Cloned Boy
Professional
- Messages
- 1,190
- Reaction score
- 912
- Points
- 113
The Darknet is a place where many unexpected things happen. This topic is a story about a man who became the king of the darknet, but could not hold on to the throne for long. In fact, this is Hunt for the Darknet King 2, but with a huge number of events. It will be interesting and entertaining, I promise!
Contents:
February 8, 2024. A young Taiwanese crypto developer is preparing for a potentially fateful meeting. He has been contacted by a team of investors from Fabric VC, one of the world’s largest cryptocurrency-related venture funds. However, since his English is not that good, they ask him to download a special meeting app that includes a real-time translation feature. But little does he know, it was all a lie. The team did not exist.
The translation app is nothing more than a Trojan virus. Once installed, it silently infects the device, giving a group of unknown hackers access to all of his accounts. In a matter of moments, over $130,000 in NFTs and hundreds of thousands in cryptocurrency are stolen. However, what the hackers did not know was that their target was not just any ordinary crypto developer. He was the secret owner of Incognito, one of the largest darknet markets in the world.
This guy has been under surveillance by the FBI for a long time, and the theft of his money will set off a series of events that will threaten the entire Dark Web drug economy. This is the story of Pharaoh, the Dark Web’s most hated criminal.
Chapter I: The Beginning.
March 12, 2020, Taiwan. This is Pharaoh, a Dark Web enthusiast who has just finished drawing up a simple diagram labeled as a workflow. It lists a seller, buyers, product lists, encryption, PGP, tokens, and servers. But Pharaoh isn’t planning a new retail venture. Instead, he’s strategizing about launching his own Dark Web marketplace. Pharaoh studied dark web markets like Silkroad and Alpha Bay. He realized that selling everything would attract too much attention, so he decided to create a marketplace focused on drugs and anonymity called Incognito Marketplace.
An allusion to Google’s incognito mode. However, once he’s finished with his scheme, he saves it and sends it to his personal Gmail account. A small action that will have major consequences. In November 2020, a new subreddit called Incognito Market appears on the Dread forum.
A mysterious admin invites several people to this closed community and creates two foundational posts about the market. These posts outline what is allowed on the marketplace and explain that their goal is to make buying drugs safer than if a person were to buy them on the street. Shortly after, the admin deletes his account and disappears forever, leaving newly invited people wondering if this new market can be trusted.
However, just a few hours later, another account, going by the name IncognitoOfficial, answers the questions, claiming that users will buy drugs and disappear without being tracked or traced. Adding that the mysterious creation of the Subdred was just another way to prove their commitment to anonymity. At the same time, Faron begins appearing on the Subdred, where he declares himself the main authority behind the Incognito project, officially beginning one of the craziest sagas in the history of the Darknet.
Chapter II. Incognito.
It's Ben, a Darknet drug dealer who is trying to expand his business. He has just received an important call from one of his partners. It turns out that a new marketplace called Incognito has just opened its stores and is actively looking for new sellers. For Ben, this is great news, and he wastes no time.
He logs into the site through Dredd, enters his credentials, and completes the registration process. However, becoming a seller is not that easy. After registering as a regular user, aspiring sellers had to create a job application. This is essentially a drug dealer's resume, which must include past experience as a seller and recommendations from other marketplaces. This resume is then sent to the Incognito team, who analyze the information and decide who to accept and who not.
But back to Ben, he spent the entire day writing his resume, but to complete the process, he also had to pay Incognito a deposit of $ 1,500. It turns out that every seller, unless they are very reliable, had to pay a fee that varied from $ 300 to $ 1,500 and only through Bitcoin or Monero. The next day, Ben logs into the Incognito site and sees that the team accepted his application and sent him a bunch of additional data to his PGP address.
PGP, or Pretty Good Privacy, is an encryption method and communication service used by most people on the Darknet. When you send a message through a PGP service, it encrypts it into unbreakable codes that are then sent to the recipient, who is the only person capable of decrypting the message. PGP uses a public and private key system.
Each user has a public key that they share with others and a private key that they keep secret. The public key allows other users to encrypt messages that can only be decrypted with the corresponding PGP private key. The convenient and secure communication characteristics make it very popular with criminals and a headache for law enforcement agencies, who will never be able to decrypt these messages.
Using PGP is essential for Darknet users. But even if you are not involved in dark and illegal stories, it is important to control what data sites collect about you on the Internet. Often, services block access or prohibit re-registrations, tracking your digital fingerprint, data about your device, browser and settings. This is how they recognize you.
Over the next few months, Ben begins selling his products to hundreds of customers. The demand continues to grow and eventually exceeds his capacity, forcing him to expand his operations. Lamps, fertilizers, seeds, soil, he gets everything he needs without any problems and rents a small warehouse in a nearby village.
One way or another, Incognito was really on its way to becoming a major player in the Darknet economy. The market finally gained the trust of the general public. Pharaoh constantly asked for feedback and implemented almost monthly updates, which was highly appreciated by the community. The Incognito team also did a great job of handling disputes between sellers and customers. For example, in one case, a seller named WSB promised completely unrealistic prices for some substances.
The community quickly noticed, demoted his ad post, and warned everyone that he had a reputation for being a scammer on other markets. The Incognito team was very active in banning unscrupulous sellers. In any case, everything seemed to be going according to plan, and with the disappearance of other marketplaces, Incognito slowly rose to the top. For a year, and then came April 5, 2022.
Hydra was the largest marketplace at the time, and when it was shut down, it left a huge vacuum in the Darknet ecosystem. Thousands of sellers and buyers were forced to migrate to other sites, and Incognito became one of the main destinations. The influx of new users was so significant that from April to June, the monthly transaction volume on Incognito increased from $700 thousand to $2 million.
This meant that Faron was making money, and a lot of it, but what he didn't know was that after the destruction of Hydra, the US and its allies were targeting a slew of new trading platforms, and one of them was Incognito itself.
Chapter III. Anonymity.
Just one day after the destruction of Hydra, the FBI launched an investigation into Incognito. The officer who led the task force was a man named Mark Rubins. In the task force's investigation documents, he wrote that they purchased the substance for $170.
However, they only had two pieces of information to work with – the Bitcoin address used to purchase the drugs and the pharaoh’s dreadlocks account. To understand how the FBI conducted their investigation, we need to take a step back and understand a few simple concepts related to cryptocurrency money laundering. First, we need to understand the difference between a Bitcoin wallet and an address. A wallet is where Bitcoins are stored, but each wallet needs an address to receive and send Bitcoins to other wallets.
However, a single wallet can have an unlimited number of addresses, which allows them to hide the activity of a specific wallet and obscure the structure of its transactions. For example, in the case of Incognito, when they get a new client, they create a new payment address. By creating hundreds or possibly thousands of addresses, they make it nearly impossible to determine the true scope of the site’s activity.
Since most exchanges require users to verify their identity through a process known as QIC, a single outgoing transaction can reveal a person’s real identity, even if it was sent to an exchange that does not require the user to go through the KYC process. Authorities can request the user’s bank account information, and they will have no problem revealing the identity of the alleged crypto criminal. This is why Pharaoh had to carry another layer of obscurity into his money laundering process.
He did not send the bitcoin from his main incognito wallet directly to the exchange, instead, it passed through at least one other wallet before sending it to an anonymous exchange service. There, he would exchange his bitcoins for monero, a cryptocurrency that is untraceable. Finally, Pharaoh would send these untraceable monero to the exchange, where he would sell them for dollars. His money laundering scheme was foolproof and would be incredibly difficult, if not impossible, to track down.
However, that would only be the case if he did not make stupid mistakes. And unfortunately for Pharaoh, that's exactly what happened.
Chapter IV: The Mistake.
May 15, 2022. Pharaoh went on the Dredd forums and complained that one of the exchanges he used to launder his bitcoins had refused to accept his funds, claiming that they had found out that the funds were the result of criminal activity and had outright confiscated his money.
It's unclear why this happened, but posting it on Dredd was a big mistake. The task force had been monitoring his account and quickly saw the post. What's more, Pharaoh had specified exactly what time and how much bitcoin he sent to the exchange. This gave the FBI everything they needed to know, and they began searching for the transactions and the address.
The address from which the transaction was made was part of a wallet that investigators called Admin Wallet 1, a wallet that directly received profits from the main incognito bank wallet. They discovered that one of the addresses belonging to Admin Wallet 1 was involved in another gigantic mistake. For some reason, Faron used Admin Wallet 1 to partially pay for four domains on Namechip, three of which were related to promoting Darknet markets.
However, the fourth domain, which is not described in the investigative documents, was most likely a personal website, with full details about the owner, which will play a very important role later. But remember, I said that Admin Wallet One only partially paid for them. That’s because three of those domains were primarily purchased using an account registered on a KYC-verified crypto exchange, but for unknown and probably very stupid reasons, the fourth domain was paid for by
both that KYC account and the Admin Wallet, which contributed a measly 0.00501 Bitcoin, or $22.09, to complete the purchase that the KYC-verified account had failed to complete. That single transaction directly linked whoever was behind the crypto account to the person behind Admin Wallet One, which, remember, is the wallet that profited from the incognito and most likely belonged to the Pharaoh. All that
was left for the authorities to do was force the exchange to give them access to the account, which is exactly what happened. It turned out that the account belonged to a 23-year-old Taiwanese man named Rui Xiang Lin. In addition, the FBI got their hands on the Namechip account, which was also registered in Lin's name, and finally his personal website. This was a decisive breakthrough for the task force, which then began to infiltrate Lin's life, studying his email, social media accounts, and all the Internet businesses associated with him.
Lin is in huge trouble. It is clear that he was involved in a global and very dark story, where it is too difficult to maintain anonymity. If you just want to protect yourself from data leaks while going anonymous, it is enough to use virtual numbers. Unfortunately, our IT mastered the functionality of authorization by phone number earlier than the methods of protecting user data.
Therefore, disposable numbers are suitable not only for privacy, but also for banal digital hygiene.
July 19, 2022, while Lin is making himself a coffee, the notifications on his phone suddenly go crazy. For some reason, the incognito servers were disabled and the site does not work for anyone. Lin starts frantically searching Google for a solution on how to get the servers back up and running, but he had no idea that he was still accessing his personal Joomla account.
Moreover, there was no bug that caused Incognito to go down. The FBI found and hacked the site’s servers. Once they had access to Incognito’s servers, they copied all of the marketplace’s data, including all of Incognito’s Bitcoin addresses and, more importantly, all of its merchant and customer information. But the worst part was that while Lazy was frantically Googling ways to fix the server issues, the FBI, who had hacked all of his personal Gmail accounts, could see those searches in real time.
Using Gmail was another big mistake, and when Feber dug deeper into his account, they found even more evidence. For example, in an email on March 12, 2020, Lin sent a diagram that perfectly described how Incognito worked to his own email account. This, in addition to all of the other discoveries, proved that Rui Xian Lin was the Incognito admin known as Pharaoh.
Chapter V. The Venture Fund.
August 2023. Germany. At this point, Ben, he, a German weed seller, is making huge amounts of money every day.
He processes dozens of orders, bringing in thousands of dollars in profit every week. Incognito is a gold mine for him. Two years after applying as a new seller, he has risen to the top tier. He has tons of positive reviews and periodically gets into the leaderboard, which attracts even more buyers. Once a month, he travels to Eastern Europe, where he cashes out his profits from crypto ATMs.
Of course, when asked about his money, he simply refers to a stash in the Cayman Islands, but what he doesn’t know is that while he’s making thousands, the FBI has launched an investigation into the site’s sellers, including himself. Also at this moment, a team of hackers is about to pull off one of the most significant hacks in the history of the Dark Web. October 2023, late at night, a team of unknown hackers and scammers get together to plan their next heist.
Apparently, one of the team members came across a 23-year-old Taiwanese crypto developer named Ruizian Lin, who seemed like an easy target. They tracked down his Twitter account, where he frequently tweeted about the general state of cryptocurrency. He also shared his trades, showing off a bunch of big numbers, bragged about being a tier-3 VIP on Binance, and constantly talked about his NFTs.
With the information he revealed on Twitter, the hackers decided that it would be worth trying to hack him, so they got to work. They built an entire business around a project called X-Up, a meeting program similar to Zoom, but with a twist. It could translate each participant’s speech in real time. However, the whole thing was obviously a complete scam, and nothing more than a ruse to get the victim to download the app to their computer.
After that, the app would infect the system and drain all crypto accounts. The translation feature and the language issue were already a great excuse to get Lin to download the app. But getting him to talk to them was another challenge. They stole the credentials of employees working at Fabric VC, a well-known cryptocurrency venture fund, and contacted Lin, saying they wanted to invest in one of his projects.
The final step was to set up a serious meeting with him. On February 8, 2024, St. Lucia, Lin, who worked for the Ministry of Foreign Affairs of Taiwan, went to the small Caribbean island of St. Lucia. Apparently, the Taiwanese embassy to the government of St. Lucia was planning some kind of joint event. However, while there, he started chatting with a group of investors from the Fabric VC team.
He scheduled an online meeting with them that day, but due to a supposed language barrier, they asked him to download a special app called X-App. Lin downloads the app and the team stops communicating with him almost immediately. At that moment, he realized that something was wrong, all of his crypto accounts were emptied, everything, including his NFTs, were gone. And although it cannot be confirmed, it is likely that a large amount of his illegal profits from Incognito were also stolen.
However, little did the hackers know that their actions would lead to what many are calling the most vile event in the history of the Darknet.
Chapter VI. The Scam.
February 20, 2024, just a few days after Lin's money was stolen, Ben tries to withdraw money from Incognito Bank, but over time, nothing comes and he is not the only one, many others are having problems with withdrawals and the site is generally acting strange.
Eventually, all of this resulted in rumors of an exit scam. An exit scam is when the site administrator takes all the money that is on the site and disappears, leaving everyone else wondering what happened. Keep in mind that at the time, Incognito had a huge customer base of over three hundred thousand buyers and over a thousand sellers, all of whom kept some of their money in Incognito's bank.
This means that if Incognito had decided to scam everyone, they would have likely made off with at least fifty million dollars. However, Pharaoh denied these rumors, stating that they are working on the issue and insisting that they are not a scammer. Just a few days later, the forum's creator Dredd Hugbanter himself posted a message claiming that Incognito had indeed exit scammed and advising people not to deposit any more money on the platform.
Almost immediately, a message appeared on the site that no one expected to hear. Over the years, we have accumulated a list of personal messages, transaction information, and order details. Surprise, surprise. We will publish the entire array of 557 thousand orders and 862 thousand cryptocurrency transaction IDs at the end of May. If this list contains information about you and your customers, it depends only on you.
And yes, this is extortion. Thank you to everyone who cooperates with Incognito Market. In order for sellers to delete their data, they had to pay up to $ 20 thousand. However, people like Ben, who used only PGP, were safe, because even if the authorities received their messages, they would be able to decrypt them. The situation was getting out of control. Some paid, others threatened incognito. The FBI was probably watching all this.
Lin seemed to have turned from a victim of cybercrime into a criminal. He successfully completed the case, made millions, and most likely ended his incognito forever. However, the FBI was still on his trail, but Lin's connections to the Taiwanese government made extradition virtually impossible, and the FBI had to wait for the right moment to arrest him.
Chapter VII. The End.
March 25, 2024. It's early morning on the beach in St. Lucia and Lin is lying on a lounge chair with his laptop, preparing notes for a seminar he is about to give. Ironically, the St. Lucia police have booked a 4-day training on cryptocurrency and cybercrime prevention, funded by the Taiwanese embassy. The situation is so surreal that if I hadn't found his LinkedIn post about it, I wouldn't have believed it myself. It is not known what he was doing on the island, but it is likely that he was either enjoying life in St. Lucia or creating an offshore infrastructure to launder his new wealth.
While Lin was enjoying his vacation, the FBI had been monitoring him since his layover in Canada. Moreover, they noticed that Lin made another major mistake when he booked a ticket for a flight back to Taiwan. It is now about 10 am, and Lin is flying home. However, this flight does not go directly to Taiwan.
Instead, it makes a stop in the United States, namely at Kennedy Airport in New York. The flight arrives in the afternoon, and after everyone disembarks, Lin decides to take a walk around the airport. Suddenly, several FBI agents surround him and arrest him on the spot. After four years of operating on the Darknet, helping sell over $100 million worth of drugs and scamming and extorting hundreds of thousands of dollars from his clients, Lin found himself in the worst possible place – an American prison.
And when the news broke, no one was happier than the Dredd Forum, who laughed at his arrest and couldn't believe how stupid Linney's mistakes were. In this video, I should mention that he literally tweeted an analysis of darknet markets and included his own marketplace in it, which got him ridiculed on Twitter.
He even made a video where he talked about the DDoS mitigation method he used on his marketplace.
Conclusion
It's crazy how many mistakes this guy made. Either way, Linney is going to serve at least life in prison at the age of only 23. Plus, since the FBI already took all of his data, Linney has nothing left to offer to reduce his sentence.
Contents:
- Chapter I. The Beginning.
- Chapter II. Incognito.
- Chapter III. Anonymity.
- Chapter IV. Error.
- Chapter V. Venture fund.
- Chapter VI. Scam.
- Chapter VII. The End.
- Conclusion
February 8, 2024. A young Taiwanese crypto developer is preparing for a potentially fateful meeting. He has been contacted by a team of investors from Fabric VC, one of the world’s largest cryptocurrency-related venture funds. However, since his English is not that good, they ask him to download a special meeting app that includes a real-time translation feature. But little does he know, it was all a lie. The team did not exist.
The translation app is nothing more than a Trojan virus. Once installed, it silently infects the device, giving a group of unknown hackers access to all of his accounts. In a matter of moments, over $130,000 in NFTs and hundreds of thousands in cryptocurrency are stolen. However, what the hackers did not know was that their target was not just any ordinary crypto developer. He was the secret owner of Incognito, one of the largest darknet markets in the world.
This guy has been under surveillance by the FBI for a long time, and the theft of his money will set off a series of events that will threaten the entire Dark Web drug economy. This is the story of Pharaoh, the Dark Web’s most hated criminal.
Chapter I: The Beginning.
March 12, 2020, Taiwan. This is Pharaoh, a Dark Web enthusiast who has just finished drawing up a simple diagram labeled as a workflow. It lists a seller, buyers, product lists, encryption, PGP, tokens, and servers. But Pharaoh isn’t planning a new retail venture. Instead, he’s strategizing about launching his own Dark Web marketplace. Pharaoh studied dark web markets like Silkroad and Alpha Bay. He realized that selling everything would attract too much attention, so he decided to create a marketplace focused on drugs and anonymity called Incognito Marketplace.
An allusion to Google’s incognito mode. However, once he’s finished with his scheme, he saves it and sends it to his personal Gmail account. A small action that will have major consequences. In November 2020, a new subreddit called Incognito Market appears on the Dread forum.
A mysterious admin invites several people to this closed community and creates two foundational posts about the market. These posts outline what is allowed on the marketplace and explain that their goal is to make buying drugs safer than if a person were to buy them on the street. Shortly after, the admin deletes his account and disappears forever, leaving newly invited people wondering if this new market can be trusted.
However, just a few hours later, another account, going by the name IncognitoOfficial, answers the questions, claiming that users will buy drugs and disappear without being tracked or traced. Adding that the mysterious creation of the Subdred was just another way to prove their commitment to anonymity. At the same time, Faron begins appearing on the Subdred, where he declares himself the main authority behind the Incognito project, officially beginning one of the craziest sagas in the history of the Darknet.
Chapter II. Incognito.
It's Ben, a Darknet drug dealer who is trying to expand his business. He has just received an important call from one of his partners. It turns out that a new marketplace called Incognito has just opened its stores and is actively looking for new sellers. For Ben, this is great news, and he wastes no time.
He logs into the site through Dredd, enters his credentials, and completes the registration process. However, becoming a seller is not that easy. After registering as a regular user, aspiring sellers had to create a job application. This is essentially a drug dealer's resume, which must include past experience as a seller and recommendations from other marketplaces. This resume is then sent to the Incognito team, who analyze the information and decide who to accept and who not.
But back to Ben, he spent the entire day writing his resume, but to complete the process, he also had to pay Incognito a deposit of $ 1,500. It turns out that every seller, unless they are very reliable, had to pay a fee that varied from $ 300 to $ 1,500 and only through Bitcoin or Monero. The next day, Ben logs into the Incognito site and sees that the team accepted his application and sent him a bunch of additional data to his PGP address.
PGP, or Pretty Good Privacy, is an encryption method and communication service used by most people on the Darknet. When you send a message through a PGP service, it encrypts it into unbreakable codes that are then sent to the recipient, who is the only person capable of decrypting the message. PGP uses a public and private key system.
Each user has a public key that they share with others and a private key that they keep secret. The public key allows other users to encrypt messages that can only be decrypted with the corresponding PGP private key. The convenient and secure communication characteristics make it very popular with criminals and a headache for law enforcement agencies, who will never be able to decrypt these messages.
Using PGP is essential for Darknet users. But even if you are not involved in dark and illegal stories, it is important to control what data sites collect about you on the Internet. Often, services block access or prohibit re-registrations, tracking your digital fingerprint, data about your device, browser and settings. This is how they recognize you.
Over the next few months, Ben begins selling his products to hundreds of customers. The demand continues to grow and eventually exceeds his capacity, forcing him to expand his operations. Lamps, fertilizers, seeds, soil, he gets everything he needs without any problems and rents a small warehouse in a nearby village.
One way or another, Incognito was really on its way to becoming a major player in the Darknet economy. The market finally gained the trust of the general public. Pharaoh constantly asked for feedback and implemented almost monthly updates, which was highly appreciated by the community. The Incognito team also did a great job of handling disputes between sellers and customers. For example, in one case, a seller named WSB promised completely unrealistic prices for some substances.
The community quickly noticed, demoted his ad post, and warned everyone that he had a reputation for being a scammer on other markets. The Incognito team was very active in banning unscrupulous sellers. In any case, everything seemed to be going according to plan, and with the disappearance of other marketplaces, Incognito slowly rose to the top. For a year, and then came April 5, 2022.
Hydra was the largest marketplace at the time, and when it was shut down, it left a huge vacuum in the Darknet ecosystem. Thousands of sellers and buyers were forced to migrate to other sites, and Incognito became one of the main destinations. The influx of new users was so significant that from April to June, the monthly transaction volume on Incognito increased from $700 thousand to $2 million.
This meant that Faron was making money, and a lot of it, but what he didn't know was that after the destruction of Hydra, the US and its allies were targeting a slew of new trading platforms, and one of them was Incognito itself.
Chapter III. Anonymity.
Just one day after the destruction of Hydra, the FBI launched an investigation into Incognito. The officer who led the task force was a man named Mark Rubins. In the task force's investigation documents, he wrote that they purchased the substance for $170.
However, they only had two pieces of information to work with – the Bitcoin address used to purchase the drugs and the pharaoh’s dreadlocks account. To understand how the FBI conducted their investigation, we need to take a step back and understand a few simple concepts related to cryptocurrency money laundering. First, we need to understand the difference between a Bitcoin wallet and an address. A wallet is where Bitcoins are stored, but each wallet needs an address to receive and send Bitcoins to other wallets.
However, a single wallet can have an unlimited number of addresses, which allows them to hide the activity of a specific wallet and obscure the structure of its transactions. For example, in the case of Incognito, when they get a new client, they create a new payment address. By creating hundreds or possibly thousands of addresses, they make it nearly impossible to determine the true scope of the site’s activity.
Since most exchanges require users to verify their identity through a process known as QIC, a single outgoing transaction can reveal a person’s real identity, even if it was sent to an exchange that does not require the user to go through the KYC process. Authorities can request the user’s bank account information, and they will have no problem revealing the identity of the alleged crypto criminal. This is why Pharaoh had to carry another layer of obscurity into his money laundering process.
He did not send the bitcoin from his main incognito wallet directly to the exchange, instead, it passed through at least one other wallet before sending it to an anonymous exchange service. There, he would exchange his bitcoins for monero, a cryptocurrency that is untraceable. Finally, Pharaoh would send these untraceable monero to the exchange, where he would sell them for dollars. His money laundering scheme was foolproof and would be incredibly difficult, if not impossible, to track down.
However, that would only be the case if he did not make stupid mistakes. And unfortunately for Pharaoh, that's exactly what happened.
Chapter IV: The Mistake.
May 15, 2022. Pharaoh went on the Dredd forums and complained that one of the exchanges he used to launder his bitcoins had refused to accept his funds, claiming that they had found out that the funds were the result of criminal activity and had outright confiscated his money.
It's unclear why this happened, but posting it on Dredd was a big mistake. The task force had been monitoring his account and quickly saw the post. What's more, Pharaoh had specified exactly what time and how much bitcoin he sent to the exchange. This gave the FBI everything they needed to know, and they began searching for the transactions and the address.
The address from which the transaction was made was part of a wallet that investigators called Admin Wallet 1, a wallet that directly received profits from the main incognito bank wallet. They discovered that one of the addresses belonging to Admin Wallet 1 was involved in another gigantic mistake. For some reason, Faron used Admin Wallet 1 to partially pay for four domains on Namechip, three of which were related to promoting Darknet markets.
However, the fourth domain, which is not described in the investigative documents, was most likely a personal website, with full details about the owner, which will play a very important role later. But remember, I said that Admin Wallet One only partially paid for them. That’s because three of those domains were primarily purchased using an account registered on a KYC-verified crypto exchange, but for unknown and probably very stupid reasons, the fourth domain was paid for by
both that KYC account and the Admin Wallet, which contributed a measly 0.00501 Bitcoin, or $22.09, to complete the purchase that the KYC-verified account had failed to complete. That single transaction directly linked whoever was behind the crypto account to the person behind Admin Wallet One, which, remember, is the wallet that profited from the incognito and most likely belonged to the Pharaoh. All that
was left for the authorities to do was force the exchange to give them access to the account, which is exactly what happened. It turned out that the account belonged to a 23-year-old Taiwanese man named Rui Xiang Lin. In addition, the FBI got their hands on the Namechip account, which was also registered in Lin's name, and finally his personal website. This was a decisive breakthrough for the task force, which then began to infiltrate Lin's life, studying his email, social media accounts, and all the Internet businesses associated with him.
Lin is in huge trouble. It is clear that he was involved in a global and very dark story, where it is too difficult to maintain anonymity. If you just want to protect yourself from data leaks while going anonymous, it is enough to use virtual numbers. Unfortunately, our IT mastered the functionality of authorization by phone number earlier than the methods of protecting user data.
Therefore, disposable numbers are suitable not only for privacy, but also for banal digital hygiene.
July 19, 2022, while Lin is making himself a coffee, the notifications on his phone suddenly go crazy. For some reason, the incognito servers were disabled and the site does not work for anyone. Lin starts frantically searching Google for a solution on how to get the servers back up and running, but he had no idea that he was still accessing his personal Joomla account.
Moreover, there was no bug that caused Incognito to go down. The FBI found and hacked the site’s servers. Once they had access to Incognito’s servers, they copied all of the marketplace’s data, including all of Incognito’s Bitcoin addresses and, more importantly, all of its merchant and customer information. But the worst part was that while Lazy was frantically Googling ways to fix the server issues, the FBI, who had hacked all of his personal Gmail accounts, could see those searches in real time.
Using Gmail was another big mistake, and when Feber dug deeper into his account, they found even more evidence. For example, in an email on March 12, 2020, Lin sent a diagram that perfectly described how Incognito worked to his own email account. This, in addition to all of the other discoveries, proved that Rui Xian Lin was the Incognito admin known as Pharaoh.
Chapter V. The Venture Fund.
August 2023. Germany. At this point, Ben, he, a German weed seller, is making huge amounts of money every day.
He processes dozens of orders, bringing in thousands of dollars in profit every week. Incognito is a gold mine for him. Two years after applying as a new seller, he has risen to the top tier. He has tons of positive reviews and periodically gets into the leaderboard, which attracts even more buyers. Once a month, he travels to Eastern Europe, where he cashes out his profits from crypto ATMs.
Of course, when asked about his money, he simply refers to a stash in the Cayman Islands, but what he doesn’t know is that while he’s making thousands, the FBI has launched an investigation into the site’s sellers, including himself. Also at this moment, a team of hackers is about to pull off one of the most significant hacks in the history of the Dark Web. October 2023, late at night, a team of unknown hackers and scammers get together to plan their next heist.
Apparently, one of the team members came across a 23-year-old Taiwanese crypto developer named Ruizian Lin, who seemed like an easy target. They tracked down his Twitter account, where he frequently tweeted about the general state of cryptocurrency. He also shared his trades, showing off a bunch of big numbers, bragged about being a tier-3 VIP on Binance, and constantly talked about his NFTs.
With the information he revealed on Twitter, the hackers decided that it would be worth trying to hack him, so they got to work. They built an entire business around a project called X-Up, a meeting program similar to Zoom, but with a twist. It could translate each participant’s speech in real time. However, the whole thing was obviously a complete scam, and nothing more than a ruse to get the victim to download the app to their computer.
After that, the app would infect the system and drain all crypto accounts. The translation feature and the language issue were already a great excuse to get Lin to download the app. But getting him to talk to them was another challenge. They stole the credentials of employees working at Fabric VC, a well-known cryptocurrency venture fund, and contacted Lin, saying they wanted to invest in one of his projects.
The final step was to set up a serious meeting with him. On February 8, 2024, St. Lucia, Lin, who worked for the Ministry of Foreign Affairs of Taiwan, went to the small Caribbean island of St. Lucia. Apparently, the Taiwanese embassy to the government of St. Lucia was planning some kind of joint event. However, while there, he started chatting with a group of investors from the Fabric VC team.
He scheduled an online meeting with them that day, but due to a supposed language barrier, they asked him to download a special app called X-App. Lin downloads the app and the team stops communicating with him almost immediately. At that moment, he realized that something was wrong, all of his crypto accounts were emptied, everything, including his NFTs, were gone. And although it cannot be confirmed, it is likely that a large amount of his illegal profits from Incognito were also stolen.
However, little did the hackers know that their actions would lead to what many are calling the most vile event in the history of the Darknet.
Chapter VI. The Scam.
February 20, 2024, just a few days after Lin's money was stolen, Ben tries to withdraw money from Incognito Bank, but over time, nothing comes and he is not the only one, many others are having problems with withdrawals and the site is generally acting strange.
Eventually, all of this resulted in rumors of an exit scam. An exit scam is when the site administrator takes all the money that is on the site and disappears, leaving everyone else wondering what happened. Keep in mind that at the time, Incognito had a huge customer base of over three hundred thousand buyers and over a thousand sellers, all of whom kept some of their money in Incognito's bank.
This means that if Incognito had decided to scam everyone, they would have likely made off with at least fifty million dollars. However, Pharaoh denied these rumors, stating that they are working on the issue and insisting that they are not a scammer. Just a few days later, the forum's creator Dredd Hugbanter himself posted a message claiming that Incognito had indeed exit scammed and advising people not to deposit any more money on the platform.
Almost immediately, a message appeared on the site that no one expected to hear. Over the years, we have accumulated a list of personal messages, transaction information, and order details. Surprise, surprise. We will publish the entire array of 557 thousand orders and 862 thousand cryptocurrency transaction IDs at the end of May. If this list contains information about you and your customers, it depends only on you.
And yes, this is extortion. Thank you to everyone who cooperates with Incognito Market. In order for sellers to delete their data, they had to pay up to $ 20 thousand. However, people like Ben, who used only PGP, were safe, because even if the authorities received their messages, they would be able to decrypt them. The situation was getting out of control. Some paid, others threatened incognito. The FBI was probably watching all this.
Lin seemed to have turned from a victim of cybercrime into a criminal. He successfully completed the case, made millions, and most likely ended his incognito forever. However, the FBI was still on his trail, but Lin's connections to the Taiwanese government made extradition virtually impossible, and the FBI had to wait for the right moment to arrest him.
Chapter VII. The End.
March 25, 2024. It's early morning on the beach in St. Lucia and Lin is lying on a lounge chair with his laptop, preparing notes for a seminar he is about to give. Ironically, the St. Lucia police have booked a 4-day training on cryptocurrency and cybercrime prevention, funded by the Taiwanese embassy. The situation is so surreal that if I hadn't found his LinkedIn post about it, I wouldn't have believed it myself. It is not known what he was doing on the island, but it is likely that he was either enjoying life in St. Lucia or creating an offshore infrastructure to launder his new wealth.
While Lin was enjoying his vacation, the FBI had been monitoring him since his layover in Canada. Moreover, they noticed that Lin made another major mistake when he booked a ticket for a flight back to Taiwan. It is now about 10 am, and Lin is flying home. However, this flight does not go directly to Taiwan.
Instead, it makes a stop in the United States, namely at Kennedy Airport in New York. The flight arrives in the afternoon, and after everyone disembarks, Lin decides to take a walk around the airport. Suddenly, several FBI agents surround him and arrest him on the spot. After four years of operating on the Darknet, helping sell over $100 million worth of drugs and scamming and extorting hundreds of thousands of dollars from his clients, Lin found himself in the worst possible place – an American prison.
And when the news broke, no one was happier than the Dredd Forum, who laughed at his arrest and couldn't believe how stupid Linney's mistakes were. In this video, I should mention that he literally tweeted an analysis of darknet markets and included his own marketplace in it, which got him ridiculed on Twitter.
He even made a video where he talked about the DDoS mitigation method he used on his marketplace.
Conclusion
It's crazy how many mistakes this guy made. Either way, Linney is going to serve at least life in prison at the age of only 23. Plus, since the FBI already took all of his data, Linney has nothing left to offer to reduce his sentence.
