In the first chapter of this series, we provided an overview of the hidden sub-economy of scammers who scam scammers, and in the second we examined the wide variety of scams and tricks within it.
The third chapter is a little different. It covers a specific scam we uncovered during our research, which we highlight because of its scale, levels of coordination, and apparent success.
The curious case of twenty fake marketplaces
During our research into Genesis Market, we found a clearnet site (genesismarket[.]org) that looked nothing like the genuine Genesis Market site but appeared prominently in search engine results.
Figure 1: The fake Genesis Market site
We quickly determined that the site didn’t seem to be connected to the genuine Genesis Market. For one thing, the site demands a $100 USD deposit, whereas the real Genesis is invitation-only.
Figure 2: The deposit demand on the fake Genesis site
The site asks users to pay in Bitcoin or Monero:
Figure 3: The fake site’s deposit page
This, and a few other elements (such as the ‘lost password’ button not redirecting anywhere, and some falsified ‘forum posts’) led us to assume it was a crude, low-effort, one-off scam, designed to take advantage of inexperienced researchers, would-be threat actors, and the generally curious.
Figure 4: Some of the low-effort fake forum posts
But three things piqued our curiosity.
The first was that the onion link on the homepage doesn’t link to an onion site at all, but…
