One of the largest struggles that dark-net markets face comes in the form of DDoS attacks. Since 2019, markets all over the dark-net have been getting attacked and taken offline. To stop the attacks, threat actors carrying them out demand ransom from the market in return.
About DDoS attacks
A Distributed Denial Of Service attack is a malicious cyber technique that involves chocking the network of a service. To be precise, threat actors overload the network in order to disrupt normal traffic on the site. This results in a denial of service meaning normal users cannot use the site as intended.
In more simple terms, a DDoS attack can be explained as a traffic jam. Creating more traffic than roads can handle will result in an un-smooth flow of traffic. Many dark-net markets have experienced this type of attack. Dream Market, Nightmare Market and more recently Empire market fell victims to such attacks.
Why Empire probably exit-scammed
On August 25th, an Empire Market administrator posted an update on the attacks on Dread. He stated that Empire Market was struggling to recover from the ongoing DDoS attacks. It is unknown if the attackers requested any form of payment.
The statement intended to provide an explanation to people confused Empire Market. A few days before the update, the platform became slow and unusable. The Monero functionality of the site also became imparted.
The Update was posted on behalf of Empire Market by dread user /u/Melbourne. He claimed that the market is "working tirelessly" to overcome the ongoing attacks.
The official statement mentioned that the site admins have taken the DDoS attacks very seriously. The article also highlighted concerns about the damage caused to Empire customers. The market administrators also mentioned that the market "is not going anywhere". Many users took the post with a grain of salt due to the long list of exit scams associated to these attacks.
The above phenomenon can be evidenced by the reddit comments made by Empire Market users. Most people believed that this is a well planned exit-scam strategy being executed. If this is true, it means that the market operators will vanish with the cryptocurrency that was on the platform.
Additionally, a Twitter user claims that he caught Empire Market red handed. He stated that the market operators have already transferred tens of millions to unknown wallets. This was reportedly done during the platforms downtime.
Other users took the other side of the argument. Many argued that Empire has been regularly suffering from DDoS attacks and that it will recover. This is very unlikely to be the case since most of the markets admins vanished from Dread.
Empire Market has most likely exit scammed. It is unclear if this was a well planned and executed exit scam or just a mere coincidence. It is also likely that Empire Market did not intend to exit but used the attacks as an excuse to do so.
The danger of DDoS attacks
DDoS attack have been known to bring down big marketplaces in the past. Dream Market is one such example. When Dream Market stated sustaining a large number attacks it considered a shutdown. After being almost unusable for over 7 weeks the market shut-down. It should be mentioned that Dream Market still allowed withdrawals to take place.
According to Dream Market moderators the unknown attackers launched a ransom campaign. After the series of attacks, $400,000 was demanded in bitcoin in order to cease the assault on the market.
Ends up that Dream Market operators were not willing to give into the ransom. Instead of paying the attackers the market decided to cease operations. The attackers took advantage of a vulnerability in the Tor network to take down the market.
After Dream Market made the announcement wrapping up its operations the attacks continued. The only thing that changed is the attackers focus. The threat actors shifted to other markets like Empire Market.
Since then, a wide range of DDoS attacks have been orchestrated. Nightmare and Wallstreet felt the attacks at some point but did not respond like Dream Market. Both markets exit-scammed after the attacks were too much to handle.
In terms of the DDoS attacks, it is unclear who is responsible for any of them. No one knows if the 4 major attacks are linked but it is very likely. Government authorities also resort to DDoS attacks to target market but not for ransom. It is unclear if the latest attacks on Empire Market were executed for ransom or not.
No one knows whether competing platform or under-cover law enforcement is responsible for any of the past attacks. Despite the common nature of DDoS attacks on the dark-net, most markets still aren't ready. Markets that get attacked are not safe and tend to be unable to react properly.