The largest carding marketplace on the dark web has announced it is shutting down for good, although experts warned that this will have little impact on the overall cybercrime economy.
The administrator of the Joker’s Stash site posted the news on Friday, claiming that the marketplace would remain open until February 15 this year before they go on a “well-deserved retirement.”
Experts at threat intelligence firm Gemini Advisory speculated that the announcement may be linked to October news posted by “JokerStash” that the site had recently been disrupted after they had to spend over a week in the hospital with COVID-19.
They also questioned whether the recent spike in the value of Bitcoin had made the site admin now rich enough to retire.
Having been in operation since 2014, Joker’s Stash added 40 million stolen records and generated an estimated $1bn in revenue. However, the site apparently suffered a decline in the volume and quality of cards it was able to offer over the past six months.
“Most other top-tier carding marketplaces actually increased their posted data during this time. However, Joker’s Stash has received numerous user complaints alleging that card data validity is low, which even prompted the administrator to upload proof of validity through a card-testing service,” noted Gemini Advisory.
“Additionally, JokerStash’s tactics, techniques, and procedures (TTPs) involved advertising in advance and then posting high-profile major breaches. The threat actor leveraged media coverage of these breaches to boast about their ability to compromise even major corporations. Most dark web marketplaces eschew such TTPs because they attract undue attention from security researchers and law enforcement; JokerStash actually celebrated such attention.”
In a sign of the adaptability of the cybercrime underground, it is predicted that JokerStash’s retirement won’t have a significant impact on the industry.
Threat actors tend to split the sale of data across multiple marketplaces anyway, so they’ll simply pivot to other sites in the future, argued Gemini Advisory.