What was AlphaBay?
AlphaBay was an darknet market which operated on an onion service of the Tor network. It was shut down after a law enforcement action as a part of Operation Bayonet against it (and also the Hansa market) in the United States, Canada, and Thailand, reported 13 July 2017.
In October 2015, it was recognized as the largest online darknet market. Next to dealing drugs (also Fentanyl), users could get all sorts of other things like malware, hacking services, weapons, accounts or even luxury goods.
At the time of the shut down, AlphaBay had
- over 400,000 users
- over 369,000 listings
- $600,000 – $800,000 in transaction volume per day
- had 10x the size of Silk Road
Law enforcement took at least one month to obtain a US warrant, then over one month to obtain foreign warrants, prepare for and execute searches and seizures in Canada and Thailand:
- Early May 2017: Law Enforcement verifiably active on the site since at least this period.
- 1 June 2017: Warrant issued by United States District Court for the Eastern District of California for racketeering, narcotics, identity theft and access device fraud, transfer of false ID, trafficking in illegal device making equipment, and conspiracy to commit money laundering.
- 30 June 2017: Warrant is issued for Cazes’ arrest in Thailand at US request.
- 5 July 2017:
- Canadian police raid EBX Technologies in Montreal, Cazes’ Canadian company and the reported location of the physical servers, as well as two residential properties in Trois-Rivières.
- Cazes is arrested in Bangkok at his dwelling at Phutthamonthon Sai 3 Road in Thawi Watthana district which is searched by the Royal Thai Police, with the help of the FBI and DEA.
- 12 July 2017: Cazes’ suspected suicide by hanging while in custody at Thailand’s Narcotics Suppression Bureau headquarters in Laksi district, Bangkok, is reportedly discovered at 7AM. He was due to face US extradition.
- 16 July 2017: Cazes’ wife is reported as having been charged with money laundering.
- 20 July 2017; U.S. Attorney General Jeff Sessions announces shutdown of the site.
- 23 July 2017: Narcotics Suppression Bureau chief is interviewed and suggests that more suspects will be arrested soon.
Operation Bayonet was a multinational law enforcement operation culminating in 2017 targeting the AlphaBay and Hansa markets. The following information was found during the operation.
- About the time the service first began in December 2014, Cazes used his Hotmail address Pimp_Alex_91@hotmail.com as the ‘From’ address in system generated welcome and password reset emails, which he also used for his LinkedIn profile and his legitimate computer repair business in Canada.
- Cazes used a pseudonym to run the site which he had previously used (e.g., in carding and tech forums) since at least 2008, and variously advertised this identity as the “designer”, “administrator” and “owner” of the site
- When Cazes was arrested, he was logged into his laptop performing an administrative reboot on an AlphaBay server in direct response to a law-enforcement created artificial system failure; furthermore, encryption was wholly absent on said laptop.
- Cazes’ laptop reportedly contained an unencrypted personal net worth statement mapping all global assets across multiple jurisdictions, conveniently leading police to complete asset seizure.
- The servers were hosted at a company in Canada directly linked to his person.
- The servers contained multiple constantly open (unencrypted) hot cryptocurrency wallets.
- Cazes’ flashy use of proceeds to purchase property, passports and luxury cars and frequent online boasting about his financial successes, including posting videos of himself driving luxury cars acquired through illegal proceeds, not only revealed his geographical location, it perforce made denying connection to the service impossible.
- Assets acquired through proceeds were held in a variety of accounts directly linked to Cazes, his wife and companies they owned in Thailand (the same jurisdiction they lived), as well as directly held personal accounts in Liechtenstein, Cyprus, Switzerland and Antigua.
- Cazes’ statements about the goal of the site — “launched in September 2014 and its goal is to become the largest eBay-style underworld marketplace” — helped to legally establish intent.
At a cybersecurity conference in Manhattan, an FBI agent involved in the case showed a video of Cazes’s arrest to journalists and law enforcement, and joked about how the arrest went down.
“See if you can spot the moment when he realizes he’s about to be arrested,” FBI special agent Nicholas Phirippidis said as he played a few seconds of the surveillance footage of the arrest at Fordham University’s International Conference on Cyber Security; the audience laughed as the video played.
The FBI’s plan was to crash the undercover police car onto Cazes’ front gate and get him to come out. This wasn’t just to get their hands on him, but also to get his computer before he managed to encrypt his data.
The idea was to get Cazes’ computer unlocked and unencrypted to avoid having to potentially crack into it by breaking its encryption. Increasingly, police and federal agents try to seize computers while they are on and unlocked to avoid the Apple vs, FBI scenario, where feds initially couldn’t access data on an encrypted iPhone.
Unfortunately, AlphaBay admin Alexandre Cazes did not want to serve years behind jail, so he took his own life in a Bangkok jail.
This was the cell where Alexandre Cazes was found dead. The content below is graphic.