Operation Bayonet

Federal law in the US says marijuana is illegal for any purpose, in all states. Yet 20% of the US states have flat out legalized marijuana. This means the US government finds it’s offensive but the state government finds it ok. Some states have determined it’s better to legalize it for numerous reasons. It’s used to treat some medical conditions, relax after a bad day, and reduces some crime rates when legalized. In these states where it’s legal, there are nice clean shops where you walk in, get greeted by a nice clerk, browse what you want, buy it and go. Much like buying candy in a quick mart. But what if you’re in a state where it’s not legal, for any reason. And you may need it to help with a medical condition. But acquiring weed in these states is illegal which makes it very frustrating to get. You need to go to the shady corners of the shady parts of town to find a guy selling not just weed, but tons of other hard drugs. And it’s sometimes high pressure, where you feel guilty checking the weight or scared to go into certain houses. These situations are stressful and sometimes scary. But there’s a better alternative. Buy your weed online. Fire up a VPN, connect to Tor, get some bitcoin, and shop for drugs on a dark market. These are websites that sort of resemble eBay but for illegal goods. You can search for weed by looking for good prices, fast shipping speeds, and sellers with high ratings. There’s no high pressure situation, no violence, and seems safe. The perfect solution right? This is the story about Alphabay, the most popular dark market to ever exist. I would love to interview the guy who created Alphabay, but I can’t. Because he’s dead.

The Actual Darknet

It’s about time I do an episode about the actual darknet isn’t it? I chose the name Darknet Diaries because I really like the word darknet. I just imagine it to be all the shady parts of the internet where rogue stuff is going on. Not necessarily any part of the internet in particular, but anything that someone doesn’t want a light shining on it. But actually, there is a thing called the darknet. It’s kind of debatable but the way I understand it is it’s a hidden, anonymized, network on the Internet. Picture going into a club, and upon entering, everyone has to wear the same mask and suit and you can’t tell anyone apart. When you connect to the darknet you become anonymous. At least that’s the theory.

There are a few darknets out there. Freenet and I2P but the most popular one is Tor, which stands for the onion router. Using a special kind of software you connect your computer to the tor network and your become anonymous. Normally when you visit a website it knows your IP address which can be associated with where you are in the world. But when you connect to Tor, you get the IP of the computer you connected to. Which might be hundreds or thousands of miles away. This masks where you actually are. If you want to be extra safe, it’s wise to also use a VPN before connecting to tor so that even if tor or the VPN servers were compromised, neither of them would know exactly where you came from and where you went. They’d only be able to see one or the other.

People use tor for lots of great things. I use tor whenever I do research for episodes because I stick my nose in a lot of places and I don’t want my connections to be tracked back to me. As you can imagine I research some dark and shady stuff. Countries with government oppression end up with a lot of people using tor to get around censorship and to get their voices heard. Whistleblowers will often use tor to hide their identity. And people who are concerned with mass surveillance may use tor to escape being tracked. It’s an invaluable tool for people who want to share a message but are concerned with facing punishment for speaking up.

When you get on tor, you can then visit any website, both on the darknet and regular internet and your location is masked. But there’s something else tor has too. There’s the deep web which are all the website that are only available to those people on tor. The sites that are only on the tor network always end in .onion instead of .com or .net.

Darknet Markets

And since this is theoretically an anonymous network, it’s often used for illegal activity. If you browse around to see what websites are available on tor, you’ll find sites offering illegal services, sites wanting to trade software or music illegally, blogs about how to create counterfeit money or do criminal hacking. But the most popular type of site on the tor network are drug marketplaces. These are sites just like eBay where you can buy or sell items on it and see sellers rank to help you decide if you would trust them or not. This peer review method works pretty well. Buyers will find someone with a high rating, buy a little to see if it’s legit, and if it works out, then they’ve just found a new favorite dealer to buy drugs from. Once all set up, the process is rather quite simple and convenient. But setting yourself up to properly be safe takes a long time to do it right. You need to buy some bitcoin, get a vpn service, connect to tor, set up PGP, create separate email addresses and aliases in case they get found out, it won’t link back to your work email or something stupid. And yes there are many people who register on these dark market sites with their work email address. It’s insane.

Probably the most notable of these dark markets is Silk Road. The story of Silk Road is incredibly interesting. But that story has been covered in detailed already. If you’re interested in it, check out the book American Kingpin by Nick Bilton or the podcast Casefile episode 76. I don’t think this ruins the story for you, but the reason why it’s so famous is because the feds tracked and captured the guy who ran it, Ross Ulbricht. And when he was captured, he got LIFE in prison without the possibility of parole. The guy is never ever getting out of prison, all because he created a website that lets people buy and sell illegal items. He got life in prison because he was running the biggest illegal marketplace on the planet. No street gang could ever come close to moving the amount of stuff that was being bought and sold on Silk Road. And because of this, the US government came down hard on him, placing him in prison for life and shutting down Silk Road in Oct 2013.

But quickly the other site moderators for Silk Road opened a new dark market called Silk Road 2. And within a year the feds caught up with them too and shut that site down as well. See the US federal authorities have declared a war on drugs, and these dark markets really attract their attention. They spend a lot of time and energy going after anyone who makes these sites. But that doesn’t stop people from making new dark markets. The same month Silk Road 2 was shut down, a new site sprang up on tor, called Alphabay. In Nov 2014, Alphabay opened its doors and people started using it to buy and sell drugs.

The biggest dark market at that time was called Evolution. When Silk Road went down a lot of buyers and sellers switched over to evolution to do their trading. This made Evolution super popular as users need a new place to buy drugs. Evolution was selling tons of illegal items but primarily they sold drugs. And was using an escrow service to do these transactions. The money was kept at Evolution until the transaction was complete then it was released. It was the dominant player in the space and was growing in size. People were really liking the site and had high ratings. The site was looking strong and holding steady as the leader. But in Mar 2015, Evolution went offline. This time it wasn’t because of feds. It is believed that the whoever was running Evolution, shut the doors and took everyone’s bitcoin that was held on the site. This was around $12 million dollars. People were furious that the site owner would do this and some people were claiming they lost over $20,000 which was being held on Evolutions servers.

When Evolution went down, Alphabay’s numbers soared. In the next 3 days Alphabay saw 18,000 new users. 7,000 new forum posts, and $300,000 in trading volume per day. And once people started using Alphabay they loved it. The sites popularity rose quickly. Within a year they had 200,000 registered members. The biggest dark market at that time was Agora, but then Agora announced they would be pausing operations and asked everyone to withdraw their bitcoin and stop using the site. This again gave Alphabay a serious bump in new users, new listings, and more trades. Because of all this, within 2 years, Alphabay had over 400,000 users and was the biggest dark market in the world. In fact it was the biggest dark market the world had ever seen, having more listings than anyone before that.


Alphabay was the go to place to buy or sell drugs online. The site’s administrators were friendly and helpful to users who wanted to learn how to use bitcoin or PGP to encrypt their chats. The user interface was easy to navigate and friendly. And the quality of stuff for sale was great. On any day of the week you could buy marijuana, LSD, mushrooms, meth, cocaine, fentanyl, and heroin. But besides drugs the site sold other illegal things. Counterfeit driver’s licenses and passports. Weapons. Stolen credit card numbers. Tools used for skimming credit card numbers with. And counterfeit money making machines. But despite all these options, the drugs are what sold the most on the site.

To buy on this site you couldn’t use your credit card or paypal. Only bitcoin, monero, and Ethereum were accepted. These are crypto currencies that are also theoretically anonymous where you don’t know who you’re sending money to. You simply need a wallet ID to send money to, and a key to access your own wallet.

Alphabay would charge a 2-4% commission per every transaction that went on there. And with hundreds of thousands of transactions happening, Alphabay was making some serious bitcoin. The site owner was able to hire some staff to help keep the place operational, and continued to add new features and fix any bugs.

But a site like this will attract a lot of enemies. Law enforcement agencies around the world started looking to stop the sale and distribution of illegal items. Being the top dark market place in the world attracts the eyes and ears of many gov agencies. Cases and investigations started opening up in the US, Canada, UK, Netherlands, and Germany. They tried looking to see if any clues could be found as to who was running the site. But everywhere they looked they found nothing. Whoever was administering the site was very good at keeping the server’s location secret and the owner’s identity hidden. All chats were encrypted, the site owner used aliases that weren’t used anywhere else, and encrypted and anonymized all connections to the servers. For years, federal law enforcement weren’t able to find any clues which could lead them to shutting down the site. The US has a war on drugs and dedicates a lot of time and money towards stopping drug dealers and the buying of drugs. They like to go after big operations which will make the most impact to the drug scene and Alphabay was by far the biggest.

Whoever was operating Alphabay knew this was highly illegal and had to hide. They had to be extremely careful because not only would police be looking for them, but other drug dealers would be too. Alphabay had many competing drug market places. Market places that also had services available for hit men and hackers. It may be entirely possible that an owner from another dark market wanted Alphabay gone and had all the resources to try to track them down and put an end to Alphabay. But besides other dark markets, regular street gangs were sometimes hit economically because of the rise in online drug markets. So some of them were also angry with the popularity of Alphabay which meant they were having a harder time finding buyers and weren’t able to figure out how to sell their stash online. So the admins to the site had to make sure their identity, location, and the server’s identity were all kept very secret from all these enemies. And to top it all off, being on the darknet where black hat hackers like to dwell and know this is a very lucrative business, Alphabay probably got a fair share of hacking attempts waged against it all the time. There was always someone digging around the site looking for anything that may give away some information to figure out who was running it. At one point someone interviewed the administrator for Alphabay asking if they think they’re afraid of getting caught. Their response “I am not. I am absolutely certain that my opsec is secure, and I live in an offshore country where I am safe.”

The United States FBI really wanted to catch them though and put an end to this market though and began digging deeper. They had nothing to go on so the FBI went onto Alphabay and started buying drugs. An undercover agent with the FBI created a user account and used some bitcoin to buy some marijuana. A few days later they got the weed in the mail. No clues found. Not even any information on the person who was selling it. Just that it was shipped from California. Then the FBI bought another drug. This time heroin. Again this offered no clues as to who was running the site. The FBI continued buying item after item on Alphabay in hopes to eventually spot something and get more evidence on what this place was doing. The FBI bought more heroin, and fentynal, more marijuana, some meth (over 50 grams of it). Then the FBI went on to purchase other things. They bought 4 fake driver’s licenses. They bought a credit card skimmer that fits on an ATM, and more. The FBI was gathering more and more evidence for their cases, also working with other law enforcement around the world to share information about this case.

And eventually the FBI spotted something. When an undercover agent created a new user account at Alphabay he received a welcome email, and examined it closely. He looked at the headers of the email and in there was a reply-to email address that was unusual. The reply to email in the header was [email protected] The FBI was able to take this email address and go to Microsoft, the owners of hotmail, to request information on who owns that address. That email address was found to be associated to a Linked In account for a guy named Alexandre Cazès who was born in 1991. This matched the 91 in the email address. His linked in profile explained he’s from Montreal Canada and runs a computer tech support company called EBX technologies. The FBI began investigating deeper into Alexandre Cazès. Now with a name they really begin their investigation.


Alphabay wasn’t the only dark market going around. There were many and another one that was gaining in popularity was called Hansa. It had a little better user interface and the admins gave good customer support. Same thing was being sold on Hansa, guns, IDs, counterfeiting devices, and of course drugs. Even though Hansa was much smaller than Alphabay it too attracted the attention of law enforcement. Countries around the world wanted to stop Hansa from being a trading place for illegal items.

All of the Hansa servers were located on the anonymized tor network but there was one development server that was located on the regular internet. But a security researcher found one Hansa server that wasn’t on Tor, it was on the regular internet. It was just a development server where the admins could test new features. They reported this information to the Netherlands National High Tech Crime Unit. This is the department that investigates high profile cyber crime cases such as this. They took this tip, and tracked the IP down to a datacenter located within Netherlands. They contacted the datacenter that was hosting the server. The Dutch government was able to put a sort of wire tap on the server to watch all packets in and out of the server. From there they found this server was talking a lot with the live Hansa server which was on Tor. The production server was in the same datacenter as the development one. And from there, the Dutch government was able to make hard drive copies of a few of the Hansa servers both in development and production. They did this without causing any kind of network outage on the site by working directly with the datacenter.

The Dutch High Tech Crimes Unit combed through the contents of the hard drives. Their goal was to find who the admins were to this site. They saw the admins connecting to the site, but the connections were anonymized through tor. So they weren’t able to determine where these people were from. And all the logins for admins were aliases. Of course the owners of the site wouldn’t use their real names to login with. At some point, the authorities found chat logs on this server. As they looked into it, they found these chat logs went back years and years. Inside the logs were conversations between the admins on the site. But the Dutch couldn’t read the conversations. Not because it was encrypted, but because the conversations were in German. So the Dutch authorities had to get a German translator to help decipher the chats and read through these logs. A lot of it was talking about the site, such as resolving disputes, doing maintenance, and adding new features. But as they read deeper into the chat logs, they found the real names of both admins to the site. And further in the logs was the home address for one of the admins. The Dutch government had the names and possible location of the two men who were running the moderately big Hansa dark market. But a new problem was encountered. The home address of the admin was in Germany.

When the Dutch government contacted Germany to request their arrest and extradition, the German government explained they are already tracking those two guys. The same two guys who were running the Hansa dark market had previously created an online site to buy and sell pirated ebooks and audiobooks. The german police were trying to find the location of these guys and arrest them. The Dutch and German authorities began hatching a new plan. They joined forces to capture these two guys under the existing German case, and then the Dutch government would take over Hansa. This way Germany gets their suspects and Netherlands gets control of Hansa to potentially catch more drug dealers. The plan was to gather enough evidence to arrest the two men at the same time while they were logged in as admins to the site so they could take it over.

But just as they were collecting more evidence against the two German admins, the Dutch server went offline. The Hansa admins saw a copy was made of the hard drives which freaked them out, so they moved the server to another location. And once again the location of the server became anonymized over tor and the authorities had no idea where it was and therefore couldn’t take it over. So they went back to looking over what they had and trying to find where they moved the server to.

Months and months go by without any new clues as to where the server had gone to.

In the chat logs were a few bitcoin addresses. The Dutch authorities were watching these addresses to see what was being sent in and out of those wallets. While bitcoin is in fact anonymous, at some point you may want to exchange your bitcoin for cash. And you need to do that at a bitcoin exchange, which is usually audited and licensed. The authorities saw one of the bitcoin addresses sent money to the exchange in an attempt to move some money. And this was a lucky break, because the exchange they sent the money to was in the Netherlands. So the Dutch High Tech Crimes Unit went to the exchange to request any additional information on where that money was sent to. The bitcoin exchange released the information and the Dutch authorities discovered the bitcoin was sent to a server in Lithuania. With the help of the Lithuanian government, they were able to track down the exact location of that server. The Dutch, German, and Lithuanian government agencies had everything they needed to arrest the admins and take over Hansa.

Operation Bayonet

But, at this point the FBI in the US notified the Dutch authorities they had discovered who was behind Alphabay and the location of the server. They were informing the Dutch they would be conducting a raid on the datacenter and arrest of the owner. But the Dutch said hold on. The authorities for Germany, Dutch, and the FBI collaborated on a plan. Because the Dutch and German authorities were about to take over Hansa, they wanted to get control of Hansa before Alphabay were to be taken down. The theory was that as soon as Alphabay went down, the users would flock to Hansa to continue to buy and sell illegal items. And if the Dutch government was controlling Hansa, they could collect a lot of information on the users of the site and potentially arresting a lot of dealers in the process. The FBI agreed to this plan and decided to call it: operation bayonet. Bayonet was a play on a few words. Bay comes from Alphabay. Net comes from dark net or internet. And it would also signify piercing the dark marketplace. The authorities believed that with the takedown of Alphabay and the government controlled hansa, after all this was over it would destroy trust in any dark market for a long time. Potentially crippling the whole online trade of illegal items. Operation bayonet was a go.

Hansa Takeover

The next steps were for the take over of Hansa. The Dutch authorities worked with Lithuania and Germany to conduct a raid of the datacenter and arrest of the two men simultaneously. Lithuania agreed to the plan and two Dutch authorities went to the datacenter to prepare for the takeover. On June 20th 2017 the plan sprang into action. The Dutch police raided the datacenter, and the German police with a very precise and careful method, raided the homes of both of the admins for the Hansa dark market. It’s not clear how this was done but the German police probably watched what the admins were doing, verified they were on their computers, and then created a disturbance to get the men away from their computers while it was still on. This had to be a very careful operation. But the German police succeeded on both raids. They arrested both admins to the site while their laptops were open and unlocked. The German police gave the signal to the Dutch authorities who then quickly migrated the entire Hansa server to the Netherlands and under their control. The German police simply filed the reports as two guys caught pirating ebooks and audiobooks, which meant all the users on Hansa’s site were oblivious to the takedown and moving of the servers.

While in jail the two men gave up all the passwords and credentials needed to access all parts of the site. The site had 4 moderators on it and even they didn’t now a takeover had occurred. This was a huge success for the Dutch and German authorities.

Now that Europe’s most popular dark market is under Dutch government control, they began turning the site into a mass surveillance station. See these dark markets have a lot of dealers. Dealers who are selling massive amounts of meth, cocaine, heroin, weapons, and other illegal items. The authorities wanted to collect as much evidence they could on these dealers so they could potentially stop them from selling any more.

They first rewrote the code to log all users passwords in clear text. This way they could attempt to reuse those logins to other dark markets or websites. They found a way to read and log all communication between buyer and seller while keeping it encrypted. This would reveal the home addresses of many buyers. The site had previously stripped out all metadata from every picture uploaded. These would be pictures of the illegal items for sale. But the authorities were able to strip the metadata off these photos and save it before it was posted. This would reveal the date, time, camera that was used to take the photo, and sometimes geolocation of where the photo was taken. Once that was in place, the Dutch police staged a fake server glitch which “accidentally” removed all photos on the site, forcing sellers to reupload their photos. This provided authorities with numerous sellers locations.

By this time Hansa had over 70,000 listings on its site at any given time, so this was a lot of information for authorities to process.

Amazingly enough, the police also tricked users on the site to download a homing beacon. They claimed this file was a backup encryption key to access their bitcoins if the site were to go down. When people downloaded it and opened it, it would run a script that would try to connect to a URL revealing that person’s real IP address. This could give authorities even more clues on where someone was located.

And during this whole time, the Dutch police continued to impersonate the two admins who were previously running the site. Responding to other moderators, handling any site complaints from users, and actually doing a really good job with customer support. The users seemed very happy with the level of customer support they were getting from the site. The dutch authorities continued to let all items be bought and sold except for one. They banned the sale of Fentynal on the site. This is similar to heroin but is more dangerous and contributed to numerous overdoses according to authorities.

At this point the trap was set, the Dutch police had set up a honey pot. Using a very popular drug marketplace to attract criminals to conduct crimes right under their watchful eye. They were collecting tons of information and were ready for the FBI to conduct the next step in operation bayonet.

Alphabay arrest

The FBI was ready for action. They tracked down the owner of Alphabay to be Alexandre Cazès who was living in Thailand. They also tracked down the location of the servers to be in Montreal Canada. So the FBI coordinated with Canada and Thailand to do a simultaneous raid on the datacenter and Alexandres house.

Again the goal was to arrest Alexandre while he was logged into his computer so the authorities would have proof he was the admin for the site. On July 5 2017 the authorities for Canada, Thailand and the FBI sprang into action. The Canadian police raided the datacenter and started taking the server offline. The Thai police found went to Alexandres fancy and expensive villa. They used an unmarked car to stage a fake accident in front of his house. While a plain clothes cop was attempting to turn his car around he smashed into the front gate at Alexandre’s house, on purpose but made it look like it was on accident. This created a disturbance outside. Plain clothes cops acting like neighbors started yelling. But no sign of Alexandre. They knew he was home but he just wasn’t coming outside. They continued yelling and trying to turn the car around and making more ruckus in his driveway. After what seemed like an eternity for the police he came down the stairs to see what was going on. He came out with his cell phone in his hand, wearing a pair of blue shorts, and sneakers. He had no shirt on. He came to the front of his driveway to inspect the smashed gate while the plain clothes cops posing as neighbors surrounded him. He was confused and mad about the gate. The signal was given and all the cops came after him. Alexandre ran, but not far. The cops immediately grabbed him and wrestled him into a pair of handcuffs. Alexandres phone was quickly taken from him and kept open so it wouldn’t become locked. The Thai police ran inside and found his computer open and logged into the Alphabay server as admin.

He had been trying to figure out why the servers in Montreal were going down. When the Royal Thai police and FBI examined his computer they found a text file with all the passwords for the Alphabay site. This would be enough to convict him of being the owner of the largest dark market in the world.

The raid on the Montreal datacenter was also a success, and the FBI was able to seize his servers and take them offline immediately. The capture of Alexandre Cazès remained quiet. The FBI did not announce they have taken Alphabay offline. This caused a flurry of angry Alphabay users who immediately thought this was an exit strategy. Just like how the admins to Evolution had simply closed up and took everyone’s bitcoin, after days of Alphabay being offline people suspected the site owner had stolen all their bitcoin too.

Alexandre Cazès was taken to a Thai jail where he would wait to be extradited to the US. They found that Alexandre was married to a Thai woman in her early 20s. He had been living in Thailand for the last 8 years, and Alphabay was only 2 years old. Alexandre in my opinion looks like an average computer techie. He’s a 26 year old white guy who grew up in Montreal Canada. I found pictures of him. He looks a little like a young Elon Musk. His hair is always a little out of place, and he seems to slightly under dress. Not muscular, not extra fit, but not overweight either. He had a traditional Thai wedding. And his groomsmen all look Thai too. I’m not sure if this means he only had Thai friends, or if he simply lived a very private life. His wife looks kind and generous and happy in the photos. From just her appearances she looks like someone who is simple and a good caretaker. She doesn’t dress flashy or extra sexy or seem to be high maintenance. Just looks like a caring and sweet girl. When the police questioned her, she said her job was a researcher at an academic institution. Which fits for her appearance. She is likely very close to her parents and down to earth. Neither Alexandre or his wife look like kingpins for the worlds biggest drug marketplace.

The US filed a civil forfeiture complaint against Alexandre and his wife. While conducting their seizures they found Alexandre had kept a meticulous journal of all of his assets. This made it easy for the FBI to go collect all of Alexandre’s assets. Here is what the FBI seized:

  • 10 vehicles including
  • A lambourghini purchased at $900,000
  • A mini cooper his wife drove
  • A BMW motorcycle
  • And a Porshe Panamera

Numerous pieces of real estate including his primary luxurious villa in Thailand and he bought the house next store for his wife’s parents. He also was building a new luxury villa in Bangkok. He had a vacation homes in Phuket, Antigua, and Cyprus. His home in Cyprus cost 2.3 million because you can become a resident of Cyprus if you own 2 mil in real estate, which he was trying to become a resident of. He also paid Antigua $400,000 to become a resident there.

He had 3 Thai Bank accounts, one Swiss bank account, and one bank account in St. Vincent in the Grenadines. He was also holding large amounts of cryptocurrencies including Bitcoin, Ethereum, Monero, and Zcash. Between his bank accounts and crypto currencies the FBI seized $8.8 million.

On top of all that the FBI seized all the bitcoin, Monero, and Ethereum that were on the Alphabay server at that was seized in Montreal.

When Alphabay was seized it had 250,000 active listings with over 400,000 registered users. To put this in perspective, silk road had only active 13,000 listings when it was shut down. So you could say Alphabay was almost 20x bigger than silk road in terms of active listings. Alexandre was charging a 2-4% commission on every transaction. The logs showed that over 839,000 bitcoins were transferred through Alphabay totaling around $450 million in transactions. The feds estimated his commission for all this was somewhere between $9 to $18 million dollars. According to Alexandre’s notes, he claimed to have a self net worth of $23 million.

This kind of cash is what I expect a kingpin like this to have. Because he knew full well what he was getting himself into when he started this. It’s risky. Extremely risky business. He knew his life would be in danger and he had to be absolutely perfect at not being caught every step of the way. So to take that ride with the devil, it better be worth it. And millions of dollars seemed to make it worth it for Alexandre.

And again looking at his photos and his wife, he simply isn’t your stereotypical millionaire drug lord. She looks like the girl next door and he looks a little dorky. Even when he wears a suit, and poses in front of his Lamborghini, he seems out of place in the suit. I dunno, maybe I should start changing how I perceive big time drug kingpins.

A Montreal Canadian news outlet would later interview Alexandre’s father who said Alexander was so kind and caring he wouldn’t even hurt a fly. He never had a criminal record, never smoked, and never did drugs. He was very smart and even skipped a whole year in school because he did so well. And according to his father, his wife was 8 months pregnant.

Alexandre knew everything was being seized and his wife was being questioned. He was concerned about her parents house being seized away from them. He also knew very well that Ross Ulbricht, the guy who was caught running silk road, received life in prison without the possibility of parole. Alexandre was scared. Really scared. And felt like he had no options. The world was simply closing in all around him and he didn’t want to face any of it. So on July 12, after sitting in the thai jail for 7 days, Alexandre wrapped a towel around his neck, twisted it tight and tied it in a knot, and committed suicide.

The next morning the Thai police found him dead in his jail cell. This hit the news in Thialand. And at this point the Wall Street Journal broke the story for the rest of the world that Alphabay was seized by the feds and the owner of the site was dead. This sent the users of the dark markets into a panic. People were freaked out that the feds had taken over Alphabay. And numerous conspiracy theories started springing up about his death. Was he murdered by the real site owner? Was he murdered by the feds? Why did he commit suicide? Darknet forums were a buzz with chatter about this event.

Hansa shutdown

Once Alphabay shut down, just like according to plan, a ton of new users started registering at the dutch government controlled Hansa dark market. Over 5,000 new users a day were registering at the site, which is a massive jump from the normal 600 new users a day. In fact the number of new users were so high it broke the registration system and the dutch police had to spend a few days getting it back online.

Under Dutch law, they were required to track and report every sale on the site. About 1,000 transactions a day were being conducted on Hansa and this was becoming too much paperwork for the Dutch authorities to manage.

After the Dutch government had ran Hansa for 27 days and collected information on 27,000 transactions, they pulled the plug on the server shutting the whole operation down. Immediately the Dutch authorities placed a banner on the site saying the Hansa hidden site has been seized by the Dutch national police. At the same time Alphabay’s site started displaying it has been seized by the FBI.

The news of both sites being controlled by government agencies shattered trust in many dark market buyers and sellers and it sent the whole community into chaos.

Two days after Hansa was shut down US Attorney General Jeff Sessions made a press statement.

“Today the dept of justice the takedown of the dark market Alphabay. The darknet is not a place to hide.”


For the FBI, they were able to gather evidence to go after some moderators of Alphabay and capture and arrest them. For the Dutch police they collected information on over 420,000 users and collected 10,000 home addresses. They turned this information over to Europol to further take action. They seized about $12 million worth of bitcoin that was on the Hansa server at the time of shutdown. And they arrested over a dozen dealers that were located in the Netherlands. They also claimed to have conducted over 50 knock and talks, where the police would visit someone known to have been a big buyer or seller. The FBI and Dutch police continue to this day to go through the data they collected to track down anyone they got information on.

When both Alphabay and Hansa went down and then people discovered it was taken over by feds, this really rattled the dark market communities. After Hansa there wasn’t a mass migration to another site. Users scattered. They went back to the streets or simply gave up on it for a while. The feds have not only infiltrated the darknet but they have infiltrated the minds of the people on the darknet. Immediately after these takedowns, people were much more cautions. Some were panicking. They weren’t using good operation security and reused passwords, put in their home address, and were sloppy with privacy. It certainly made a dramatic short term impact on the dark market trading scene. After all, this was the most elaborate and coordinated sting ever conducted on the darknet. But the long term impact is yet to be seen. Today new dark markets are gaining in size. Such as Dream market and Wall Street. But users of those site should be aware of the history of dark markets. You never know if the feds are selling or buying drugs on there, or controlling the site outright. And you can never guess as to when a owner of the site may just decide to shut the site down and steal everyone’s bitcoin.

But here’s what I take away from this story. The only way the feds were able to catch anyone was because of that person’s poor personal security. Alexandre was only discovered because he accidentally put his personal email address in for the reply-to of the welcome email which directly connected to his linkedIn profile. The german Hansa guys only got caught because they put their real names and addresses in the chat logs on their server. The big time sellers that the dutch caught were only discovered because they didn’t scrub out meta data from photos, and didn’t cover their tracks properly. The feds caught all of these people because these people slacked off just a tiny bit on their own security. Not because there was some super secret way to track who owns a bitcoin wallet or who is on tor. Jeff Sessions says the darknet is not a place to hide, but it clearly is if the right precautions are made. With all the effort, and time, and money put into trying to take down Alphabay, the feds would have used a more scary method to track down these guys if they had scary ways to do it. But they had to wait and watch for years to spot a mess-up in operational security. Now it’s probably true that you’ll never shake the feds from trying to track you if you run the largest dark market in the world, and they’ll probably catch you eventually, but maybe you make enough money to give the site to someone else and then disappear completely. Alexandre had $20 mil in assets. I wonder how much more he needed before he could just disconnect from it all change his name and live a happy life with his wife in Antigua. If you do want to be anonymous, and conduct massively illegal activities online, you still can. But it takes a lot of time and effort to become that safe. You need to exercise all the options you can to stay anonymous. Here’s a starter pack: use tor, use a VPN, take advantage of bitcoin tumblers, use PGP and encrypted chats, use fake personas, don’t ship anything to your actual house, strip out meta data from photos, and use a separate computer to do all this on. Because if you take all these steps to be anonymous, and then you just log into Facebook, if someone was tracking your anonymous persona, they now know you own that Facebook account and can link it back to you. So when you set all this up, keep it separated from everything that’s connected to your real person and don’t tell anyone about it.

Another thing this story proves to me is that there’s a massive worldwide demand for illegal items. And when there’s a demand this large, there will always be people willing to risk their lives and take the forbidden ride to build a dark market and cash in on the demand.


Audio processing done by Sono Sanctus.

Theme music for this show was created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp.

Additional music by Epidemic Sound.

“Monkeys Spinning Monkeys” by Kevin MacLeod Licensed under Creative Commons: By Attribution 3.0 License.