Switch off the light – the bust of the darknet giant “Wallstreet Market”

Darknet Dealer Wallstreet Market, US Gov. 2019
Darknet Dealer Wallstreet Market, US Gov. 2019

Now one of the giants in Darknet has been hit.

“Wallstreet Market” so called here WSM.

After the sudden shutdown of Dream Market, the oldest and probably most successful trader of its kind on April 30, 2019 for reasons not yet known, Wallstreet Market became the adress for the digital underground.

The transactions were conducted in English, German, Portuguese, Spanish, French and Italian, indicating the internationality of the market. In addition to the main categories of drugs, counterfeits (among them probably also Greenbacks from North Korea production), stolen goods, fraud and malware, links to pornographic content were also placed.

The former distribution of numerous forged papers makes it possible to uncover the paths of stolen papers around the globe. It is also said that it was possible to buy weapons or order killings through links in the backyards of the vendors. The information about this issue is currently not available.

The “stalls” are said to contain numerous government-related organisations of so-called rogue states that are trying their luck in drug trafficking. This was certainly a violation of embargo regulations and others.

In addition, the Silkkitie, the underground market known as Valhalla Marketplace, was closed during the operation by the Finnish police in close cooperation with the French authorities. Europol coordinated the whole operation.

Valhalla Marketplace was linked to WSM through AlphaBay and HansaMarket, the vedors took turns. Valhalla Marketplace was established in 2013 and offered rather a small niche assortment in the deep web, it had in the end about 28,000 offers. Via the admin SpeedStepper Valhalla and WSM were connected to the Dream Market which closed on 30.4. WSM also advertised via the social network Reddit.

In Europe WSM supposed to be the sales channel for Venezuelan production of cocaine, from deliveries via the Canary Islands, via the so-called southern route, as one learns from well-informed circles. At least aprox. 40 tons of the 160 tons of cocaine produced annually in the border area between Colombia and Venezuela goes to Europe. Maduro’s cruel regime was partly financed by drug sales, which the mafia smuggled through the Canary Islands and Senegal, Guinea Bissau. Whether the mobile drug dealers in Hamburg and Bremen belong to the supply network will only become clear through further investigations.

Criminal onion

The Darknet- infinite vastness within the “criminal onion”, the platform against dictatorships and regimes once intended as an aid for journalists and activists, quickly became a place where weapons and child pornographic material, drugs of the repressive regimes and money laundering were offered as a bargain. Tor networks allow visitors to the underground vendor sites to enter the markets anonymously and leave little trace, as most payment is made in digital currencies.

The so-called “Exit Scam” by the operators, who at the same time act as trustees for the money of customers and suppliers, was suspected as of 23rd April due to advance maintenance work on the platform. The investigators accessed the platform before the operator trio had left. Between 22nd and 26th April 2019, up to 30 million euros were transferred to various virtual accounts. Time was so short that the examining magistrate swore the FBI employee in on the telephone, who had meanwhile left for Germany, about his affidavit in order to issue the arrest warrants.

But how did the investigators get on the track of the operators?

In Florida, the situation escalated

Since September 2018, the investigators had succeeded in identifying two of the major sellers: ladyskywalker and Platinum45ladyskywalker worked in the interlocked world of the digital underground on multiple platforms in the main field of fentanyl. For this purpose, a dummy address for ordering illegal goods was set up by the US authorities.

At the same time the later accused drug dealer Platinium45, who supplied the whole world with his shipments, mainly Australia and Germany, was targeted. Platinium45 advertised that he could deliver up to 1000 grams of amphetamines in one shipment.

There was a death in Florida resulting from the delivery of a fentanyl nasal spray by the seller nicknamed U4IA ( State of Wisconsin/ Schoenman), who sold his goods on WSM. In the meantime, U4IA was sentenced to 12 years imprisonment. There are said to be several more deaths.
The FBI in Los Angeles became active. Under a cover name, employees of the federal authority bought a set of papers from fullz, which were forged in order to be able to better assess the origin. In September 2018, the FBI issued Professor Dark</e bought a mediocre Spytech SpyAgent Keylogger (probably from North Korean production).

The trace led back to the former German Plaza Market (GPM), which started in September 2015 and ended in May 2016 with an Exit Scam. This information led to the conclusion that the Wallet2 for Bitcoins could be estimated at approximately 3374 Bitcoins ( 17,190,589.65 euros). But already in May 2015 a Wallet1 was created. From this wallet 206 bitcoins were transferred when GPM was still on the market. A third wallet only served as reinsurance for the authorities. This then led to the accused.

In Brazil Marcos Paulo De Oliveira-Annibale, 29, from Sao Paulo, Brazil, who had reached a certain fame with his nickname Med3lin, was accused of money laundering and drug trafficking. The tracks are lead back to the almost legendary Silk Road market, which investigators closed years ago.
Further investigations were conducted against a computer programmer Tibo Lousee, (coder420, codexx420) in Kleve Germany. Klaus-Martin Frost (TheOne, The_One, dudebuy) and a certain Jonathan Kalla (Kronos). Frost already used his nickname on Hansa Market. In addition, the defendant Frost used another wallet, to pay for games that led back to 2016, giving his email address: klausmartin.frost@web.de Under case number 19MJ1843, the US filed charges against the operators who are said to have been running the business since October 2016. The transactions were done by Bitcoin and Monero.

Marcos Paulo De Oliveira-Annibale is said to have been a link between the drug mafia and the darknet. His nickname alone is enough to see through his intentions and the ones of his clients.
First of all, it’s only a matter of time before the next underground dealer is caught. Wall Street Market has probably unwittingly become a honeypot in recent days, from which investigators can now avail themselves.

At the same time, in early 2018, the BKA identified WSM’s Virtual Currency Server of the accused, independent from the FBI or DEA. It became clear that the WSM’s infrastructure was located in Germany, extended to the Netherlands, where a second server was located.

Wallstreet Market was taken in concerted action by the German Federal Police, BKA, the American Federal Bureau of Investigation (FBI) and the Dutch police. Since 2017, numerous other authorities in the USA have also been involved. The US Drug Investigation Agency DEA, Immigration and Customs Enforcement, Homeland Security Investigations, Internal Revenue Service were also involved in the concerted action.

Three of the accused were arrested in Germany, two others in the USA, according to the responsible public prosecutor’s office in Los Angeles. Here, two dealers were arrested who acted as main suppliers. Millions in cash had been found with these detainees. Further arrests and raids in Europe can happen any minute.
Cocaine, heroin, cannabis and amphetamines, false IDs and credit cards – data spied out, forged documents and malware were top sellers. The operators of Wall Street Market received commissions of two to six percent of the sales value from each sale.

The number of sellers registered in the forum was around 5420. The number of sales offers were more than 60,000 and investigators found 1.1 million customer data on the confiscated computers and media. In addition, 550,000 euros of cash and about 1 million euros were confiscated in Bitcoins. Numerous expensive vehicles were seized. Finally, a firearm – that was not described in detail.

For years, since the bust of Alpha Bay and Hansa Market, the operators of the platform have been investigated. In part, the investigators used the findings from the honeypot to gain access to the structures interlocked in the digital underground. A big help was the RLT, Real-Life-Meeting, the transfer of drugs, which could only happen in the real world, not in the digital underground. In many cases it was no longer possible to send the goods by post or parcel. This allocation method is the usual step of delivery to remain anonymous.

It is expected that more Darknet markets will explode in the next few days.



Please enter your comment!

I confirm

Please enter your name here