Genesis Market sold to anonymous buyer despite FBI disruption
The criminal group behind the cyber fraud platform Genesis Market claimed on Thursday that it had been sold to an unidentified buyer a few months after U.S. authorities sanctioned the platform and seized some of its domains.
An account with the username GenesisStore, which had previously made posts associating themselves with the platform’s administrators, claimed that the Market had been sold in a brief post on Russian-language Exploit Forum. In recent weeks, several posts from the account had advertised that the site was for sale.
“A buyer has been found and a deposit has been made. The store will be handed over to a new owner next month,” stated the post in Russian, adding: “Accounts on the forums will not be transferred, the new owner will create new accounts if necessary.”
Image: Dmitry Smilyanets/Recorded Future
The sale will not include current user accounts, said GenesisStore. The initial advertisements offered “all the developments, including a complete database (except for some details of the client base), source codes, scripts, with a certain agreement, as well as server infrastructure.”
The sale follows an FBI-led operation that seized Genesis Market’s clear web domains about three months ago, and added the platform to the U.S. Treasury’s sanctions list.
Back in April, within the first 24 hours of the platform’s clear web domains being replaced by police splash pages, international law enforcement agencies announced the arrests of almost 120 people globally who had been using the platform to commit fraud.
Even more significantly for the site’s criminal users, senior officials at the FBI said they had identified and located Genesis Market's backend servers, obtaining “information about approximately 59,000 individual user accounts,” who could potentially be investigated in the future.
The platform’s dark web mirror remained active as it was “hosted in an inaccessible jurisdiction,” the U.K.’s National Crime Agency explained to Recorded Future News, but the international operation had an observable effect on the activity on both Genesis Market’s surviving .onion site and even its primary alternatives, Russian Market and 2easy Shop.
Dmitry Smilyanets, a threat intelligence specialist at Recorded Future, said he doubted that the buyer was a commercial threat intelligence company hoping to capture intelligence data because of the U.S. sanctions targeting Genesis Market.
“I am very surprised that someone would want to buy a fully burned brand,” added Smilyanets. “There is a chance that the operators themselves made that move to facilitate rebranding and disconnect from the sanctioned entity.”
Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.