Darknetlivereport

On April 30, the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime ( ZIT ) – and the Federal Criminal Police Office ( BKA ) were able to confiscate the server infrastructure of the crypto swapping service “eXch” and secure cryptocurrencies in the form of Ether, Litecoin and Dash worth 34 million euros.

eXch was a service operating since 2014 that primarily accepted Bitcoin of criminal origin. The service allowed users to exchange various cryptocurrencies for other cryptocurrencies ( so-called swapping). The platform advertised anonymity for its users, meaning they would not have to verify their identity and user data would not be stored. This enabled the platform, which was openly accessible on the internet and the dark web, to conceal financial flows.

The operators of eXch are suspected, among other things, of commercial money laundering and operating a criminal online trading platform. The BKA cooperated closely with the Dutch tax investigation agency FIOD in the investigation.

In particular, the measures succeeded in securing the platform’s database and the associated crypto assets. The Central Intelligence Agency (ZIT) and the Federal Criminal Police Office (BKA) expect that the findings obtained in this investigation will also contribute to the investigation of numerous other cybercrimes.

Carsten Meywirth, Director of the Federal Criminal Police Office and Head of the Cybercrime Division , said: “Once again, we have secured a record-breaking sum of millions in incriminated cryptocurrencies and shut down a digital money laundering platform. The scale of the incident impressively demonstrates that cybercrimes are being committed on an industrial scale. We will continue to increase the risk of loss for the underground economy with all the means at our disposal. Our goal remains to hold those responsible accountable.”

Source: BKA

International drug trafficking? Two Bad Iburgers arrested! – In Bad Iburg (district of Osnabrück), the police arrested a 32-year-old and a 24-year-old. They are said to have sold drugs on a large scale via existing and self-founded online platforms.

A 33-year-old suspect from the Bielefeld area was also taken into custody, as the Federal Criminal Police Office (BKA) and the Bamberg Public Prosecutor’s Office announced on Wednesday. The 32-year-old main defendant, the suspicious men and possible other accomplices are said to be responsible for more than 6,000 sales with a turnover of more than 750,000 euros. The Bamberg Public Prosecutor’s Office spoke to the NDR Niedersachsen of investigations against a criminal network. According to the information, the searches and arrests already took place on the 9th. April. The Bamberg Public Prosecutor’s Office and the BKA did not make the case public until Wednesday. A spokesman for the Bamberg Public Prosecutor’s Office justified this with ongoing investigations.

Websites have been sezied

According to the investigators, the suspects received the money for the drugs via the cryptocurrencies Bitcoin and Monero. The suspects are said to have appeared under the pseudonyms “Pygmalion”, “Don Morpheus” and “Modus Vivendi” on darknet marketplaces. In addition to the darknet, they are said to have sold illegal narcotics via messenger services and specially managed online shops and shipped them worldwide. According to the investigators, the investigators were able to take over and confiscate a significant part of the digital infrastructure. In doing so, the police provided evidence that would enable them to identify other participants and customers, it was said.

Further searches in North Rhine-Westphalia and Thuringia

In addition to the measures in Bad Iburg and the Bielefeld area, objects in Düsseldorf and in the Thuringian Unstrut-Hainich district were also searched. The Bamberg Public Prosecutor’s Office took over the investigation at the beginning of 2024 – it is responsible for the processing of prominent investigations in the field of cybercrime, according to a spokesman for the Public Prosecutor’s Office.

According to the BigBossChefOfArchetyp main administrator and owner of Archetyp Market 1 week ago there was an IP leak of their clearnet link provider service, archetyp.cc website. It all started with a username on Dread forum called archetypleaked who claimed that he hacked the server of Archetyp Market and requested 100 XMR (Monero) in order to not continue exposing more information. However, it all turned out to be a scam as the main admin of Archetyp confirmed that there was in fact an IP leak, but not that of a Archetyp Market server, but link provider one.

Full statement from Archetyp admin is below:

Hey,
this is what we received from CloudFlare today:

Cloudflare received a phishing report regarding:

archetyp[.]cc

Below is the report we received:

Reporter: Anonymous

Reported URLs:
hxxps://www[.]archetyp[.]cc


Original Work: Archetyp DarkWeb Marketplace
Logs or Evidence of Abuse: Dear Cloudflare Security Team,

I am writing to bring to your attention a serious concern regarding the domain
www.archetyp.cc, which is associated with a rotator service for the dark web market
known as Archetype. This market is reportedly involved in the sale of illegal
substances, including fentanyl, which poses a significant risk to public safety,
particularly to children worldwide.
Key Points of Concern:

Association with Dark Web Market: The PGP signature displayed on the website
verifies that the onion links provided for accessing the Archetype market belong
to the market administrator. This indicates a direct association between the
domain and illicit activities.

Phishing Domain: While www.archetyp.cc itself may not be a phishing domain, it
is important to note that archetyp.cc is suspected of phishing activities. Given
the nature of the content and services offered, it is crucial to consider the
potential risks associated with both the main domain and its subdomains.

Illegal Activities: The Archetype market is reportedly facilitating the sale of
dangerous drugs, including fentanyl, which have been linked to numerous
fatalities, particularly among children. This raises significant ethical and
legal concerns regarding the hosting and support of such a domain.

Responsibility of Domain Name Servers: As the nameservers for archetyp.cc are
managed by Cloudflare, there is a responsibility to take action against domains
that are involved in criminal activities. The continued operation of this domain
under your services could implicate Cloudflare in facilitating these illegal
activities.

Request for Action:

Given the serious nature of these allegations, I urge Cloudflare to investigate the
activities associated with www.archetyp.cc and its subdomains. It is imperative to
take swift action to prevent further harm and to uphold the integrity of your
services.
Conclusion:

The potential risks associated with the continued operation of this domain are
significant. I trust that Cloudflare will take this matter seriously and act
accordingly to protect the public from the dangers posed by the Archetype market.

Thank you for your attention to this urgent matter.

Sincerely,
Andrew


We have forwarded this complaint to your hosting provider. We have restricted
access to the phishing-related content until it has been removed.

To respond to this issue, please reply to abusereply@cloudflare.com.

Regards,

Cloudflare Trust & Safety

So unfortunately I have to confirm that this post (on Dread) is partly true. The part with the IP. The rest he posted is bullshit, he did not hack anything, he neither stopped a connection because there is no API. It’s a 0% risk to the market, just like the previous IP leak of a Clearnet service of us.

We encrypt everything ahead of time, every message you can get from that site is a signed mirror already encrypted with your key. We store it as fingerprint.txt and load it if you request it. The server is disposable and we won’t use CloudFlare from now on and move to a different provider.

If someone can recommend us a different provider that fits us better than CloudFlare, feel free to leave a comment below.

Pygmalion, a German darknet drug vendor has been arrested by the German police. Pygmalion was one of the largest vendors in Germany and Austria (possibly Europe) and had over 7250 orders during the last year alone. Raid has been carried out on 7 of February 2025 on 5 different properties which resulted in arrest of 4 individuals (3 males and 1 female) with ages being between 24 and 56 years old. German BKA seized 50 kilograms of various drugs including methamphetamine, heroin, cocaine and 150,000 prescription tablets.

The first to announce this was a user called CypherWW on Dread forum saying that the servers they had access to has been compromised. The full messages is below:

Everyone please clean up. Pyg as compromised, including his data too. The servers he had access to were seized. I will try to place a more detailed announcement.

Dear Valued Customers,

We sincerely apologize for the recent disruptions and any inconvenience they may have caused. Due to internal challenges, Pygmalion has stepped away from the business. In the meantime, we have engaged trusted and thoroughly vetted personnel, authorized by Pygmalion prior, to ensure continuity and maintain our service standards.

We are pleased to inform you that we have partnered with a new, highly reliable shipping provider. This transition will facilitate smoother, more timely deliveries with minimal delays, allowing us to serve you more effectively.

For your peace of mind and to address any concerns regarding security or authenticity, we are happy to provide signed PGP messages linked directly to our market accounts. Should you have any hesitation, please do not hesitate to contact us, and we will gladly furnish these verifications.

Thank you for your understanding and patience as we navigate these challenges. We remain committed to your safety and to maintaining your trust as we continue to improve our services.

Sincerely, Pygmalion Team.