But it raises the troubling possibility that a former dark-web kingpin—one who was still extorting his own users—was perhaps playing both sides of the crypto tracing game, says Elliptic’s Tom Robinson. “Stay posted and fuck LE,” Pharoah wrote, using the abbreviation LE to mean “law enforcement.” Antinalysis eventually returned, however, and pivoted last year to acting instead as a service for swapping bitcoin for monero and vice versa. At the same time the FBI says Lin was laying the groundwork for this double-cross, he also appears to have briefly tried engineering an entirely different scheme.
Incognito Market Built-in Wallet
This is the story of how Rui-Siang Lin, aledgely also known as ‘Pharaoh,’ built the Incognito Market into a $100 million empire—and how it all fell apart. Stay with me as we delve into the rise and fall of Incognito Market, from its inception to its inevitable collapse, and the intricate web of technology and greed that fueled it. In furtherance of Operation RapTOR and in their first action as a JCODE member agency, the Office of Foreign Assets Control (OFAC) additionally sanctioned Behrouz Parsarad, an Iranian national, for his role as the founder and operator of Nemesis Market following seizure of the market. Immigration and Customs Enforcement, in collaboration with Europol, the Joint Criminal Opioid and Darknet Enforcement Team, and various national and international partners, announced the results of Operation RapTOR May 22. This historic takedown, led by Europol, resulted in the highest number of seizures in JCODE’s history.
Law enforcement agencies collaborated with blockchain forensics firms like Chainalysis, which specialize in tracking and analyzing cryptocurrency transactions. While Bitcoin’s public ledger allowed for some degree of traceability, Monero posed a more significant challenge due to its privacy features. Monero’s use of stealth addresses and ring signatures made it almost impossible to determine the sender or receiver of funds.
Protect Your Streaming Accounts Now Before It’s Too Late
- The Justice Department established the FBI-led JCODE team to lead and coordinate government efforts to detect, disrupt, and dismantle major criminal enterprises reliant on the darknet for trafficking opioids and other illicit narcotics, along with identifying and dismantling their supply chains.
- The marketplace was raking in millions of dollars in cryptocurrency, with Lin taking a 5% cut from every transaction.
- Most notably, there was a tool to mitigate DDoS attacks, software that allows online merchants to accept XMR for payment, and “Koa-typescript-framework” – a program used as a foundation for web applications.
- With the investigation already in full swing, the exit scam provided law enforcement with the final piece of the puzzle.
- “The defendant’s greed and disregard for others was further demonstrated by his alleged extortion attempt during the platform’s final days,” lamented Ivan J Arvelo of Homeland Security Investigations (HSI) New York.
Investigators could use that to build probable cause that Lin and Pharaoh were one and the same. With mounting evidence, prosecutors in the Southern District of New York quietly filed charges and obtained an indictment against Lin under seal. “This arrest underscores the dedicated, ongoing efforts of law enforcement to identify and dismantle illicit drug networks operating from every shadowy recess of the marketplace,” NYPD Commissioner Edward A. Caban said in a statement. If found guilty, Lin could face a mandatory minimum sentence of life in prison for participating in a continuing criminal enterprise. “As alleged, Rui-Siang Lin’s brazen operation resulted in the illicit sale of over $100 million in narcotics, including those that were mislabeled and later found to include deadly fentanyl,” said Homeland Security Investigations Special Agent Ivan J. Arvelo.
HSI New York leads and directs all operational and administrative activities of the El Dorado Task Force (EDTF). The EDTF is the premier money laundering task force in the nation and is comprised of more than 200 law enforcement personnel representing approximately thirty-five (35) federal, state, and local law enforcement and regulatory agencies. The EDTF encompasses a standalone Cyber Division as part of an effort to stay abreast of emerging criminal threats and in keeping with current and future investigative priorities. The mission of the EDTF is to disrupt, dismantle, or render ineffective, organizations involved in the laundering of proceeds of narcotics trafficking and other financial crimes. Since its inception in 1992, the Task Force has been responsible for the seizure of approximately $600 million and more than 2100 arrests.
Tracing Cryptocurrency Transactions
The cryptocurrency-focused publication Cointelegraph.com reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits. A 2022 Twitter thread about Incognito posted by Eileen Ormsby, an author of several dark-web-focused books including The Darkest Web, shows how the market by that time had added features that may have helped it to catch the attention of security- and safety-conscious users. Lin has been charged with not only narcotics conspiracy and money laundering but also running a “continuing criminal enterprise,” the so-called “kingpin statute” reserved for organized crime leaders who allegedly oversaw at least five employees. Listings included offerings of prescription medication that was advertised as being authentic but was not.
Year-old Man Accused Of Running $100 Million Online Narcotics Marketplace
Conversely, some privacy advocates look at cases like Lin’s and argue that people like him misuse anonymity tools, making it harder for those tools to be available for legitimate purposes. It’s a nuanced debate, but the legal outcome here – with Lin held accountable in a high-profile conviction – will undoubtedly be cited as a victory in the fight against cybercrime and illicit online trade. Only earlier this week did it become clear exactly what Lin’s “professional background and qualifications in the field” allegedly entailed, seemingly unbeknownst to either his Taiwanese employers or his St. Lucian law enforcement trainees. For nearly four years, according to the US Justice Department, 23-year-old Lin ran a dark-web drug market called Incognito that authorities say enabled the sale of at least $100 million worth of narcotics, ranging from MDMA to heroin for cryptocurrencies including bitcoin and monero. That was before Lin’s alleged theft of his own users’ funds earlier this year and then his arrest last week by the FBI in New York’s JFK airport.
This last charge invokes statutes under the Food, Drug, and Cosmetic Act, illustrating prosecutors’ creativity in addressing the harm caused by the marketplace (essentially treating Lin not just as a drug trafficker, but as someone endangering public health by distributing mislabeled medicine). To become an Incognito Market vendor, people were required to register with the site and pay an admission fee. In exchange for listing and selling narcotics as a vendor on Incognito Market, each vendor paid 5% of the purchase price of every narcotic sold.
The Rise And Fall Of Incognito Market
Additionally, the case highlights the value of interagency task forces (like the El Dorado Darkweb-Cryptocurrency Task Force cited in Lin’s arrest). This model of combining drug enforcement agents, cybercrime experts, and even financial regulators is likely to be replicated for future darknet investigations. In May 2024, a 23-year-old Taiwanese IT specialist named Rui-Siang Lin stepped off a plane at New York’s JFK airport and was promptly arrested by federal agents. Until that moment, Lin led a double life that astonished both law enforcement and the darknet community. By day, he worked as a diplomatic tech expert training police in cybercrime; by night, he was “Pharaoh,” the secretive mastermind of Incognito Market – one of the world’s largest dark web drug marketplaces. Incognito Market’s rise and dramatic collapse, along with Lin’s arrest, sent shockwaves through the darknet economy.
“The bank enabled buyers and sellers to stay anonymous from each other,” federal officials said. Drug vendors on the darknet site paid a fee to register and a commission of 5% on every sale, revenue that prosecutors say funded Lin’s “employee” expenses and computer servers. In a November 2023 undercover operation, a federal agent purchased oxycodone through Incognito Market, but testing revealed the pills were fentanyl. The Justice Department established the FBI-led JCODE team to lead and coordinate government efforts to detect, disrupt, and dismantle major criminal enterprises reliant on the darknet for trafficking opioids and other illicit narcotics, along with identifying and dismantling their supply chains.
Incognito Market Transaction Fees
One trend that Incognito particularly exemplified was the increasing adoption of privacy-enhancing cryptocurrencies and features. By incorporating Monero and even providing an on-site exchange between BTC and XMR, Incognito was following a trend towards safeguarding user anonymity on the financial side. Many modern darknet markets have since gone further, with some operating exclusively in Monero to avoid the kind of blockchain tracing that helped catch Lin. However, Incognito’s case shows that even with Monero in the mix, operational security must be airtight – a single point of weakness (like Lin’s use of a BTC wallet for personal expenses) can compromise the entire scheme.
The story of Rui-Siang Lin and Incognito Market is a cautionary tale for both cybercriminals and cybersecurity professionals. Lin believed that his technical skills and sophisticated encryption would make him untouchable, but in the end, it was his own greed and human error that led to his downfall. Monero’s privacy features, such as ring signatures, stealth addresses, and Ring Confidential Transactions (RingCT), made it exceedingly difficult for anyone to trace the flow of funds.
Users, too, began to migrate to smaller, more obscure markets, hoping to avoid the attention of law enforcement. Users began to panic, and many quickly tried to withdraw their funds from the market. But by then, it was too late—Lin had already drained the cryptocurrency wallets, leaving his users high and dry.
Incognito Darknet Market Mass-Extorts Buyers, Sellers
“There’s a larger issue here about bad actors accessing blockchain analytics tools,” says Robinson. In the DOJ’s criminal complaint against Lin, it points to a handwritten document the FBI pulled from his email, which appears to sketch out a flow chart for a dark-web market’s mechanics. The complaint’s FBI affidavit says Lin emailed himself the sketch in March 2020 when he was at most 19 years old.
The FBI tracked Rui-Siang Lin, a 23-year-old alleged to control a notorious dark web marketplace. This development marks a significant breakthrough in combating cyber-enabled drug distribution. The key is constant vigilance – using trusted forums to vet markets, verifying links at Torhunter.com to avoid phishing, encrypting communications, and never letting your guard down. As the dust settles, we at Torhunter.com have been analyzing what went wrong and what lessons darknet market users can take away from this unfortunate incident.
