Searchlight Cyber Analysts

Bohemia Administrators Blame “Rogue” Developer For Dark Web Market Disruption

Our threat intelligence analyst takes a closer look at developments on the dark web marketplace Bohemia, which has been plagued by disruption over recent months.

“Things have been a little bumpy recently”

With the recent closure of major marketplaces including AlphaBay, ASAP, and Tor2Door, Bohemia took pole position as one of the longest established dark web markets and attracted an influx of new users. However, very quickly cracks began to show, with notable disruption taking place on the site from early October. At one point the market was inaccessible and its users and vendors started to complain that they could not access their funds and were receiving patchy communication from the site’s administrators.

When we investigated the reports of Bohemia’s downtime in early October it was not possible to progress beyond this holding page.

For many, it appeared that all the warning signs were that Bohemia had exit-scammed, like many of its predecessors before it. However, the market did eventually re-emerge and in late November its administrators provided their account of why “things have been a little bumpy recently”.

It is worth explaining a bit more about Bohemia before we delve into the chain of events. The market, launched in 2021, is primarily a drugs market. Its product base skews heavily towards cannabis and it actually has a sister market dedicated solely to cannabis products. However, its listings also include counterfeit items such as identification cards and banknote forgeries, as well as a small number of advertisements for exploits and malware. To give an indication of its size, there were a little over 26k listings on the Bohemia dark web market last year, placed by almost one thousand vendors. This makes it one of the most active markets on the dark web. So what went wrong?

“A shameful and disgruntled set of events”

On November 20, one of the Bohemia administrators posted on the dark web forum Dread to explain this disruption that has been impacting the market, using their PGP key to verify their identity.

The “Bohemia Team” statement about the market’s disruption on the dark web forum, Dread.

The statement claims that in a “shameful and disgruntled set of events” a lead developer went “rogue”, withdrawing small amounts of Bitcoin (BTC) over a period of just over a month. The developer in question was “terminated” but the theft did require “an injection of funds into the site to help mitigate the losses”. The administrators claim that this incident, combined with the recent price increase of Bitcoin, led to an “extremely difficult” situation that made it more difficult to process withdrawals.

An interesting aspect of the post is the administrators’ focus on what, in any other industry, might be called “customer service”. For example, claiming at the outset of the statement that they want to “remain transparent and honest with the community we cherish so much, because without you – we are nothing” and lamenting later in the post that they are “wholeheartedly sorry” to those whose trust has “been tarnished”.

Indeed, the purpose of the post is clearly to win back customers to the market, as well as the administrators outlining their “plan moving forward”. This plan includes temporarily disabling the use of Bitcoin on Bohemia and returning outstanding Bitcoin withdrawals to the users balance, where they will then have the option to exchange their Bitcoin to Monero (XMR) on the site.

“We love you all and will see this through”

Reaction to this announcement and the subsequent implementation of the Bohemia administrators’ plan has been mixed. Some users have reported receiving their funds and have even thanked the administrators for their help:

A Bohemia user reports on Dread forum that they have received their missing funds and praises the administrators’ “hard work”.

However, in spite of the administrators’ declaration of love to their customers, some seem to have been pushed too far and are dissatisfied at the speed at which deposits are being returned:

Bohemia users complain that they haven’t received their deposits and continue to receive poor communication, leading to speculation that the market is “selective scamming” – stealing some deposits while returning others.

Vendors have also expressed their frustration with Bohemia and indicated that they will not be returning to the market:

Someone claiming to be a vendor on Bohemia vows to cut their losses and leave the marketplace after not receiving the funds promised by the administrators or a response from “support”.

Law enforcement agencies investigating activity related to Bohemia should therefore continue to keep a close eye on the market because – although the administrators have stated that they are “categorically NOT going anywhere” – it appears that at least a portion of their user base and vendors will be.

Once again, this sees the dark web market ecosystem in flux and it is likely we will see other sites try to capture market share from Bohemia. This drives home the need for continuous monitoring of the dark web to stay on top of fast-moving developments in the online criminal underground.

To find out more about tackling crime on the dark web our CRIMINAL INVESTIGATION PAGE.