How the Dutch Police Took Over Bitcoin Dark Market ‘Hansa’
Way back in the earlier days of bitcoin (BTC), before all these blockchain startups started giving cryptos a better name, the most famous use for them was on the Dark Web. Online markets cropped up, and trafficking in illicit goods picked up quickly to meet demand. The most popular being the infamous Silk Road marketplace, but others like AlphaBay, Ramp, and Valhalla helped support this growing ecosystem. Tagging closely along was the internet of money: Bitcoin.
Digital Entrapment: German and Dutch Authorities Take Down Hansa
Since then BTC has grown up quite a bit and found its place outside of just illegal markets. That being said, authorities still spend a lot of resources tracking other, lesser-known markets down in a game of whack-a-mole. One dominant force in the scheme is the Netherlands.
The Dutch Police are all too familiar with this, and back in 2016, they had another idea for the dark mart known as Hansa. Interestingly, they didn’t take it down, but instead, take it over.
Going off of a tip from the security firm BitDefender, the Dutch Police managed to gain access to a Hansa development server. Typically, this wouldn’t be enough to find out anything besides anonymized chat logs and nearly untraceable transaction details.
However, following a misstep on the part of the Hansa developers, logs from an outdated messaging system containing the full name and one of the addresses of two of the alleged founders of Hansa were confiscated by authorities.
Luckier still for the police, was that these two men were just over the border in Germany and currently under investigation for selling pirated ebooks and audiobooks on a site call Lul.to.
As the Germans were making their arrest, the Dutch used this as cover for their plan. They were to set themselves up as the new administrators for Hansa.
Concurrently, in the US, the FBI were working on their investigation of the AlphaBay servers. At the time AlphaBay was the biggest darknet market, but as they were about to be taken down by the feds the users and dealers would be looking for a new place to set up.
This move placed the Dutch in the perfect position to become the administrators of a burgeoning marketplace, Hansa, as a flood of users would be coming.
The Germans raided the admin’s house, who left their hard drives unencrypted and handed them over to the Dutch team investigating the case. From there, Dutch authorities were able to use the information gained from them and the suspects to log in as admins.
At the same time the FBI did their takedown of the AlphaBay, and suddenly a growing Dark Web market was in the hands of the Dutch task force.
During this time over 5,000 users, a day registered to Hansa, eight times the average registration rate, and all immediately fell under police surveillance.
The code was rewritten on the site to log every password unencrypted, including messages which in most cases gave the full home address of the buyers, and the metadata of all photos was given to the police including the location of where the photographs were taken.
Interestingly, as a whole team of officers were impersonating the two admins, whenever a conflict occurred that needed to be settled by the admins they were more than ready to deal with it way better than two men alone could.
The quality of the site actually went up during the task force’s take over, and users were reportedly very content with the service.
Due to this increase in quality of the site, it quickly became the number one destination on the dark web for the illicit market.
After 27 days and nearly 27,000 transactions, all this data became unmanageable, and they took down the site, leaving a notice with a list of identified sellers and buyers and this note:
“We trace people who are active at Dark Markets and offer illicit goods or services. Are you one of them? Then you have our attention.”
In the end, a couple dozen of the top sellers were arrested, 1,200 bitcoins were seized, and the reputation of dark web markets has been forever tarnished. Though it will recover somewhat, many users are more than a bit wary of using services like this again.