The Outlaw Dark Web market has shut down this week under mysterious circumstances, and while admins said the site closed down after a hack, many believe this was just another exit scam.
Outlaw was a veteran of the Dark Web marketplaces, founded way back in 2013. The site was never the most popular destination for online criminals but had a steady following.
The market's reputation flourished after the death of Silk Road and after competitors never managed to survive past a few months.
The marketplace sold all your regular Dark Web illegal products, from drugs to weapons, and from data dumps to stolen electronics. One of the site's unique features was something called "dead drop," where clients had the option to pick up products from sellers or predetermined spots.
Outlaw's presence on the Dark Web ended this week. Earlier this week, the website went down, and a message was plastered on its homepage that read:
This website has been hacked, the wallet stolen. it’s over. goodbye outlaw market…
According to a service that scans the Dark Web, the market was last seen online on Tuesday, May 16. On Friday, one of the site's lower-level admins published a message on Pastebin and Reddit with more details about what happened. The message's text is reproduced below, without the two PGP keys.
Hi all As many of you have seen or heard, OUTLAW was recently hacked. Many of you will think that 'the admins ran off with the coins', something I personally think is absolutely not the case. We were always as honest as possible, however apparently it couldn't last. I myself haven't been in contact with the main admins after the site got taken down, so I do not know any specifics. Unfortunately they are very hard (read: impossible) to reach outside the market. For those of you who lost funds, we apologize. Our new TLCE system paid funds out almost as FE, so that might have reduced the amount of funds that were kept on our site. If you set up auto-payout, customers shouldn't have had any funds on the site either. I'm not sure whether EVERYTHING was stolen, and if not, how the admins would be planning on refunding. If anyone stored the OUTLAW BitMessage addresses, please inform me! I guess now's your time to ask questions on how things really went down behind the scenes... Kind regards
The message doesn't elaborate how the hack happened. Furthermore, because this message wasn't published by the site's top admins, many believed this was just another exit scam — a scheme often encountered on Dark Web markets where admins close down the site and leave with the Bitcoin stored in customer escrow accounts.
"Sounds like Bitcoin [price] got high enough and they wanted to get paid," one Reddit user pointed out yesterday. Earlier in the week, Bitcoin price was around $1,800. Today, Bitcoin has gone over $2,000 for the first time.
Nonetheless, in an interview published today with a cryptomarket researcher that goes by the nickname of 2CTFM, the same low-level admin who announced the hack said the market never stored that many funds and the admins couldn't have taken more than $20,000.
"Last thing I knew on the market was that over $20k that was stuck over that weekend was just released and paid out," the admin said. "They’re either the dumbest exit scammers I know of, or it was not an exit scam at all."
"Last weekend the main admins worked hours and hours to solve an issue with the [Bitcoin] mixer which caused many payouts to be stuck. That’s not something you’d do if you were planning on exit scamming," the admin also added. "The only possible thing that could have happened is that they were somehow doxxed and thought by themselves '[expletive] everything, we’re done'."
In recent years, hackers have targeted Dark Web marketplaces, either to steal their funds or to find bugs they could use to coerce admins into paying ransoms.
For example, AlphaBay rewarded a hacker for finding one such bug earlier in January this year, while a month later, the Hansa Dark Web marketplace opened a bug bounty program with rewards up to $10,000 per privately reported bug.
Earlier this month, Slovakian authorities shut down the Bloomsfield Dark Web marketplace, arresting two individuals, including the site's top admin.