Popular Illicit Shop Genesis Market Seized by Law Enforcement

The fall of Genesis

In April 2023, the FBI, alongside multiple international partners, seized domains associated with the illicit market Genesis Market as part of “Operation Cookie Monster.” The takedown notice, which was posted on Genesis Market’s domains, highlights that the US worked alongside multiple international partners, including Canada, France, Germany, the Netherlands, Spain, Sweden, and the United Kingdom.

Since 2018, Genesis Market has facilitated the sale of stolen browser credentials, login information, passwords, and cookies harvested from a victim’s device through commoditized credential-stealing malware. Genesis was considered among the most popular so-called bot shops, alongside Russian Market and 2Easy.

BREAKING: 120 arrested as ‘Aladdin’s cave of cyber crime’ taken down. Genesis Market was taken offline on Tuesday night after an operation led by the FBI and Dutch National Police. 24 people arrested in the UK with another dozen active warrants issued by police. pic.twitter.com/rSbhBWOy6r

— Joe Tidy (@joetidy) April 5, 2023

Genesis users seeing double

All known surface-web domains associated with Genesis Market, including known mirrors, currently display the above image/message. However, Genesis Market’s known onion domain remains active and leads to the original market.

Flashpoint analysts investigated the emergence of a market seemingly identical to the original now-seized site, which allegedly continues to be active. However, analysts have confirmed that existing account credentials are not working with the new domain’s login form. Therefore, this domain may be a scam page used to collect the login credentials of market users. 

Genesis users on Telegram speculate that this may be an exit scam perpetrated by the market admins. A user of the top-tier Exploit forum warned other users to be careful with the market, given the presence of potential scams.

The future of illicit marketplaces without Genesis

As with all illicit marketplace shut closures, the takedown of Genesis Market will have a ripple effect throughout the underground economy as buyers and sellers look for alternative marketplaces to conduct their illegal activities. Genesis was considered a top shop for threat actors to buy and sell stolen credentials and the tools needed to exploit them. And with billions of credentials traded each year across these illicit markets, the gap left by Genesis will likely be filled quickly.

The emergence of a seemingly identical market after the takedown of Genesis Market is also not surprising. After the takedown of a major player, it is common for unscrupulous scammers are also poised to take advantage of the situation amidst the chaos, potentially leaving many buyers and sellers vulnerable to fraudulent schemes. It is likely that legitimate new marketplaces will emerge in the near future as well, with newer marketplaces fighting for any available market share left behind by their predecessors.

Protect your organization with Flashpoint

An organization’s security capabilities are only as good as the threat and vulnerability intelligence informing their defenses. Sign up for a free trial to gain visibility into the illicit markets and communities where credentials are being sold and better protect your organization.