Cybercriminal Marketplaces: Olympus Has Fallen
September 28, 2018
The Olympus cybercriminal marketplace has been caught up in another PR disaster, with the owners reportedly conducting an exit scam and stealing user funds. Early this month, discussions on the online Dread forum hinted that the highly regarded (emphasis on the past tense) Olympus went offline, though this was unconfirmed. Reasons for its sudden inactivity remained unclear at the time, although Hugbunter – a respected user in the community – suggested that an exit scam had taken place as the site admins were unreachable and order finalization was no longer working. With an exit scam appearing likely, Hugbunter issued warnings to vendors, imploring them to withdraw their money.
One of the sites moderators, Ori, reached out to Hugbunter two weeks later confirming that the site admins had disappeared; the suspicions became a reality. The Olympus exit scam is a telling illustration that the marketplace model continues to struggle in a post-Alphabay and Hansa Age.
Figure 1: Ori, Olympus moderator, confirms that Olympus has shut down
Olympus’ woes: (dis)trust, poor execution & Dread-ful PR
Olympus was one of the bookmaker’s favorites when it came to dark web markets, with some going far as claiming it would be the next generation market to replace AlphaBay and Hansa. So, with the odds in its favour, why did Olympus make an exit? We look at the three potential reasons:
- (Dis) trust
In a post- Alphabay and Hansa age, the fall of Olympus has become a symbol of the shifting behaviour in dark web vendors. As we’ve highlighted before, trust is one of many important factors that determine the success of a marketplace. Users don’t naturally trust new markets, often for fear that they’re law enforcement in disguise. A new market like Olympus would not have been immune from such suspicion and scrutiny.
To overcome this obstacle and appear legitimate, HugBunter alleged that Olympus listed fake sales, bloating the market to make the market appear bigger than it was.
Figure 2: Hugbunter performs a post-analysis of the exit scam
- Poor execution
Olympus went into the market either underprepared or underfinanced, or both. Like any business, you need a wealth of resources to kick things off the ground, including start-up capital, e-commerce skills (for user experience) and marketing budget (you’ve got to get your name out there). You might need multiple employees to execute jobs such as moderators, customer service and site maintenance. These employees need to be paid, and that means more costs. Finally, marketplaces and forums need to protect themselves from attackers, rival sites and law enforcement, so security services such as bullet-proof hosting are also a financial consideration.
Olympus may have underestimated the hidden costs associated with a dark web market and failing to accumulate such capital stifled both its ability grow and succeed. We don’t know this for sure, but an exit scam may have been the easy way out of such a scenario.
- Dread-ful PR
Customers are your biggest advocates. Olympus was only shooting itself in the foot when it claimed it was in the process of hacking Dread, a reddit-style community with a big cult following, earlier this year. The claim only served to irk Olympus vendors, rallying them behind Dread. Though Olympus admins retracted their claim and added they would hire ‘good PR’, how they handled the situation impacted the way Olympus was perceived, and its reputation never recovered.
What does the future look like?
Vendors may flock to other markets, with Rapture market and Berlusconi offering some appeal to former Olympus advocates.
Figure 3: One user highlights how Olympus vendors may move to other markets
Culture of fear
That said, vendors are vying for a secure, trusted and respectable market to fill the hole left by AlphaBay and Hansa, but the sudden rise and fall of Olympus demonstrates that new markets are very volatile. Vendors may choose to stick with what they know – whether that be an older, established marketplace, or alternative platforms altogether.
Figure 4: Dreddit user suggests all new markets should be distrusted
Distrust is rife within the cybercriminal ecosystem. When Olympus went offline with no direct communication to the vendors, this only heightened tension and suspicion. And although Ori, one of Olympus moderators, reached out two weeks later apologising for the situation, the message was long overdue. The silence that followed Olympus’ inactivity would have been enough for users to assume that law enforcement had infiltrated the market. Timing is everything.
Adding to that, vendors are claiming that the Olympus admins have stolen credentials. Whether true or not, such claims can only perpetuate suspicion within the community and vendors will approach new markets with even more apprehension.
Figure 5: Reddit user claiming Olympus credentials were stolen and reused on rival markets
Another nail in the marketplace coffin
Time, money and fear of getting caught are proving to be a high price to pay for vendors whose dark web markets just vanish. Such behaviour will only mean that vendors will turn to more secure and reliable methods of communication – just look at our blog which highlights that cyber criminals are switching to messaging platform, like Telegram and Discord.
Olympus’ fall consolidates Digital Shadow’s assessment that the traditional marketplace model is rapidly in decline. Whether it recovers remains to be seen.
To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.