Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges

Recently identified dark web portal Styx Marketplace focuses on financial fraud, identity theft, and money laundering.

A recently identified dark web portal offers illegal services related to financial fraud, identity theft, and money laundering, cybersecurity company Resecurity warns.

Dubbed Styx Marketplace, the portal offers data dumps, cash-out services, fake and stolen IDs, SIM cards, multi-factor authentication bypass solutions, banking malware, and other types of illegal services.

Initially mentioned on the dark web in early 2022, the marketplace opened in January 2023, following an escrow module for brokering transactions between cybercriminals.

Registered users are provided with access to the various illicit services available on the portal. A Trusted Sellers section also exists, likely for vendors that have been vetted by the Styx administrators.

“Some of the service descriptions are limited – the marketplace connects actors via Telegram contacts and various automated bots as a security measure,” Resecurity explains.

Users interested in purchasing services are first required to fund their Styx wallet in cryptocurrency, with available options including Bitcoin (BTC), Ethereum (ETH), and Tether (USDT).

Resecurity also linked Styx to tools for online-banking theft, anti-fraud bypasses, and identity spoofers, including some marketed via Telegram channels. Some of these tools are optimized for mobile devices.

Advertisement. Scroll to continue reading.

The focus of Styx, however, remains the selling of compromised online banking credentials, stolen credit card data, and cryptocurrency and ecommerce accounts. The marketplace also facilitates ‘digital bank’ and VCC (virtual credit card) fraud.

Some of the Styx vendors sell personally identifiable information (PII), including stolen Social Security numbers (SSNs). One vendor sells large volumes of SSNs and ID-related data of victims in the US, Canada, the Netherlands, the UK, and other countries, along with stolen business data.

Fake IDs and document forgery represent another significant product offering available on Styx. One vendor, who uses the handle ‘Podorozhnik’, is well known on the dark web and widely used by cybercriminals.

Styx also houses multiple vendors offering money laundering, such as cash-out services from stolen banking, cryptocurrency exchange, ecommerce, and VCC accounts.

Other vendors on Styx provide telephone and email flood services, tutorials on how to perform cybercrime and fraud, and other types of fraud services.

Related: Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards

Related: Authorities Seize Online Marketplace for Stolen Credentials

Related: Success of Genesis Market Takedown Attempt Called Into Question

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...