Cyber Incident Victim: Cannazon

Cannazon, a prominent dark web marketplace specializing in marijuana products, experienced a significant distributed denial of service (DDoS) attack at the beginning of November 2021. The attack severely disrupted operations, prompting administrators to implement partial shutdowns and reduce order processing capacity to mitigate its effects. These measures generated uncertainty within the user community, fueling suspicions of an impending exit scam—a scenario where marketplace operators abscond with user funds. On November 23, 2021, administrators issued a signed message using the market’s PGP key, announcing their decision to permanently retire the platform and explicitly denying any intention to orchestrate an exit scam. The message acknowledged operational challenges caused by the DDoS attack and apologized for lacking transparency during the mitigation period, stating this approach was necessary to prevent opportunistic exit scams by vendors.

The administrators formally took Cannazon offline on November 29, 2021, marking the conclusion of its operations. In their final communication, they outlined a process for vendors to retrieve signed Bitcoin multisig transactions through an encrypted message scheduled for publication on the Dread forum later that week. The shutdown eliminated a major cannabis-focused dark web marketplace, creating a vacuum likely to be exploited by fraudulent actors impersonating the original site via cloned platforms on new Tor addresses. The incident underscored recurring vulnerabilities in dark web markets, including service instability from targeted attacks, trust erosion between users and operators, and the persistent risk of financial fraud despite security assurances. No law enforcement action or data breach was explicitly linked to the incident in available reporting.