Hey, welcome to the next article in “Mystery🔎”! So last time, we’ve discussed about Bitcoin and well, the dark side of it. Let’s continue our discussion with how some people manipulated the security and anonymity of Bitcoin and other cryptocurrencies for illegal activities. Starting with “Alpha_02” - the notorious kingpin of the Dark web!

Don’t forget to subscribe for more similar posts! Cheers!

Before we delve deep into this special individual, let’s first get to know about his kingdom in the darkest part of the Internet.

How large is the Internet?

Now, let’s just imagine the World Wide Web is actually a huge iceberg. The visible part of the iceberg is called the “Surface web”, consisting of almost everything you see on the Internet: Facebook, Instagram, TikTok, and so on. Whatever information you are looking for will likely appear in the results of search engines.

Alright, get your scuba gear on, we’re gonna dive a little bit deeper. Deep web is right below the Surface web, the name "Deep web" itself is an umbrella term that refers to parts of the Internet that cannot be fully explored using conventional search engines like Google, Bing, and Yahoo (this applies for contents that are behind a paywall or require subscription). In fact, most of the content found on the deep web is legitimate and noncriminal, something like email messages, chat messages, private content on social platforms, electronic bank statements, electronic health records (EHR), and other types of content accessible through the Internet, as long as you can find the way.

While most people might assume Deep web is already the deepest and most danergous part of the Internet, but it’s not necessarily true. Though both data in Deep web and Dark web doesn’t always show up in your search results, Deep web and Dark web are not the same.

While the Deep web is more like a grey area in the middle, the Dark web is perhaps a nightmare. Some people argue that the Dark web has anything you want, as long as you have the right sum of money and manage to locate the right people who are willing to do it, from black markets for stolen credit cards and personal information, firearms, malware, prostitution, sex trafficking and drugs to cyber attack services, like access to botnets that can conduct DDoS (distributed denial-of-service) attacks.

However, thanks to its anonymous & highly secure nature, the Dark web is not just the home for criminals only. There could be journalists collaborating with whistleblowers to uncover corruption within corporations and government entities; individuals living under oppressive regimes seeking access to independent news outlets censored by conventional web browsers; or simply those who wish to gain access to free academic research and ad-free search engines. But the kingpin we’re looking for is none of them.

I hope the title of this part does not confuse you much. But if it does, allow me to explain.

So, privacy and security are what the Dark web offers to its users. Then how will they purchase the services or sensitive information while remaining under the radar? A medium that leaves no trails of who they are, ah yes, cryptocurrencies.

What cryptocurrencies, exactly? A lot, Ethereum, Monero, and the most popular one, Bitcoin, for its ease of use and fast speed. And the platforms for these figures to meet up and trade goods? Plenty.

In 2011, the largest black marketplace called Silk Road was launched in the Dark web, serving its sole purpose of being the home for illicit drug sellers and interested buyers online. For ultimate privacy, the site used various anonymization techniques, including the network called Tor, the only way to access the market.

Soon enough, it was not just a haven for the drug dealers anymore as it slowly expanded to offer more items: hacked passwords, illegal data, guns, and other contraband.

The Silk Road only met its end in 2013 when an FBI agent discovered the hidden marketplace and coordinated efforts with the DEA, IRS, and Customs agents to shut down the site. Despite the challenges posed by Tor and Bitcoin in concealing addresses, federal agents successfully tackled the illicit drug market. The mastermind behind the Silk Road, Ross William Ulbricht, was then arrested, along with his laptop used to run the marketplace. [4]

With the Silk Road being raided by the authorities, the online criminals immediately moved to other marketplaces to continue their businesses, but they were soon shut down as well… or just turned into a rug pull (also known as exit scam).

Goods being sold on AlphaBay, ranging from drugs to fake IDs. Source: www.abc.net.au

And then, in the midst of chaos, AlphaBay joined the conversation. The platform was reportedly launched in September 2014 and officially opened worldwide on December 22nd, 2014 [5]. Seeing the growing traction with 14,000 new users in the first 90 days of operation, AlphaBay soon turned into the next successor of the Silk Road. The admin of the network was someone who went by the name of “Alpha_02”. When the FBI successfully shut down the site, it was revealed that Alpha_02 was a young man named Alexandre Cazes, and how surprise, he was only 23 years old when he created the largest black market ever known in 2014 and 25 years old when he was arrested.

AlphaBay emerged in late 2014, despite the growing competition between online markets trying to expand illicit trade on the Dark web.

The site proved nothing outstanding compared to others, however, the site's anonymous leader, Alpha_02, appeared to be more savvy than many of the operators of rival markets. Alpha_02 was a prominent figure in the cybercriminal community, specializing in credit card theft and fraud as a "carder." He had gained recognition on the Tor Carding Forum, a dark web platform where hackers exchanged stolen data. Moreover, he even managed to sell his 16-page "University of Carding Guide," which was a document educating newcomers on various illicit techniques, such as how to "social engineer" bank customer service representatives to authorize fraudulent transactions using spoofed phone numbers [6]. He was the idol of idols in the cybercriminal world.

AlphaBay listings. Source: www.darkowl.com

In the first few months of operation, AlphaBay primarily served its main customer segment: hackers. Therefore, most of the listings on the site back then was mostly stolen credit card data and hacked accounts. However, as the traffic grew stronger, plus the other competitors gradually got exposed and raided by the law enforcers, AlphaBay saw itself expanded to a larger scale with the increasing number of vendors (moved from shutdown marketplaces), more lucrative contraband started to appear on the site: ecstasy, marijuana, meth, cocaine, and heroin—all available for shipment via mail. It soon became evident that Alpha_02's ambitious vision was joining the two separate extremes of the Darknet world, cybercrime and drug trade, into one single large as hell marketplace.

“In the "About Me" section of AlphaBay, Cazes wrote that he wanted the site to become "the largest eBay-style underworld marketplace"…. [7]

With just a blink of an eye, AlphaBay had become the market leader, the dominator of all black markets in the Fall of 2015, just roughly one year later. AlphaBay somehow remained undefeated as Agora, its closest competitor, had shut down operations in August of the same year due to concerns about a potential vulnerability in Tor, which could compromise the location of its servers.

A massive wave of clientele just flocked to AlphaBay, and by December 2015, the marketplace had total users of approximately 200,000 with 40,000 active vendors [8]. This newfound fortune also increased the number of listings on the site, which was reportedly more than 21,000 product listings for drugs, surpassing Silk Road and its peak of ~14,000 listings and making it “10 times the size of Silk Road” [9].

The fact that AlphaBay exposed not a single flaw within its security system gave law enforcement agencies worldwide a hard time. Agents who monitored the site confirmed that they found little to no operational security lapses that could provide a lead on its servers or its founder.

Depiction of AlphaBay’s structure. Source: www.justice.gov [10]

Noted that, just before AlphaBay claimed its top spot on the Leaderboard, Alpha_02 decided to change his username to "ADMIN" and declared that he would no longer contact anyone via private messages outside of AlphaBay's staff. Therefore, almost all responsibilities of managing the site then were passed down to his second-in-command and head of security, known by the moniker “DeSnake”, who was believed to be the Co-Founder of AlphaBay. Below DeSnake were several Moderators whose pseudonyms were “Raspi”; “Disc0”; “Russ0”; “Botah”; “BigMuscles” and “MountainHigh9” (retired). The site also had Scam Watch personnel named “Onionhood” and “Vass”, tasked with monitoring potential phishing attempts against AlphaBay’s users; a PR Manager known as “Trappy” actively searched for broader black markets via public forums like Reddit and the AlphaBay forum.

AlphaBay continued to thrive, reaching +300,000 users and generated around $500,000 per day from the commission of 2-4% for every transaction. For extra privacy, AlphaBay introduced a feature called “Tumbler” in April 2016 which basically “washes” the coins through multiple transactions.

Witnessing the growing empire knowing they could do nothing about it, the law enforcement met their dead end.

You think this is the end? Of course not! When authorities were pinching their eyebrows in confusion wondering how they could tackle the case, a tip appeared. Looks like Alpha_02 had just doxxed himself.

The FBI agents received a tip from an anonymous person in December 2016. Along with the email sent from the mysterious figure was a screenshot of the welcome email sent directly from AlphaBay to new users back in December 2014. And ironically, Alpha_02’s personal email was included in the header information of the email, which was “Pimp_Alex_91@hotmail.com”. (Bruh.)

“…soon after AlphaBay was launched, the site established an associated online forum allowing customers and vendors to discuss their business. One feature of the sign-up process was new users had to provide an email address for password recovery in case the user lost his/her password… [12]

It looked like “Alex” was his real name and “_91” was when he was born, in 1991. The hunt began.

From this personal email, law enforcement quickly found a LinkedIn profile linked to the same email address, which belonged to a Canadian man named Alexandre Cazes, born on October 19th, 1991.

According to his LinkedIn profile, Alex described his past experience as a Freelance Software Designer and also, ran his own company, a legitimate computer repair business in Canada called EBX Technologies.

Alex’s LinkedIn profile. Source: www.iheartradio.ca

Again, this email address was also linked to a public post on an online tech forum on December 3rd, 2008. The post was uploaded under the username “Alpha02” about how to eliminate viruses from a digital picture. At the end of the post was Alex’s full name and his email address. And then, they found several more accounts registered under his name, used to maintain his PayPal account.

And finally, the rabbit hole led law enforcement to the critical piece of evidence exposing where they could find Alex: a Facebook account of a Thai woman, who was believed to be his wife.

Alexandre Cazes, 25 years old at the time, was a multi-millionaire. His cash, his digital assets, luxury cars, and properties were estimated to be $23 million. [13]

Alex was living his opulent life in Thailand with multiple properties and companies. From 2014 to 2016, Alex successfully established a minimum of six offshore firms, primarily located in Belize and Hong Kong. These enterprises maintained bank accounts in Switzerland, the Seychelles, and New Zealand, along with virtual offices in Geneva and Hong Kong. With these shell companies, he was able to obtain citizenship of the country in which his companies were based. As a result, he was able to unlawfully purchase a five-bedroom villa in Phuket, valued at $7.6 million with a shell company based in Thailand.

Alexandre and his wife. Source: https://nextshark.com/

He also had a wife, a Thai woman named Sunisa Thapsuwan. However, Alex wasn’t a man who values “being faithful” as a virtue. He had multiple mistresses that he usually brought to his other properties around Thailand. Apart from managing AlphaBay, he spent hours driving through the streets in his luxury car.

Having located Alex, the authorities knew it was time to put an end to the largest marketplace on the Darknet. The best thing about this arrest is that it wasn’t only the FBI that was gonna tackle Alex down.

Hansa, a direct rival to AlphaBay at that time, was used as a platform to facilitate the sale of illegal drugs, toxic chemicals, malware, counterfeit identification documents, and illegal services. [14] Despite having a hard time locating the servers of Hansa, authorities still managed to find their lair in the Netherlands.

In co-operation with the Dutch National High Tech Crime Unit (NHTCU), FBI and Europol, the Drug Enforcement Agency (DEA), and police forces from 7 countries worldwide, had established “Operation Bayonet”. And the biggest Darknet bust of all time is about to unfold.

Here’s how it goes: the NHTCU and foreign police forces will hijack Hansa Market’s servers, which were located in the Netherlands, Germany, and Lithuania. A honeypot was created; FBI, Europol, and DEA will arrest Alexandre and shut down AlphaBay, luring thousands and thousands of cybercriminals to move to Hansa Market. When law enforcement has gathered enough information on high-value targets and identified them all, Hansa Market will be shut down immediately.

Alexandre’s villa in Thailand. Source: www.normantranscript.com

While the Dutch law enforcement watched over the Hansa Market, the FBI approached close to Alex’s property, with the help of Thai policemen. A female Thai officer drove a car, deliberately ramming her car through the front gate of Alex’s home in Phutthamonthon, Thailand [15]. The purpose was to catch him off-guard so that he couldn’t lock his laptop.

And it worked! Being startled by the sound, Alex ran downstairs to check on the commotion. By the time he realized what was actually going on, it was already too late. As he tried to escape the grasp of policemen, FBI agents went upstairs to search for his laptop, they silently prayed that it wasn’t locked, as it would take them forever to decrypt it.

Luckily, Alex was still logged in as the admin of AlphaBay, along with two other files that remained open: AlphaBay.com staff, and his and Ms. Sunisa's assets [16]. They had successfully overthrown the king of the Dark web.

“Around the time of takedown, there were over 250,000 listings for illegal drugs and toxic chemicals on AlphaBay, and over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms and fraudulent services.” [17]

As expected, once AlphaBay was shut down in July 5th, thousands of criminals immediately flocked to other marketplaces, including Hansa. Once the data was fully collected, Hansa Market was taken down as well. And that’s the end for the two largest black markets.

Just several days after his arrest, Alexandre Cazes was found dead while in custody at Thailand's Narcotics Suppression Bureau headquarters in Laksi district, Bangkok [18]. He reportedly hung himself using a towel. Meanwhile, Alex’s wife, Sunisa, was facing a money laundering charge.

Alexandre himself was a talented young man. It was such a shame how he used his intelligence for such a deed. But if you think AlphaBay has gone all the way down to hell with Alex after his death, you’re painfully wrong.

AlphaBay was reactivated by none other than DeSnake in August 2021. The site is believed to continue its lucrative business in the Darknet, under the new reign of a new king.

Subscribe to Station 101 to vote on this poll

Only subscribers can vote on this poll.

Already a subscriber? Sign in

POLL

Crypto

0%

GenZ (Health, trends, etc.)

0%

Mystery/True Crimes

100%

4 VOTES · POLL CLOSED

Thanks for reading this article! If you enjoy my work, please consider subscribing, it helps motivate me a lot!

[1] https://www.kaspersky.com/resource-center/threats/botnet-attacks

[2] https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/#:~:text=A%20distributed%20denial%2Dof%2Dservice%20(DDoS)%20attack%20is,a%20flood%20of%20Internet%20traffic.

[3] https://www.investopedia.com/terms/t/tor.asp

[4] https://www.fbi.gov/history/artifacts/ross-william-ulbrichts-laptop

[5] https://en.wikipedia.org/wiki/AlphaBay

[6] https://www.wired.com/story/alphabay-series-part-1-the-shadow/

[7] https://www.cbc.ca/news/canada/montreal/alexandre-cazes-millionaire-cars-property-alphabay-1.4215894

[8] https://www.fbi.gov/news/stories/alphabay-takedown

[9] https://www.nytimes.com/2017/07/20/business/dealbook/alphabay-dark-web-opioids.html

[10] https://www.justice.gov/opa/press-release/file/982826/download

[11] https://securityboulevard.com/2020/02/bitcoin-tumbling-leads-to-multicount-indictment/

[12] https://www.justice.gov/opa/press-release/file/982821/download

[13] https://www.cbc.ca/news/canada/montreal/alexandre-cazes-millionaire-cars-property-alphabay-1.4215894

[14] https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

[15] https://www.vice.com/en/article/59wwxx/fbi-airs-alexandre-cazes-alphabay-arrest-video

[16] https://www.bangkokpost.com/thailand/general/1296395/thailands-richest-couple

[17] https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

[18] https://en.wikipedia.org/wiki/AlphaBay#:~:text=12%20July%202017%3A%20Cazes'%20suspected,due%20to%20face%20US%20extradition.