Earlier today, the 2020 version of Europol’s annual Internet Organised Crime Threat Assessment (IOCTA) report was published on the European Union law enforcement agency’s website.
A key part of this report is the update it provides on the status of the darknet market ecosystem. Notably, the report covers the increasing threat of coinjoin-enabled Bitcoin Wallets, such as Wasabi and Samourai. Coinjoin is a method of transacting on Bitcoin that attempts to obscure the connection between a sender and a receiver on the blockchain.
“There has been an increase in the use of privacy-enhanced cryptocurrencies and an emergence of privacy-enhanced coinjoin concepts, such as Wasabi and Samurai [sic],” reads the report.
Additionally, this section of the report goes into the increasing popularity of alternative cryptocurrency Monero as a form of payment on darknet markets and the increasing decentralization of the sector as a whole.
While various privacy-focused altcoins have popped up over the years, Bitcoin is still the main medium of exchange used on darknet markets. Although there is still plenty of work to be done in terms of making the world’s most popular cryptocurrency more private by default, some specific wallets have made it possible to use Bitcoin more privately.
“With respect to cryptocurrency on the Darkweb, privacy-enhanced wallet services using coinjoin concepts (for example Wasabi and Samurai [sic] wallets) have emerged as a top threat in addition to well established centralised mixers,” reads the IOCTA report.
According to the report, these wallets offer additional features outside of simple coinjoin integration and Tor networking.
“Samurai [sic], for example, offers remote wipe SMS commands when under distress,” says the report. “These wallets do not necessarily remove the link between the origin and destination of the funds but certainly make cryptocurrency tracing much more challenging.”
The report adds that adminstrators at some darknet markets are trying to integrate coinjoin wallets into their default payment systems and that there have been increases in the use of hardware wallets by admins and users of various darknet markets. Additionally, the report notes some darknet markets are integrating the use of multisig addresses or even wallet-less cryptocurrency payment systems.
“Monopoly is also a wallet-less market in which payment occurs directly between buyer and vendor, and instead of enacting transaction fees, the market receives a monthly commission,” reads the report.
In addition to the increasing popularity of coinjoin-integrated Bitcoin wallets, the Europol report also covers the rise of Monero as a privacy-focused Bitcoin alterantive. The report also specifically mentions Litecoin, Ethereum, Zcash, and Dash as other altcoins that have been integrated into darknet market platforms.
“While Bitcoin still remains the most popular payment method (mainly due to its wide adoption, reputation and ease of use), the use of privacy enhanced cryptocurrencies has somewhat increased albeit not at the rate expected by their proponents,” says the report.
According to Europol, Monero is gradually becoming the most established privacy altcoin for darkweb transactions, followed by Zcash and Dash.
The report from Europol also covers an increase in decentralization for the darknet market ecosystem as a whole. According to the report, there has been a rise in smaller markets that focus on specialized features and offerings for their users.
Additionally, the report points to Telegram vending service bots, OpenBazaar, and Particl.io as examples of new alternatives to the traditional, hidden service-based darknet market model.
“OpenBazaar in particular is noteworthy as certain high priority threats have emerged on the platform over the past year,” the report adds. “These include those banned by some of the other Tor market-based administrators such as weapons and fentanyl.”
The report clarifies that these sorts of listings on OpenBazaar, which is a protocol for a decentralized internet marketplace, appear to be limited at this time.
“I think, for us, we filter out any of that kind of stuff in our search engine, so we don’t really get exposed to it that much but there’s nothing stopping anybody from going ahead and doing that on their own,” OB1 CEO Brian Hoffman told The Crypto Feed when reached for comment.
“Additionally, some marketplaces have intentionally relatively short lifecycles, which pose a challenge to law enforcement investigations,” says the report. “Short life cycles are making it difficult for law enforcement to investigate criminal cases. Administrators seem to want to stay under the radar of law enforcement by knocking down markets and keeping market lifecycles low.”
In addition to the increasing decentralization of darknet marketplaces themselves, the report also covers this phenomenon in the areas of news, information, search engines, and communication methods.
According to the report, Darknetlive, dark.fail, and Dread have replaced DeepDotWeb as hubs of information around darknet markets. Kilos and Recon are two darknet market search engines that are somewhat similar to the now-defunct Grams. In terms of communication methods, the report points to increased interest in Sonar, Elude, Discord, Wickr, and Telegram in response to accusations around Protonmail potentially assisting law enforcement investigations.
Although the ecosystem has become more decentralized, the report adds that the various actors in the space tend to work together in a collaborative manner.
“Darkweb administrators have been observed pulling together and showing a collaborative spirit to maintain the environment under challenging circumstances,” says the report. “When faced with similar challenges, forum and service administrators have been seen working more closely together over sharing code and security methodologies (i.e. anti-DDoS measures, avoiding scams, creating trust-building sites to help users navigate vendors across different marketplaces, etc.). “
Specifically, the report points to Dread’s development of an anti-DDoS protection mechanism, known as Endgame Filter.
“The Darkweb environment remains difficult to disrupt as developments are often challenging to anticipate,” adds the report.