A scammer dedicated to scamming other scammers.

Sophos has uncovered a scam campaign that’s impersonating various criminal marketplaces.

Twenty criminal marketplaces impersonated.

The researchers first found a spoofed version of the Genesis Market, which asked users to pay a $100 deposit in order to access the site (the real Genesis Market is invite-only). This led the researchers to discover nineteen other sites set up by the same actor:

“All in all we found twenty sites, registered between August 2021 and June 2022, which we assess with high confidence are operated by the same individual or group. Virtually all of them imitate existing or defunct criminal marketplaces (including multiple scam versions of Genesis, Benumb, UniCC, and Pois0n), ask for an activation deposit of $100, and have a similar look and feel. Some employ the same clipboard substitution quirk, and some don’t. We also observed a few other minor differences, like background color or slight modifications to the spiel.”

The sites contained some errors, but they appear professional and “appeared prominently in search engine results.” The scammer or scammers also advertised the sites on Reddit, and their Bitcoin addresses have received more than $132,000. The researchers believe the scam is “designed to take advantage of inexperienced researchers, would-be threat actors, and the generally curious.”

Tracking down the culprit.

The researchers found circumstantial evidence tying the scam to a user on a criminal forum with the username “waltcranston,” an apparent Breaking Bad fan who was listed as a meth dealer on several underground marketplaces. Waltcranston was accused by several members of these forums of setting up scam sites after retiring from dealing drugs.