Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam.
Exit scams occur when the operator of a marketplace decides to vanish with the money they hold in escrow for various transactions between platform users.
Blockchain intelligence firm TRM Labs reports that Abacus shutting down so abruptly has all the indications of either an exit scam or a covert law enforcement operation dismantling the activity.
Historically, there have been “silent” takedowns that weren’t accompanied by announcements from the authorities, to allow investigations to continue unobstructed and gather more incriminating evidence or identify accomplices.
Source: TRM Labs
Leading force
Abacus launched in September 2021 as ‘Alphabet Market,’ and gradually increased its popularity, especially as the number of other markets on the dark web dwindled, mostly as a result of law enforcement actions.
In 2022, Abacus was used by 10% of the users on Western darknet markets. It grew to 17% in 2023 and reached a leading status of 70% last year.
Source: TRM Labs
TRM Labs reports that the market had enabled transactions of nearly $100 million worth of Bitcoin but the figure does not include Monero (XMR) cryptocurrency, which requires special conditions to track and accounts for at least two-thirds of all transactions on Abacus.
Considering Monero transactions, the researchers estimate that total sales on Abacus were likely closer to at least $300 million. The best month for the darkweb market was this June, when the value of brokered sales peaked at $6.3 million.
In what concerns user deposits, TRM Labs reports that the platform received last month an average of $230,000 per day, across 1,400 transactions.
This figure dropped quickly in early July, to just $13,000 a day across 100 deposits, as user trust was quickly affected by withdrawal delays.
Exit scam unfolding
When user complaints surfaced, Abacus’ administrator, “Vito,” said on the darknet forum Dread that the reasons behind withdrawal problems were a sudden influx of new users following the recent shut-down of Archetyp Market, combined with a distributed denial-of-service (DDoS) attack.
Source: TRM Labs
Despite Vito’s assurances, daily transaction activity on the site dropped.
In the days that followed, Abacus Market’s entire online infrastructure, including its clearnet mirror, went offline without a seizure banner or any indication that law enforcement was involved.
Community consensus and users close to the Abacus team ruled out an FBI operation as a likely reason, leaning more towards an exit scam explanation for the sudden takedown of the platform.
At publishing time there is no indication that Abacus has been taken down by law enforcement but this scenario is not to be ruled out yet.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.