March 24, 2015 By Douglas Bonderud 2 min read

On the Dark Web, everything is for sale, from weapons, drugs and information to just about anything else imaginable. After the fall of Silk Road, the Evolution market became the go-to shopping site for all things illegal. But in a move that should surprise absolutely no one, the founders of Evolution, known as “Verto” and “Kimble,” have reportedly closed down the site and taken an estimated $12 million worth of bitcoin with them.

Exit Strategy

According to Naked Security, everything was going along smoothly for Evolution until last week, when a supposed site administrator named NSWGreat made a Reddit post claiming Verto and Kimble were planning to abscond with $12 million in pocket. A few days later, the site went down and never came back up. All transactions were suspended, and the money was gone. There was no indication that this was the work of law enforcement.

The site’s creators allegedly got away with so much in bitcoin because of Evolution’s escrow system. Since both the buyers and sellers of illegal items tend to be on the suspicious side — after all, one could be undercover law enforcement or looking to peddle fake merchandise — the Evolution market used an escrow solution to keep all money on hold until both parties were satisfied. The problem? This left a large amount of bitcoin under the control of the site administrators.

As noted by the Washington Post, it is possible to limit the success of this exit strategy by using a multiparty signature, which requires both buyers and sellers to approve administrative decisions. Although reports claim Evolution was running some kind of signature system, it obviously wasn’t up to snuff.

Bit by Bit

The Evolution collapse and subsequent fallout isn’t a surprise for Dark Web users or technology users at large. Online transactions inherently include an element of risk, and once criminals looking to purchase goods outside of mainstream channels are added to the mix, it’s hardly a surprise that two of them reportedly decided to serve their own interests.

What’s more intriguing, however, is the effect on bitcoin. The alternative currency has a wildly fluctuating exchange rate and has experienced more than a few problems, such as the Mt. Gox debacle. However, as noted by IT Pro, there is still hope the currency can be effectively managed. The U.K. government recently announced a plan to regulate all digital currency exchanges. According to News.com.au, however, some comments on the Evolution market debacle see it as a sign of things to come.

“This is like Step 125 on the journey of [bitcoin users] discovering piece by piece exactly why financial regulations exist,” one Reddit poster commented.

In other words, while the idea of bitcoin and similar currencies is appealing, they all come with the same risk and random devaluation or outright theft in a way that isn’t possible with more traditional online payments.

Closing Shop

Evolution may be gone, but the Dark Web always has something to offer users looking for items they can’t buy on the Internet at large. What’s worth watching here is how the market reshapes itself around yet another debacle. Are drug dealers and information sellers going to start making rules instead of breaking them? Is the criminal boom-and-bust cycle the new blueprint for online transaction security?

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today