A decade ago, US law enforcement was content to swat down a dark web black market for drugs and send its dealers and buyers scrambling to the next biggest anonymous online bazaar on their list. Now, one sprawling set of worldwide takedowns has revealed how those investigators are casting a much wider dragnet—one that doesn’t merely target dark web administrators, but also mines their databases for leads to relentlessly trace and arrest hundreds of dealers from those markets around the world.
Today, the US Department of Justice, Europol, and a list of law enforcement agencies in at least nine countries from Brazil to Poland revealed Operation SpecTor, a collection of dark web investigations that led to the arrest of 288 people worldwide—153 of whom were in the US. Officials also announced the seizure of nearly 1 ton of drugs, $53 million in cash and cryptocurrencies, and 117 firearms. Europol simultaneously revealed that German police had taken down the dark web site Monopoly Market, which had gone offline in late 2021 under mysterious circumstances, leaving many of its users to wonder if the market’s administrators had pulled an “exit scam” in which they absconded with users’ funds.
In Operation SpecTor, investigators appear to have leveraged information obtained through the seizure of Monopoly’s servers and data from other dark web market takedowns in recent years to find leads on hundreds of the dark web’s drug dealers—and even customers—on an unprecedented scale. “This represents the most funds seized and the highest number of arrests in any coordinated international action led by the Department of Justice against drug traffickers on the dark web,” US Attorney General Merrick Garland told reporters in a press conference. “The Justice Department is cracking down on criminal cryptocurrency transactions and the online criminal marketplaces that enable them.”
Along with Monopoly, Operation SpecTor appears to have exploited information obtained in previous dark web takedowns too. In his statement, Garland referred to both the takedown of Hydra, a Russia-based market that served as a massive hub of online drug sales and money laundering, and the smaller dark web black market Genesis, which focused on cybercrime products and services. But the Monopoly takedown, in particular, was kept under wraps for well over a year as law enforcement agencies worldwide followed leads from the case: A statement from Europol notes that “target packages” were “created by cross-matching and analyzing the collected data and evidence” from the seizure of Monopoly’s infrastructure.
All of that points to law enforcement’s increasing exploitation of the bonanza of evidence obtained in dark web takedowns. This has allowed them to carry out more far-reaching roundups of the dark web’s most prolific dealers, who are often active across multiple markets. Cryptocurrency tracing has also played a central role in expanding those operation’s targets. The databases of transactions obtained in dark web busts, if they can be decrypted, offer starting points for cryptocurrency tracers, who can then follow the money across blockchains to cryptocurrency exchanges where drug profits have been cashed out, and which can often be subpoenaed for users’ identifying information.
“It’s indeed likely that the arrests are related to data from all the different takedowns,” says one former law enforcement official involved in dark web busts, who asked not to be named. “Law enforcement combines all the information from the different seized data sets in order to identify the high-value targets. And if you identify cryptocurrency wallet addresses, you can often link activities on the different markets together, and the crypto exchanges might have the missing know-your-customer information you’re looking for.” In previous busts of dark web markets in recent years—including AlphaBay, Hansa, Wall Street Market, and Dark Market—agents obtained that sort of historical database in each case, cracking open a wealth of new leads.