On Thursday, US authorities announced the seizure of the largest dark web marketplace AlphaBay. Europol and Dutch police also claimed seizure of Hansa, another popular market.
In their dark web investigations, law enforcement have increasingly turned to hacking tools, including the deployment of browser exploits on a mass scale. But tracking down the alleged AlphaBay administrator was much more mundane, officials said.
Alexandre Cazes, who US authorities say used the handle alpha02 as administrator of the site, allegedly left his personal email in a welcome message to new AlphaBay members, according to the forfeiture complaint published on Thursday. The news echoes the arrest of Ross Ulbricht, the convicted creator of the original Silk Road, who made a similar security mistake.
“In December 2016, law enforcement learned that CAZES’ personal email was included in the header of AlphaBay’s ‘welcome email’ to new users in December 2014,” the complaint reads. Users received this message once they signed up to AlphaBay’s forum and entered an email address.
Cazes’ email address—Pimp_Alex_91@hotmail.com—was also included in the header of the AlphaBay forum password recovery process, the complaint adds.
From there, investigators found the address was linked to an Alexandre Cazes, and discovered his alleged front company, EBX Technologies. (Motherboard previously found a link between EBX and Cazes; the company has not responded to requests for comment).
Notably, a 2008 post on an online tech forum authored by someone using the moniker Alpha02 also included the same email address, and the name Alexandre Cazes, the complaint adds. Alpha02 was the moniker used by the AlphaBay administrator.
Authorities also found financial records indicating that Cazes had millions of dollars worth of investments without any lawful source, and that he was logged into the AlphaBay administrator account when investigators raided his residence on July 5. Cazes was found dead in this Bangkok jail cell last week, according to the Bangkok Post .
Back in 2011, Ulbricht, of Silk Road fame, posted a message onto a Bitcoin-focused forum encouraging others to check out the recently launched online marketplace. An archived version of that post led an IRS investigator to the username “altoid.” Finally, another post from altoid included the email address “rossulbricht at gmail dot com.”
As more criminals are busted on the so-called dark web, it’s increasingly clear that even the alleged creators of the most successful online marketplaces ever can make simple yet catastrophic mistakes.