DeepDotWeb – a Major Gateway to Darknet Marketplaces Shut Down

“single most significant law enforcement disruption of the Darknet to date”

DeepDotWeb administrators led hundreds of thousands of users to DarkNet marketplaces

In an indictment dated April 24th and announced publicly on May 8th, the Department of Justice charged  Tal Prihar, 37, an Israeli citizen residing in Brazil, and Michael Phan, 34, an Israeli citizen residing in Israel, with one count of money laundering based on a number of underlying (predicate) criminal acts. The Government also seized the website, (DDW).

From October 2013 through April 2019, Prihar and Phan ran a “gateway” service that made it easy for people to access DarkNet marketplaces. In return, they received “Referral Bonuses” from the marketplaces, based on a percentage of purchases made by those they referred. In total, they received ~8,155 bitcoin worth $8.1 million (based on the value at the time of each transaction) in 40,000 deposits or transactions. They then made 2,700 withdrawals from their wallet (from at least three exchanges – OKCoin, Kraken, and BitPay – based on the forfeiture allegations) valued at $15.5 million, and converted bitcoin to fiat currency in accounts in at least three banks – Baltikums Bank in Latvia, First International Bank of Israel in Israel, and TBC Bank in Georgia (also based on the forfeiture allegations).

According to the DOJ press release –

“According to the indictment unsealed today, these defendants allegedly made millions of dollars by providing a gateway to illegal Darknet marketplaces, allowing hundreds of thousands of users to buy fentanyl, hacking tools, stolen credit cards, and other contraband,” said Assistant Attorney General Benczkowski. “This is the single most significant law enforcement disruption of the Darknet to date,” said U.S. Attorney Scott W. Brady.  “While there have been successful prosecutions of various Darknet marketplaces, this prosecution is the first to attack the infrastructure supporting the Darknet itself.”

How did the Darknet gateway work?

Darknet marketplaces operated on the “Tor” network, a computer network designed to facilitate anonymous communication over the Internet.  Because of Tor’s structure, a user who wanted to visit a particular Darknet marketplace needed to know the site’s exact .onion address. Prihar and Phan provided a service to make it easier for people to access the Darknet marketplaces. They (allegedly) owned and operated DDW, hosted at and also accessible on the Darknet at DeepDot35Wveyd5.onion. DDW provided users with direct access to numerous online Darknet marketplaces, including AlphaBay, Hansa Market, and the recently shut-down Wall Street Market (by design, Darknet marketplaces are not accessible through traditional search engines). DDW simplified this process by including pages of hyperlinks to various Darknet marketplaces’ .onion addresses.

Users who visited DDW were able to click on the hyperlinks to navigate directly to the Darknet marketplaces.  Embedded in these links were unique account identifiers, which enabled the individual marketplaces to pay what they referred to as “Referral Bonuses,” to DDW. Through the use of the referral links, DDW received kickbacks from Darknet marketplaces every time a purchaser used DDW to buy illegal narcotics or other illegal goods on the marketplace.

These kickback payments were made in virtual currency, such as bitcoin, and paid into a DDW-controlled bitcoin “wallet.” To conceal and disguise the nature and source of the illegal proceeds, totaling over $15 million, Prihar and Phan transferred their illegal kickback payments from their DDW bitcoin wallet to other bitcoin accounts and to bank accounts in Latvia, Israel, and Georgia they controlled in the names of shell companies.

AlphaBay DarkNet Marketplace

AlphaBay was shut down by the DOJ on July 20, 2017. Its administrator, Alexandre Cazes, was indicted in the Eastern District of California (EDCA 17CR00144). According to that indictment, AlphaBay had 40,000 vendors and 200,000 users. According to the Prihar and Phan indictment, approximately 23.6 percent of all orders completed on AlphaBay were associated with an account created through a DDW referral link, and Prihar and Phan received 3,273 Bitcoin in referral fees or kickbacks.

An inter-agency and international effort

This is another example of the good work being done by the FBI’s Hi-Tech Organized Crime Unit and a multi-agency Joint Criminal Opioid and Darknet Enforcement (J-CODE) Team made up of agents and analysts from the FBI, DEA, US Postal Inspection Service (USPIS), U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI), Department of Defense (DOD), and FinCEN.  International partners included French authorities, Brazilian Federal Police Cyber Division, Israeli National Police, Dutch National Police, Europol Darkweb Team, German Federal Criminal Police (the Bundeskriminalamt), Polizeidirektion Zwickau and Saxon Police in Germany and law enforcement authorities in the United Kingdom.

As the US Attorney reminds us … an indictment contains only allegations.  A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.