Security Experts:

Underground Carding Marketplace Joker's Stash Announces Shutdown

Joker’s Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021.

The announcement was posted on a Russian-language cybercrime forum and detailed plans to cease all operations “forever.”

The representatives of the carding service pointed out that, although the marketplace has become highly popular, the team is getting a “well-deserved retirement.”

“It’s time for us to leave forever,” the announcement reads, according to threat intelligence company Intel 471.

Active since 2014, the marketplace offered card data from a robust network of criminal vendors, with some of the data supposedly exclusive to Joker’s Stash. Data from various high-profile breaches was being offered on the site, including Earl Enterprises.

Underground threat intelligence company Gemini Advisory estimates that “Joker’s Stash has generated more than $1 billion USD in revenue over the last several years.”

The end of 2020 was rough for Joker’s Stash, as it was the target of a takedown attempt after attracting a lot of attention from law enforcement. The service, however, wasn’t fully interrupted.

In mid-December 2020, a message on the Joker’s Stash site informed visitors that the U.S. Federal Bureau of Investigation and Interpol managed to seize the marketplace’s servers, in an attempt to disrupt its activity.

However, it turned out that Joker’s Stash, which has been described as an automated vending cart (AVC), had several domains up and running, and the law enforcement takedown attempt impacted only some of them.

Specifically, only the shop’s blockchain domains were affected by the attempt, which allowed operators to continue selling card data unhindered. The site’s representatives also announced at the time they would have no trouble restoring the impacted domains.

Prior to December, however, the shop’s popularity had been fading, after the threat actor who runs the site (who uses the moniker JokerStash) announced he was hospitalized with a COVID-19 infection.

Around the same time, both the volume and quality of Card Not Present (CNP) and Card Present (CP) records offered in the shop started declining, and customers began complaining of that.

In the shutdown announcement, the service’s operator says that all servers and backups will be erased after Feb. 15, but that users will have until then to spend their account balance. He also notes that partners will be paid before the service’s permanent closing.

According to Gemini Advisory, some individuals on the Dark Web speculate that the shutdown might be caused by the FBI detaining JokerStash.

Related: German Police Take Down 'World's Largest Darknet Marketplace'

Related: VPN Service Used by Cybercriminals Disrupted in Global Law Enforcement Operation

Related: Collection of South Korean, U.S. Payment Cards Emerges on Underground Market

view counter