Cyber Incident Victim: Empire Market
Date:
Aug 2020
Location:
United States of America
Summary
A popular dark web marketplace experienced prolonged downtime following a distributed denial-of-service (DDoS) attack, sparking user concerns about a potential exit scam amid intermittent accessibility reports. While some speculated administrators intentionally abandoned operations to steal escrow funds, historical precedent of prior DDoS incidents and limited site functionality during the outage suggested external disruption rather than premeditated fraud. The platform ultimately ceased operations permanently, with its head moderator indicating administrative exhaustion and reduced communication preceding the collapse. This abrupt termination prevented users from withdrawing assets held in escrow, resulting in significant financial losses for both buyers and vendors who relied on the marketplace.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Empire Market, a prominent dark web marketplace facilitating illicit trade, experienced significant disruptions beginning on or around August 22, 2020. Users reported widespread inability to access the site over the subsequent 48 hours, with complaints surfacing on platforms like Twitter and Reddit. Initial speculation among users centered on two possibilities: a distributed denial-of-service (DDoS) attack or an exit scam. The marketplace, known for hosting listings of illegal drugs, counterfeit goods, stolen financial data, and other contraband, supported cryptocurrency payments including Bitcoin, Litecoin, and Monero. Testing by BleepingComputer confirmed the site and related domains were completely unreachable during this period. Some users reported partial accessibility under severely degraded conditions, with Twitter user DarkDotFail describing the site as "very slow to access" and noting broken Monero functionality. Historical context indicated Empire Market had previously weathered DDoS attacks earlier in 2020, though none had caused such prolonged downtime. The head moderator of Empire's associated forum on Dread initially adopted a wait-and-see approach, stating they would address the situation publicly if the outage persisted beyond "a couple of days." This ambiguity fueled user anxiety, particularly among those with pending orders or funds in escrow, with Reddit user JuicyVeins expressing frustration over an unconfirmed transaction that might auto-cancel.
By August 25, 2020, the situation escalated as Empire Market administrators abandoned efforts to restore operations. The head moderator revealed that communication with the administrative team had deteriorated over the preceding six months, with the market operating on "auto-pilot" and admins growing exhausted from sustaining the platform. While the moderator (identified as Se7en) disputed theories of a premeditated exit scam—citing the administrators' historical ambition to operate "the longest living market in history"—they criticized the lack of advance notice to users. The abrupt closure left buyers and vendors unable to recover funds held in escrow, sparking outcry on social media. One Twitter user lamented the absence of a withdrawal grace period comparable to Dream Market's earlier shutdown, while another acknowledged losses to sellers and buyers alike. A PGP-signed post from the moderators documenting the closure was archived by Dark.fail, providing limited official confirmation. The incident concluded without service restoration, marking the end of one of the dark web's largest illicit marketplaces amid unresolved financial losses for its user base and persistent uncertainty regarding the initial outage's root cause.