The popular dark web site Empire Market has been down for at least 48 hours, with some users suspecting an exit scam and others blaming a prolonged distributed denial-of-service (DDoS) attack.

Over the weekend, multiple reports emerged on Twitter and Reddit from users complaining about not being to load the Empire Market website.

Empire Market features numerous illicit goods including illegal drugs, chemicals, counterfeit items, jewelry, and credit card numbers while offering payment methods including Bitcoin (BTC), Litecoin (LTC), and Monero (XMR).

"Placed an order like 5 days ago and don't know if the vendor ever got on to accept because I haven't seen it online since. Sucks waiting for something that might have auto canceled," stated a Reddit user JuicyVeins.

In our test, BleepingComputer was unable to reach the Empire Market and related domains, all of which timed out.

Empire Market .onion site down
Empire Market onion site(s) down
Source: BleepingComputer

Possible exit scam?

While there is much uncertainly about the source of the downtime with even the head moderator hoping the admins will restore the site, is there a possibility of an exit scam?

Some rumors and comments circulating on public forums are debating the possibility.

Exit scams occur when unscrupulous businesses continue accepting orders without fulfilling them and eventually disappearing with the funds.

In the last few years, cryptocurrency exit scams were used to steal money stored in escrow for incomplete transactions. Some admins made it off with over $100 million from users.

However, the chance is unlikely in this case, considering that some users' claims that they were able to access the site, albeit with difficulty. This isn't the first time Empire Market has been subject to DDoS attacks, either. Earlier this year, the site had barely dodged heavy disruptions from DDoS attacks.

A Twitter user and "anonymous journalist" DarkDotFail further alleged that the market had suffered a massive DDoS attack making it "very slow to access," with Monero functionality broken.

Twitter reports of Empire Market down
 Report of Empire Market having suffered a DDoS attack
Source: Twitter

Bitcoin News lists many more sources that allege Empire Market having been a victim of a DDoS attack.

An Empire Market's top moderator stated in a dread thread, "If the market is still down in a couple of days I'll make a post about the whole situation then, it's early days and maybe the admins will bring it back."

Moderator response Empire Market
Empire Market's head moderator's response
Source: Twitter (via @DarkDotFail)

If this turns out to be just a DDoS attack, it's a surprisingly long one with even the site's head moderator giving an ambiguous response.

Updates from 25-Aug-2020 below:

Empire sinks completely; unlikely to return

More details have emerged indicating Empire Market is gone for good and won't be resuming operations.

"It's now been over 48 hours of the market being down. The market mod panel has also been down that long. I had hoped it would have returned by now. It is looking very unlikely that it will. The mod panel is down and the admins are not on jabber," stated Se7en in a forum post, as provided by a Twitter user.

The reasons behind the market closure, as speculated by Se7en, reveal interesting bits of information.

Empire Market Se7en Response
Update provided by Se7en, Empire Market forum's head moderator

The head mod has expressed that the admins behind the dark web market were getting exhausted keeping Empire afloat.

The site had been on "auto-pilot" for the past half-year with communication between admins and the forum mods becoming increasingly limited.

"I know the admins were getting tired of keeping Empire Market running. The market was on auto-pilot for the last half a year with no new features being added. I had made suggestions, some of the suggestions was [sic] getting rid of PINs and only using PGP 2FA or reviewing XMR code to make XMR withdrawals more reliable. Most of my suggestions were ignored," said Se7en, further adding:

"Earlier on in the history of the market, they listened to me more. The market launched with allowing weapon purchases, they removed it after I strongly advocated against the market having anything to do with weapons. In the last half a year it wasn't just ignored suggestions. Communication in general between the mod team and the admins was very limited. This was frustrating but I had accepted that this is the way they wanted it."

Not an exit scam but abrupt exit

Se7en does not believe this was a planned exit as typically that happens when admins continue accepting payments for weeks or longer before disappearing altogether. 

"If it was a planned exit I don't think they would have put in any work fixing BTC withdrawals that close to the end," stated Se7en.

"They had frequently told me they wanted Empire to be the longest living market in history and for the most part I do think that was their intentions and is why the market was online for as long as it was. Having said that. It is sad the admins didn't give any notice of the closure and there is no excuse for that."

Se7en has cast blame on the user "SchwererGustav" for previously DDoSing the site and allegedly extorting payments from the site admins to keep the site running. The admins, according to Se7en had potentially agreed to make an estimated $10,000 to $15,000 weekly payouts to Gustav in an effort to save the market.

This "deal" had already put a significant strain on the market's finances until DDoS attacks from other actors emerged, at which point the admins would have likely thought of calling it quits.

Tor staff have also been blamed by Se7en for their failure to fix the flaws in the system which would have prevented such attacks in the first place.

"If the Tor staff team had fixed the problems in Tor that makes an attack like this possible, I believe the admins would have stuck around longer. Tor staff know what they need to do to fix this and that is to add PoW to the network."

"Maybe they are working on this now and its [sic] nice to see they are talking about PoW more frequently but they have been stalling on this for years. I'll go one step further and say if Tor staff team added PoW years ago even Dream Market might still be here."

The post concludes with, "I'm disappointed the admins ended the market like this. I apologize to anyone that had money in escrow. I can only advise that you use markets with MultiSig and only use that for big orders."

A text copy of the post with the PGP signature has been made available by Dark.fail.

Where's my money?

Exit scam or not, numerous users are concerned about their money having been stuck in the escrow, which they are now unlikely to get a hold of. 

"F**k :( so they're not even giving us the grace period to withdraw our funds like dream did," said one Twitter user, followed by another in the same thread:

"Yeah rip my 100 bucks rip to all the sellers though."

NoFear81 demanded Se7en to get their money back by any means possible:

Empire Market user complaints
Users complaining about their money having been stuck as Empire sinks
Source: Twitter

 

This is a developing story and will be updated as more information becomes available.
26-Aug-2020: new development covered in "With Empire gone, patrons eye other illegal darkweb markets."

Related Articles:

BlackCat ransomware shuts down in exit scam, blames the "feds"

Hackers target FCC, crypto firms in advanced Okta phishing attacks

Malicious code in Tornado Cash governance proposal puts user funds at risk

LockBit ransomware gang has over $110 million in unspent bitcoin

North Korean hackers now launder stolen crypto via YoMix tumbler