AlphaBay Rebooted— How DeSnake Brought The Underground Market Back To Life And Made It Better Than Ever

AlphaBay Rebooted— How DeSnake Brought The Underground Market Back To Life And Made It Better Than Ever

In July of 2017, as part of Operation Bayonet, law enforcement took down AlphaBay. After the FBI siezed it’s central server in Lithuania, one of the largest darknet markets in history went offline leaving over 400,000 registered users in the dark. In it’s 2 years online, the market’s transactions exceeded $1 billion in cryptocurrency and sold illegal drugs, chemicals, counterfeit goods, malware and firearms. After the takedown the FBI stated, “Don’t think that you are safe because you’re on the dark web. There are no corners of the dark web where you can hide.”

But guess who’s back? DeSnake, also known as the co-admin of AlphaBay. Nearly four years after the market’s closure, DeSnake is back online and has relaunched a new and improved version of the market.

IIn this exclusive interview with Dark Net Daily, DeSnake talks about why he decided to return to the scene now, plans to create a fully decentralized market, his relationship with Alexandre Cazes, what led to the downfall of the original AlphaBay and more. DeSnake proved his identity by signing a message with his original PGP key (below).


Co-founder and Security Admin, DeSnake.

So for those who don’t already know, who is DeSnake?

As per the DeSnake alias, I am mainly known as being the co-founder and security administrator at AlphaBay in 2014-2017.

After 4 years away, what made you decide to come back?

I have explained this in our We Are Back message, tldr the poor state of the scene including lack of innovation in the last 4 years and the way everything ended with alpha. Specifically how LE had killed him and later on when they showed footage of the arrest to university/college audience they made it as if it is a comedy show which in my mind was enough disrespect on top of everything gave me the “Fuck it” moment to come back.

Why not return under a different alias?

It boils down to again how LE treated alpha last time and how they did the AlphaBay brand name dirty. As well as myself and alpha had promised each other to go to the bitter end and this is me coming back with a solution to do that, future plans to solidify the AlphaBay name by creating a decentralized marketplace network for all and keeping my word.

Back and better than ever.

AlphaBay Reloaded — How DeSnake Brought The Underground Market Back To Life And Made It Better Than Ever

What are the differences between the original Alphabay and the current version?

There are several but the most obvious ones are a brand new secure codebase (due to opsec reasons since LE has the source code to the old one) and a new, improved & streamlined UI which makes everything easy to navigate unlike our old one which was quite messy, all while adhering to our old principles of simple and easy.

Most notably I have developed for more than 2 years AlphaGuard which is a wallet protection system that allows users to settle disputes, finalize escrows, withdraw funds etc. if all servers get seized by LE at the same time. Being prepared for is crucial in a comeback like this and this is our system to ensure even if raids occur users will be able to get their funds, furthermore if all servers are seized but AlphaGuard stays up, from an administrator perspective it will be a few days at most to revive AlphaBay.

We are also bringing an innovation to the darknet marketplace scene which is an automated dispute resolver (ADR) system that allows buyer and vendor to send propositions to each other (refund/reship, 0%, 25%, 75%, 100% refund) in order to settle the dispute. Our insight in managing the largest marketplace ever has taught us that it is basically all steps moderators take or propose during a dispute process, hence by using ADR staff does not need to babysit both parties. Manual moderation is also possible to be enabled by any party but overall it is easier and faster to take final decision by moderator by seeing what both parties have attempted to propose to each other and speeds up the process resulting in superior market support.

Administration is almost the same but the new Staff is entirely different from the old one for security reasons. All new Staff are people I have worked with for many years and are highly trusted in their respective communities. Thanks to our extensive Staff training and a large amount of dispute and ticket simulations, we have been able to achieve support levels and knowledgeable responsiveness which in my opinion better than before.

Last but not least we are Monero-only for security and privacy reasons. Very soon we will add more cryptocurrencies but keep all withdraws Monero-only for security reasons, more information how we will achieve that in the following weeks.


Why create a Monero only market? Do you feel like you may be missing out on business by not accepting Bitcoin?

We will be accepting more cryptocurrencies very shortly but as I explained in the previous question, we will keep all withdraws to Monero-only. Users should keep an eye out for information on our Forum and marketplace platform.

What exactly is AlphaGaurd?

AlphaGuard is a very well tested system which ensures even if seizures happen on all servers, users will be able to withdraw their funds, settle disputes and leave without a cent lost. The system has been in development for 2 years with countless tests and has had a standalone testing period of 1 year+ where it ran on its own. AlphaGuard is quite advanced piece of code which can run even without having access to any servers provided by Administration. It has what we call ‘hive-mind’ which enables it to detect if there are few servers left to launch itself from which then kickstarts several programs which can either (1) purchase more servers on its own by accessing its very own cryptocurrency wallets and leveraging pre-funded accounts for bypassing captcha, or (2) automatically exploit random servers, websites, gain automatic privilege escalation and ultimately be able to fulfill its core programming objectives while preserving encrypted all information.

So I2P.. Can you explain what it is and what it means for Alphabay?

Although we have mirrors on Tor (.onion), we consider I2P to be our main way of accessing. Over the last few years I have been heavily involved in researching and learning even more about the I2P network and right from the get-go I knew it is a solution to a problem which the darknetmarket scene has been suffering from – accessibility (due to DDoS). It is technical to drill down the details in an interview but it boils down to how the network is structured and the tools it has in-built to protect which makes attacks much more expensive than on Tor and much less is needed to defend against them from a defenders point of view. Although we are well resourced to scale we believe it is our duty to inform others of the possibility of this network. Since starting our push from day one in August, already Dread admins confirmed they will have an I2P mirror as well as several other marketplaces have created mirrors on there as well.

I2P is great and I have already released easy 3 step guides for Whonix, custom script which enables I2P on latest Tails OS, and more guides for every other OS. I believe this is what was needed to gain a larger adoption.

I2P also gives a step up from what Tor offers in terms of anonymity of the hidden service/eepsite. I have witnessed how LE can track onion services and although extra protection such as vanguards add complexity to finding out the real location of websites under Tor, it does not completely solve the problem. Let me also make it clear that I2P does not solve that either but it has a better approach in my opinion especially if you are using multi-homing which acts as a true load balancing system.

No one technology can solve the issues of having an anonymous website that is why multiple layers are required starting from the bottom which is selecting the right trusted bulletproof hosting providers to complex and automatically-changing network to avoid detection – even all of that still does not equal successfully being anonymous so we employ additional tactics even on top of those to stay one step ahead.

Have you encountered any DDOS attacks since the relaunch?

Yes on the Tor (.onion) mirrors since the very first day, I2P had attempts at being DDoSed but it was always up. Since we are a serious marketplace with history, other markets felt threatened so they decided to start attacking us all the time. Although I do not have an issue with scaling by spending what would be considered an average persons yearly salary on servers to keep us up, I instead focused on developing our own firewall solution to stop or more accurately be able to withstand the attacks. It was worth the 2 months of work because the end product is not only very robust but also allows us to defend for next to nothing compared to what most marketplaces spend when they are under DDoS.

What are your thoughts on the current dark net market scene?

Poor condition, fragmented. After the operation against us and Hansa, the darknet community was never again the same. Coupled with the constant streak of scamming marketplaces such as Empire, it depleted the trust in the darknet scene and it has shrank since. Proof of that is no other marketplace has ever been even half as big as we were at the time. The constant DDoS has also halted completely innovation when it comes to darknet marketplaces.

We are here to change that though especially with my decentralized network project which solve a lot of issues users are having today.

I read that you believe Tor may be susceptible to surveillance. Could you explain?

It is not a question if I believe, it is a fact. AlphaBay as well as many other takedown instances has shown us that is the case. On top of that at some point in 2014-2017 we had ran heuristics which I had time to analyze over the years and without a doubt know that given enough time and resources LE can identify the servers used to host a particular website. Tactics such as changing servers often and selecting bulletproof providers are good and should be used but alone they will not protect service providers, a wide range of them are needed as well as custom solutions in addition.

As far as Tor users go, I also know for a fact that LE can track them given enough resources (aka if they are of interest). There are many busted vendors and other users who have said they had used Tails solely (Tor only) and got caught regardless. I do not mean busted by that way, LE finds other way to ‘tie your profiles’ aka parallel construction which is a very common tactic but the initial way of identifying you as a vendor or target of higher importance may very well be through the Internet.

I know it is controversial to say all of this and Tor enthusiast will jump and scream ‘no Tor is safe everything is good’ but I can tell you from my experience, people close to me and that of many other what would be considered for LE ‘high-value targets’, it is not. I have lived to say this and warn people to not be naive (of any sole technology) and I stand by it.

Before anyone also asks no I2P is not perfect either but it was created for true darknet usage unlike Tor which is mostly used for an ‘anonymous’ gateway to the clearnet.

Simple takeaway is do not use one single technology to protect yourself whether I2P or Tor, always use other means on top to protect yourself in addition.

So, you have plans to create a fully decentralized marketplace. How will that work and how far away is it?

It is a decentralized market network so all marketplaces can place their own brands or if you are a vendor setup a vendor shop. It will solve issues such as wallet safety (no more scams, all multisig), accessibility (DDoS), takedown-resistant and also making management for servers for admins much easier and many more.

Right now the network (I say network because name is not yet chosen, send us your proposal for name over our AlphaBay Forum) is all funded through a percentage of what AlphaBay makes. We do not accept donations as we never had even for AlphaBay before. So by using our platform you contribute to the development of the next generation marketplace.

At some point the network will be self-sustainable by collecting a 1% from all transactions. That profit will be split between developers and network operators. Developers write code and maintain it while network operators provide servers and infrastructure. As far as the network operators go everything will be encrypted and they will not be able to see anything or modify anything so being an operator will mainly boil down to making sure your instances are up and available to everyone else.

As far as progress, discussion is ongoing and we are hiring developers, system admins, infrastructure experts, blockchain experts and more (we pay per code written as well as offer profit from the network as core-developer). Different options of which technologies to use have been thrown out and about both on the AlphaBay Forum in public and private chatrooms. Ultimately a week or two ago I had discussed specific ways to achieve all of this of how I see it and with green light from the current team working on this, I made some major improvements to both the technical and overview blueprints. We have a bunch of pseudo-code which will start to be converted to actual code as of January 2022.

The blueprint improvement I suggested to the original one which I created, considerably makes everything much easier to code in my opinion and simpler way to approach it (compared to other decentralized marketplace codes) so everyone should expect an alpha demo at some point in 2022 or early 2023. In the mean time use AlphaBay as your marketplace to help fund the project.

What does the Alphabay team look like right now?

Administration is almost the same, Staff is a brand new team of people as it would have been a security and privacy risk to hire the same moderators as before (yes many are free and around such as some which have verified me on top of my PGP with things only ex-Staff knew). As I answered in another question these are highly trusted people by myself and others in their respective communities, with which I have worked on different projects over the years. They have all received extensive training to provide excellent customer support and be able to fairly judge disputes. We always taken pride in ourselves in our customer support and dispute resolution moderators so it was important to get the right team in order to be able to offer better experience to our customers and vendors.

How many vendors are on the Market?

As of right now 2100+

Listing for “5g Pure Columbian Cocaine”

What qualities do you think make a great vendor?

We have a really neat answer to that in our own FAQ where it guides vendors how to be more successful such as having own unique selling point (USP), excellent communications and excellent operational security (includes stealth for physical vendors). Ultimately it is someone who is on top of their shit, is consistent, well-versed in security and offers amazing customer support.

What drug is the most sold on the market? Is there anything that you dont allow to be sold?

A bunch of different products are, weed(-based) and cocaine products are pretty popular, ketamine etc. There is no specific ‘winner’ in that sense yet.

We do not allow any fentanyl or fentanyl-laced substances including carfentanyl or any analogues of that, no harming others such as hitman/murder services, no guns/guns discussions (3D printed digital designs are fine), no terrorism related products, services or propaganda (regardless of your definition of terrorist, we are a place of business), no erotica/porn/softcore of any sorts (logins for major sites are okay), no Covid-19 vaccines/cures or vaccines of any sorts (counterfeit vaccination cards/passes are fine), no any Russia/Belarus/Kazakhstan/Armenia/Kyrgyzstan-related activity (people, organizations, companies, critical infrastructure, non-profits, governments) or citizens data, no ransomware selling, recruiting for access to deploy ransomware or ransomware discussions (selling access to network/servers itself is fine but it must not say it is for ransomware when advertised).

Alpha02

Alexandre Cazes aka Alpha02

How did you first meet Alexandre Cazes?

I needed a stable marketplace to sell my CC bases and saw potential in AlphaBay. I discovered a few bugs and reported it to alpha. A few days later I found more serious bugs and I was able to shell the marketplace. Instead of being bad, I once again reported it and the rest is history.

What was he like?

Smart, passionate, well-mannered and responsive. He was a good guy, anyone who has talked with him can tell you the same.

What was it like runnning a market as large as Alphabay?

Stressful but also rewarding in many ways. Most important for me was the experience which you can not get anywhere else, hence now I had applied all of this and my 20 years of computer experience to rebuild AlphaBay. It made AlphaBay easier for users/vendors with things like the automated dispute resolver or streamlined processes for purchases/disputes, easier staff functions all while giving me visibility that they do not abuse any function, handling millions of concurrent users from day one etc.

What led to the shutdown of the market?

A few opsec mistakes from alpha but ultimately not following my opsec guideliness to the fullest extend. All Staff members who followed it remained free and have not been caught but alpha skipped certain steps or overlooked what I was saying, even going sometimes to say it is too much and not needed. I disagree. In my opinion security is the most important thing before doing anything, anything else comes second and it is a principle I have followed all my life doing business.

However also sneaky tactics such as parallel construction of how the case was built on AlphaBay and more played a role (e.g. how they did not officially mentioned it was being investigated way before than in the indictments, finding out where the Tor servers where etc.). Most of those would not have played well in court and it is part of the reason why I believe alpha was killed. Alpha was a great guy and friend, legend carder and had good opsec knowledge but when your adversary is global it is much, much harder.

What do you believe really happened to Alexander after his arrest? And why?

He got killed by LE as I have said in the we are back message and the reasoning behind it. All of my tireless work digging into his death including putting people on the ground physically to search have led to this conclusion. It is part of the reasoning also why we have returned, as alpha was a good soul and did not deserve execution without trial, it was injustice.

In an interview you said, “I had given [Cazes] many ‘holy grails’ of anonimity, but he chose to use only certain things while he branded other methods/ways as ‘overkill,’”. Can you share a few of those “holy grails”?

Trust no one, do not rely on any one technology for your own security, question everything, always change up your patterns in whatever you do. More things you can read from my updated opsec guidelines which were used by Staff, in the upcoming time on the AlphaBay Forum.

What is the process like for building a Darknet market? How much time and money does it take?

Long. Most time it took me on AlphaGuard which was 2+ years to develop and perfect and then letting it run for 1+ year on its own. It takes quite a bit of money monthly to keep it up but security has no price.

When it comes to the marketplace code it also took a long time as I wanted to perfect it and secure every aspect of it from the beginning by using secure coding techniques all the way to server and network configurations, top to bottom.

What was your OpSec like when you first started out?

When I started out in very early 2000 the Internet looked very different. However even then I knew from other people that anyone can be tracked on there so I learned how to protect myself first before I started to even learn/practice hacking/security and later getting into malware, botnets etc. Over time my opsec improved obviously as it always is as security is not a state and more technologies/usage has become available.

Do you have any tips for people out there looking to improve their OpSec?

Do not trust anything, always verify. Do not rely on one technology only (e.g. Tails/Tor) as you will get busted if you are interesting enough to LE. Always add fallback-protection to everything and do not forget real world defenses such as changing places, never doing anything from your home, never bringing personal devices to work etc.

How did your interview with WIRED come about?

Andy reached out to me and the rest is history.

I heard that you used to be a vendor CCs. Can you tell me about that?

Yes, it is the main reason I joined AlphaBay to support a stable marketplace and as an additional platform as at the time I was getting fresh CC bases on the daily from my botnets and backdoors (what now is referred as ‘web skimmers’) which I was already selling to CC shops and private resellers, but still I was ending up with leftover stock. When being a CC vendor especially one with first-hand material the #1 thing you need to do is sell it quickly because validity goes down every day so opening up on the English speaking forums was a good idea and indeed I was able to achieve what I initially wanted.

Anything else you’d like to add? Where can people find you?

Come and support our vision and main goal which is the decentralized market network project by using the AlphaBay escrow marketplace platform.

Find us on our official links below or on Dread. WE ARE NOT ON ANY CLEARNET SITES, TWITTER, REDDIT, TELEGRAM etc. – these are all phishing sites, do not fall for them.

ONLY REAL LINKS for Marketplace and Forum (/forum):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://tnaefzkcnhryeusi7hdpqujqiqmnbtah3dmjcg3gvezohunjuxbq.b32.i2p
http://alphabay522szl32u4ci5e3iokdsyth56ei7rwngr2wm7i5jo54j2eid.onion

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJhAqp1AAoJEBHEgMJRWRsQrTMP/jayYqUgEdWWmD4+HhyYklsk
vsdHS5i03ZRk1vMP6PDDtqXg6kfBDKiCFiczCsasjKUOhF/CgBC6qAV92tGeetGs
+auDgSmi1RWbtuaPLyz+IEgOyk7HrjS7FQsaBX/OhPcYVxlaFxQE5XOz1fnmGyRE
EDtXCk2/jlUdJuPtJCNbMKCRG+5ElMCcYilt1tcqp7WA0pqAuAPOJJ68yDS198T/
IGN+vPwLDWuaBtpO5sr3hiqKpos1s79QQouUHx+FpHVGxKPZ1sRY+NXdvECAalKt
ZgGxm8c1XSvoBZRtyhcA90irzIjbFAVeKikTfDQJdNVj0SMKnJbxPQo716qRrPta
YnhockMisQ/QFadBtNsA+SUvhvaKzlwLKqeLOjd+disPLMumyHRznoGrfKwHV9iY
9dZgR4Lo10ofZYOgD4E5a1nrCsj8Ykt+Q8yWKLCBF+C+gxu7fZbTEF5QHijMRacJ
nEGW2fINBcknx4chVMaWZ0YvYm7I873XN7ijRPEsUvF0+/eY3MMdWwiuk9GVTQV4
OVz+e8J2yXk7VGrxIueKWoSqWVN9hegKH835a0v3fZpF8rJsEp8d4VQrn+hbP7Rv
6nAbxVRT9qENsTNQslFmjhRAKTTGzEY7xA3ZtuanLR3+CKrvl2U2gWA2fv4Wvk6w
Hpwgk319ImKyYHvoYZ6K
=VblM
-----END PGP SIGNATURE-----

Thanks for reading. Check out our Store, Interviews and Arrests for more.