Popular Illicit Shop Genesis Market Seized by Law Enforcement

The takedown of Genesis Market by the FBI and its partners signals the active targeting of illicit online marketplaces and criminal activities on the dark web by law enforcement.

Default Author Image
April 5, 2023

The fall of Genesis

In April 2023, the FBI, alongside multiple international partners, seized domains associated with the illicit market Genesis Market as part of “Operation Cookie Monster.” The takedown notice, which was posted on Genesis Market’s domains, highlights that the US worked alongside multiple international partners, including Canada, France, Germany, the Netherlands, Spain, Sweden, and the United Kingdom.

Since 2018, Genesis Market has facilitated the sale of stolen browser credentials, login information, passwords, and cookies harvested from a victim’s device through commoditized credential-stealing malware. Genesis was considered among the most popular so-called bot shops, alongside Russian Market and 2Easy.

Arrests are being made globally in connection with the Genesis takedown.

Genesis users seeing double

All known surface-web domains associated with Genesis Market, including known mirrors, currently display the above image/message. However, Genesis Market’s known onion domain remains active and leads to the original market.

Genesis is the latest in a long line of illicit markets that have been taken down by law enforcement. But the resiliency of threat actors has kept the illicit marketplace ecosystem alive and well. To read more about the perpetual cycles of cybercrime, read of State of Cyber Threat Intelligence (SOCTI) report here.

Flashpoint analysts investigated the emergence of a market seemingly identical to the original now-seized site, which allegedly continues to be active. However, analysts have confirmed that existing account credentials are not working with the new domain’s login form. Therefore, this domain may be a scam page used to collect the login credentials of market users. 

Genesis users on Telegram speculate that this may be an exit scam perpetrated by the market admins. A user of the top-tier Exploit forum warned other users to be careful with the market, given the presence of potential scams.

The alleged scam page of Genesis Marketplace. 

The future of illicit marketplaces without Genesis

As with all illicit marketplace shut closures, the takedown of Genesis Market will have a ripple effect throughout the underground economy as buyers and sellers look for alternative marketplaces to conduct their illegal activities. Genesis was considered a top shop for threat actors to buy and sell stolen credentials and the tools needed to exploit them. And with billions of credentials traded each year across these illicit markets, the gap left by Genesis will likely be filled quickly.

The total listings posted on the markets 2Easy, Genesis Market, and Russian Market from January to March 2023. (Source: Flashpoint)

The emergence of a seemingly identical market after the takedown of Genesis Market is also not surprising. After the takedown of a major player, it is common for unscrupulous scammers are also poised to take advantage of the situation amidst the chaos, potentially leaving many buyers and sellers vulnerable to fraudulent schemes. It is likely that legitimate new marketplaces will emerge in the near future as well, with newer marketplaces fighting for any available market share left behind by their predecessors.

Protect your organization with Flashpoint

An organization’s security capabilities are only as good as the threat and vulnerability intelligence informing their defenses. Sign up for a free trial to gain visibility into the illicit markets and communities where credentials are being sold and better protect your organization.

Begin your free trial today.