall of Shame which was originally hosted on /r/DNMSuperlist until the Reddit ban issued on March 21 2018.
We extracted the information from a Google cache snapshot that we downloaded before it was removed from the Google cache. It is from a snapshot of the Wall of Shame page as it appeared on Mar 19, 2018 06:23:27 GMT. We have made no alterations to this list beyond removing all the links.
We will not be updating, maintaining or changing this list in any way. Understand that overtime this list will become outdated with inaccurate information. It should only be used for research purposes only. If you are looking for an updated list of Darknet Markets to avoid we will be adding our own shortly.
We will be uploading a link to the actual Google cache copy shortly. If you are looking for a new community to join now that /r/DarkNetMarkets is offline we suggest checking out Dread [Onion Link].
We take no credit at all for these lists. They were created and maintained by the incredible mods and community of /r/DNMSuperlist and /r/DarknetMarkets.
UPDATE: The side bar now has anchor links that work for navigating this page.
– DarknetMarkets.net Staff
THE WALL OF SHAME – OCTOBER 2017
Reason: Running Windows server (link)
Reason: Scam. Forums went down 5 November 2015 according to DNstats and several months later the wallet may’ve been drained.
Reason: Seized, Operation Onymous. Announced on The Hub; policies based on Secret Laboratory writeup, Hacked mid-May 2014. Shut down after Operation Onymous (seizure notice) without returning any funds.
Reason: Seized during ‘Operation Bayonet’. Coordinated efforts by the FBI, DEA, Dutch National Police and Europol; together they spearheaded one of the most sophisticated disruptions in the DNM community to date. AlphaBay is the largest market in history at the time of the July 4th, 2017 take down. 200,00 users, 40,000 vendors, 350,000 listings and an estimated $1-billion in transactions during the span of the market’s lifetime. Also part of Operation Bayonet, was Hansa Market.
Reason: Scam. Around 22 October 2015, complaints began appearing about administrators not responding & withdrawals failing; former spokesperson says it was an exit scam; went down 2015-10-28 according to DNstats.
Reason: Scam. Posted a fake federal “this site has been seized” during the feds Op Onymous. the take down notice was posted to make it appear the site was seized so they could take everyone’s coin 18/11/2014. Formerly Silk Road 3 – silkroad3wqdnifp.onion; site has no connection to SR1 or SR2. Forums: dvzuhtlteonn6mwd.onion. Andromeda attempted to mask its exit scam as being included in Operation Onymous, but it wasn’t announced as seized by feds. the broken withdrawals & failed attempts to cover up are clear signs it was an exit scam.
Reason: Scam. Judging by comments on Reddit & All Things Vice, Atlantis’s shutdown had initially allowed withdrawals, but disabled it after a few days and then stole the remaining deposits+escrow+vendor-bonds.
Reason: Exit scammed. Active before its Reddit announcement but no apparent sales. Forums: kth2mwuwlkezwziy.onion. BB went down without notice ~18 May 2015, with no communications afterwards; complicating the usual exit-scam story is that none of the bitcoins appear to have moved in weeks and the admin, many months ago, had alluded to serious health issues.
Reason: De-anonymized by Gwern 3 hours after launch, registration emails contained clearnet IP site was hosted on. Shut down February 2014. Also de-anonymized by pentesters proper (link)
Reason: Raided. Seized by Europol and Slovakian Police Force. The server used by the suspect to host the Darknet marketplace was also seized during the raids and is currently being forensically analyzed. Slovak authorities and Europol have extended the investigation into the users and vendors who utilized the marketplace.
Reason: Seized, Operation Onymous
Reason: Scam, Budster did not seem to use genuine multisig and this enabled them to exit scam: Link1, Link2, Link3
Reason: Hacked & de-anonymized, BTC Stolen(link)
CANNABIS ROAD 2 (RE-LAUNCH)
Reason: Was hacked & lost >฿200 from escrow (while multisig was available, very few buyers used it).
CANNABIS ROAD 3
Reason: After CR2 was hacked, developer Crypto disappeared; the remaining staff set up a new marketplace hosted by Alpaca Marketplace. Went down with Alpaca after Operation Onymous
Reason: Hacked multiple times, user db (username and passwords) were dumped publicly. Admin doxxed. There were two admin accounts. 1 for market and 1 for control panel. Market Admin user: pass was admin: Password | Panel user: pass was admincantina:AAAaaa111 Here is the site users list that was posted by the avid:
CLOUD 9 (C9)
Reason: Seized, Operation Onymous
Reason: Diabolus/Crypto Market are two markets run by the same team, apparently on the same server. Crypto Market had an information leak where any attempt to log in as an existing user revealed the status bar of that Diabolus account, listing their current number of orders, number of PMs, and Bitcoin balance, hence giving access to ground-truth estimates of market turnover and revenue. Diabolus, Crypto Market, SR 3.0, Lunacy and Andromeda are all affiliated. According to DNstats.net, Crypto Market was last observed up on 12 February 2017, but there are complaints in January 2017 on Reddit so no hard date for final closure. In any case, the escrow funds apparently were not returned.
Reason: The site leaked its IP address. Shut suddenly sometime in March 2014
Reason: Scam. Disappeared with funds; based on a screenshot of categories, seems to have been almost exclusively drugs.
DARKNET HEROES LEAGUE (DHL)
Reason: Went offline for “maintenance/revamp of site. Exited with user’s money after the discovery of quite a few XSS bugs, a private message leak and their test server IP being exposed on the clearnet.
DIABOLUS MARKET > SILK ROAD 3 RELOADED
Reason: Changed name to Silk Road 3 Reloaded in November 2014 after SR 2.0 was seized. The use of the SR name, logo and branding is strictly forbidden!
DREAM MARKET (PLACE HOLDER)
EAST INDIA COMPANY (EIC)
Reason: Scam. ANN; EU-only. Claims to have lost ฿30 to a hacker in early August 2015. EIC went down ~1-2 January 2016 for a week or so, then a maintenance message, then came back up but withdrawals failed; finally, went down for good 1 February 2016 according to DNstats.
Reason: Exit scam with ฿40,000 March 2015 (link)
FARMER 1 MARKET
Reason: Seized, Op Only mouse, Cannabis focused
Reason: Hacked December 28, 2013 (previously noted to be vulnerable); Launched in December 1, 2013 and had 1,000 users by December 6th. The intent was to provide/guide users of the recently closed BMR to FloMarket. Withdrawals began failing on 1 January 2014 and FloMarket eventually closed on January 6th, 2014. The market was also run via primary school computer, AND the market’s servers were in the basement of his parents house. Flole, the 15 tear-old Admin from Belgium, then launched TorBook two years later and was eventually arrested at the age of 17 while TorBook was up and running. Interview with admin can be found on DDW onion
Reason: Swedish focused market. Seized by the Swedish police, together with Europol and FBI. Part of Op Onymous
Reason: Used a Tor gateway, asking on reddit for developers for their market
Reason: Seized during ‘Operation Bayonet’. Anticipating an influx of AlphaBay refugees after the seizure, law enforcement quiently seized Hansa and turned it into a honeypot, running approximately one month before officially taking it down. LE re-configured Hansa’s multi-sig script to send coin to LE and not the vendor/buyer. LE also exploited the fact, that often vendors and buyers utilize the same username and password combo on multiple platforms (AB->Hansa). This tactic was also used to intimidate the community on Dream Market by infiltrating vendor account and replacing the PGP keys and locking them out of their accounts. However, there is no proof that LE has control of Dream, only that they exploited the same user/pass behavior.
Reason: Penetrated by hack4crack, admins then gave up.
Reason: Security flaws, taken down
Reason: Seized, Operation Onymous
Reason: Does not qualify, obvious incompetence of the market admin (vends on his own market) and snake-oil market description.
Reason: Exit scam.
MIDDLE EARTH MARKETPLACE
Reason: Exit scam. Announced on Reddit. Exit-scammed sometime around October-November 2015; some issues with withdrawals reported in late October, then the site went down for maintenance around 4 November 2015, and coins were definitely being moved by the admins by 6 November 2015 .
Reason: All coin lost. April 2016 according to DNstats & Reddit. Apparent non-movement of market coins has prompted speculation about arrests, but no busts had been announced as of 18 August 2016.
Reason: Absconded with ฿150 after it went dark towards the end of 2016
Reason: Claimed they were hacked, most likely exit scam
Reason: Was hacked by a vendor around January 2015, exploiting an early-finalization bug to scam customers. Went down 27 August 2015 according to DNstats. Disappeared without a trace.
Reason: Hacked (link)
PANDORA OPEN MARKET
Reason: Seized, Operation Onymous. Prior to seizure, market was hacked, vendors were locked out and withdraws were disabled.
Reason: Originally named RoadSilk. Site reportedly began blocking withdrawals ~15 August 2014 while still accepting deposits. The Pirate Market forum shut down several days later.
Reason: The Latvian server de-anonymized by TheRealDeal market admins ~2 June 2015. From the few mentions of it afterwards, Poseidon apparently disabled withdrawals and then disappeared a few months after.
PROJECT BLACK FLAG
Reason: Admin got cold feet and scammed
Reason: Hacked, scam
Reason: One of the largest exit-scams to date, ฿40,000 we stolen. Withdrawals were halted before 29 Nov 2015, but deposits & sales were ongoing. Over the next 12+ months, the reddit community was able to identify the owner of Sheep Marketplace. That owner was recently sentenced to 9 years in prison in 2017. After an attempting to purchase a house with unexplained income (exit scam proceeds), the system flagged his fiancé’s accounts. An expert witness reported that the man’s phone had a configuration file for Sheep Marketplace stored on it. The seized computer contained similarly incriminating pieces of evidence. The two men in the Florida case took off with $4,575,115 in bitcoin. The market owner only grabbed $731,600. A Czech Republic court sentenced the man to nine years in prison for theft, drug distribution, and illegal weapon possession.
SILK ROAD 2.0
Reason: BTC stolen, escrow disabled, Forum moderator Cirrus advises considering SR2 compromised (22 December 2013, ironic inasmuch as Cirrus was the LE undercover agent who undid SR2 and helped with SR1); new operators Defcon/Hux/etc deny it. Defcon announced the cold wallet had been lost to DPR2, but then that it had been restored. SR2 experienced repeated account balance problems, failed to ever implement auto-finalize or dispute resolution (forcing accumulation of orders’ balances), and announced 13 February 2014 that all deposits & escrow had been stolen, followed by another hack in September 2014. Use of SR was not advised. Was raided by Operation Onymous & Defcon arrested.
SILK ROAD 3.1
Reason: Exit scam 7-19-2017, Hacked, IP leaked, owner claims bankruptcy. SR 3.1 claimed someone had compromised the market and took off with the funds. Coincidentally, this exit scam occurred within hours of a Reddit post warning users of a major red flag involving SR 3.1’s Apache server configuration. Two seperate clearnet IPs to their two dedicated SD servers that are ran in France. Second IP is thought to be owned by Lunacy Market. Surprisingly, SR 3.1 was pulling in an average of $15,000 daily up until July of 2017. Recently announced plans to resurrect market again.
SILK ROAD RELOADED
Address: oukryuqqc7ffenin.onion | silkroadreloaded.i2p
Reason: Launched in November 2013 on Tor/i2p, never gained traction. The use of the SR name, logo and branding is strictly forbidden! This is a different market than SR3
Reason: Upon launch in June 2015, the market Simply Bear made the amateur mistake of failing to disable the default Apache /server-status page, which shows information about the server such as what HTML pages are being browsed and the connecting IPs. Being a Tor hidden service, most IPs were localhost connections from the daemon, but I noticed the administrator was logging in from a local IP (the 192.168.1.x range). 4 Non-persistence XSS vulnerabilities discovered, site is easily de-anonymizable. The ever-ready reddit army quickly scared this admin to close by October 2015
Reason: Ignoring customer comms(link). A lethal weapons market, no associated with the Armory forum that was purged from SR1. This was a copy of that concept that never gained traction and could not survive on its own. Admins stopped responding to customers/vendors, ended up ghosting, then shutting down with a small amount of coin.
THE ONION MARKETPLACE (TOM)
Reason: Scam, TOM disappeared without any announcements; Reddit comments report BTC deposits were not returned
THE OPEN ROAD
Reason: Exploits: Duplicated main Admin account, Redirect any user to any URL (Could be a phishing URL or even clearnet), Send authentic admin messages to users, Prompt users with a fake authentication page within the same onion address, asking them to confirm their withdraw pin and in turn sending all of their on-site wallet funds to an address of my choosing.
THE PIRATE MARKET
Address: yjhzeedl5osagmmr.onion | outfor6jwcztwbpd.onion
Reason: Admin MIA, withdrawals disabled
THE REAL DEAL
Address: trdealmgn4uvm42g.onion | forum5cijl4suew6.onion
Reason: Reported to have an info leak on Reddit in late June 2015. This vulnerability allowed any logged-in user to browse each vendor’s order history in detail; yielding the Bitcoin amount, specific buyer listings, and all Bitcoin multisig addresses for each order without any authentication. Of course TRD admin denied that this was any kind of problem. Eventually, multiple staffers were arrested & the site went down for a brief hiatus, but came back up, leading to questions about whether it had been subverted. Last observed by DNstats.net on 22 October 2016.
THE SANCTUARY MARKET
Reason: Hacked, taken down
Reason: Seized, Operation Onymous
Reason: Seized, Operation Onymous
Reason: The 17 year-old admin of the recently defunct Flomarket was also the creator and admin of TorBook, an attempt at a social media style dnm site. Flole, the 15 tear-old Admin from Belgium launched TorBook two years after FloMarket failed and was eventually arrested at the age of 17 while TorBook was up and running. (link). TorBook required JS and also hosted CP as well.
Reason: Exit Scam(link)
Reason: Part of the TorMarket user list was leaked by DPR2 on SR2F; TM also admitted to having several security issues, was also hacked
- First they lost $100,000 due to a hack. Link Here
- Shortly after the hack, they suffered security breach which led to an extortion attempt, then a voluntary take down/exit scam.
- TR Sub Link Here
- DDW onion link here
Reason: Hacked, rooted, admin exposed, ip exposed, directory was actually the admin’s user name. possible market was being run on box locally.
Reason: Seized by police(link)
Reason: Has allowed the following to exist without remediation: Doxing, Selective Scamming, Distribution of phishing links on vendor profiles and Vendor impersonation. Complete lack of customer support. Valhalla admins failed to respond to reddit moderators requests to defend the aforementioned violations. Started as a Finnish only marketplace in October 2013 eventually opened doors to international customer base. Still up as of October 2017 despite its track record.
Address: rabbittorvr74veg.onion | wrmarket.i2p
Reason: Formerly named Rabbit’s Marketplace. Withdrawal has been broken at least since 21 February 2014; no one has claimed withdrawals recently. Problems with payment gateway. IP was found to be leaking.
Reason: Site is no longer reachable, admin u/CoinCloud25 no longer responding to messages. Suffered heavy DDoS attacks in March 2017 but came back. October 2017 DDoS campaign appears to have sealed their fate. Community members have lost money as of October 2017
Reason: Stealing Bitcoin(link)
New category! This is for markets that have shut down quietly, realizing their attempt to grab a market share was unsuccessful, or had made enough profit from their endeavors. They announced their closure, and allowed all users to withdraw funds, and shut down. Nothing special, but they need to be documented.
BLACK MARKET RELOADED (BMR)
THE MARKETPLACE (TMP)
revision by wombat2combat Moderator—
- The Wall of Shame – October 2017
- 1776 Marketplace
- Alpaca Marketplace
- Amazon Dark
- BlackBank Marketplace
- Blackgoblin Market
- BlueSky Marketplace
- Cannabis Road
- Cannabis Road 2 (re-launch)
- Cannabis Road 3
- Cloud 9 (C9)
- Crypto Market
- Darknet Nation
- DarkNet Heroes League (DHL)
- Diabolus Market > Silk Road 3 Reloaded
- Dream Market (Place holder)
- East India Company (EIC)
- Farmer 1 Market
- Freedom Market
- Horizon Market
- Infinite Market
- Middle Earth Marketplace
- Nucleus Marketplace
- Outlaw Market
- Oxygen Marketplace
- Pandora Market
- Pandora Open Market
- Pirate Market
- Project Black Flag
- Python Market
- Sheep Marketplace
- Silk Road 2.0
- Silk Road 3.1
- Silk Road Reloaded
- Simply Bear
- The Armory
- The Onion Marketplace (TOM)
- The Open Road
- The Pirate Market
- The Real Deal
- The Sanctuary Market
- Topix 2
- Tor Bazzar
- Transit Market
- Utopia Marketplace
- Valhalla (Silkkitie)
- White Rabbit
- The Unashamed
1. No personal information
2. No unrelated content
3. Don’t be a dick
4. No direct deals
5. No shilling
6. No referral links or URL shorteners
7. No content related to harm of others
8. Title your posts properly
These are the general guidelines, but ultimately it’s up to moderator discretion. For a detailed version of our rules, see here.
This subreddit is for basic information. Please read the superlist and try to keep banter to a minimum. The moderators do not take any responsibility for content posted here unless distinguished otherwise.
Do your own research, make your own choices. Only you are responsible for what happens to you.
If you have any questions, you can message the moderators using this link here.
Dream Market – many accounts without 2FA compromised, market staff scams, allows vendors to doxx customers and does not ban compromised vendors
Every Market – Use 2FA or they will steal your BTC.
Markets are currently often not available and provide mirror addresses. Make sure that the addresses you use got signed by the official market PGP keys.
Valhalla – One big clusterfuck
If you feel like something should be here please message the mods
Almost anybody can post on this subreddit. You should not implicitly trust anything or anyone. The moderators simply organize the content that gets posted here. Neither Reddit, its affiliates, its employees, or the moderators of this subreddit endorse any of the content on /r/DNMSuperlist or any related subreddits, in any capacity whatsoever, and said content is not a reflection of any person’s opinions, beliefs or activities.
To check if a market is down: dnstats.net (onion link)