BrianKrebsMar 11, 2024
If you bought or sold something on the darknet bazaar Incognito Market, you may be in for a surprise. Apparently Incognito is now extorting all of its former users, saying that depending on their vendor level, not having your info leaked could cost between $100 and $20,000.
Show threadDan Q

@briankrebs I am simultaneously amazed and unsurprised.

Unsurprised that a darknet marketplace would pull this. Seems exactly in their MO.

And amazed that sellers and buyers would share enough unencrypted information that extortion would be a significant threat to them!

Sure, a marketplace can (and in this case, has) steal all the money stored with them, but my understanding was that sellers and buyers communicated with one another mostly over PGP/GPG?

Possibly I just don't understand how these things work in practice!

Mar 11, 2024 at 3:47pmWeb
Show threadlaurenceMar 11, 2024

@dan @briankrebs Sounds like:
Incognito market encouraged people to use PGP. They listed public keys (never mind the issues that can come with that).

They also had a built in "encryption" feature for those who didn't want to learn how to use PGP. It would encrypt your message server side with the vendor's public key.

Anyways, I guess they were recording those messages' plaintext. Those who used PGP are fine.