Complete Shutdown Registry
The following table documents every significant darknet market shutdown from 2013 to 2026. Markets are ordered chronologically, with the most recent events first.
| Market | Year | Type | Scale | Agency / Cause |
|---|---|---|---|---|
| Archetyp | 2025 | Seized | 600K users / €250M | Europol / BKA / DEA (Operation DEEP Sentinel) |
| Abacus | 2025 | Exit Scam | $12M lost / 70% share | Premeditated admin disappearance |
| Nemesis | 2025 | Sanctions | 150K users / $30M | OFAC / BKA — admin sanctioned |
| BidenCash | 2025 | Seized | Millions of cards | International LE coordination |
| Haowan Guarantee | 2025 | Platform purge | Tens of thousands | Telegram moderation policy |
| Kingdom Market | 2023 | Seized | 42K users | BKA — misconfigured server headers leaked IP |
| Hydra Market | 2022 | Seized | 17M users / $5.2B | German BKA-led international operation |
| Versus Market | 2022 | Voluntary shutdown | ~100K users | Security vulnerability disclosure forced closure |
| White House Market | 2021 | Retired | ~400K users | Voluntary — all funds returned |
| DarkMarket | 2021 | Seized | 500K users / 2,400 vendors | German-led Europol operation |
| Empire Market | 2020 | Exit Scam | ~$30M stolen | Premeditated admin theft |
| Wall Street Market | 2019 | Seized | ~1.15M users | Europol/BKA — admins attempted exit scam during seizure |
| Dream Market | 2019 | Retired | ~250K users | Voluntary under DDoS pressure — no exit scam |
| Hansa Market | 2017 | Honeypot | ~50K users | Dutch Police operated covertly for 27 days (Operation Bayonet) |
| AlphaBay | 2017 | Seized | 400K users / $1B+ | FBI/DEA/Europol — admin used personal Hotmail (Operation Bayonet) |
| Silk Road 2.0 | 2014 | Seized | ~150K users | FBI — undercover DEA agent was on staff |
| Silk Road | 2013 | Seized | ~1M users / $1.2B | FBI — admin username reuse traced to real identity |
2025: The Year of Maximum Enforcement
2025 was the most aggressive enforcement year in darknet market history. The combination of multinational takedowns, financial sanctions, platform moderation actions, and the largest exit scam in years demonstrated that every category of market failure — LE seizure, operator theft, and platform risk — intensified simultaneously.
Archetyp Market - Operation DEEP Sentinel
Type: International law-enforcement takedown · Date: June 11–16, 2025
Led by a multinational coalition (Europol, German BKA, DEA, plus Netherlands, Spain, Sweden, Romania), Operation DEEP Sentinel represented the most sophisticated coordinated takedown in darknet market history. The operation exploited infrastructure vulnerabilities in Archetyp's server configuration — a single misconfigured backup process exposed an unencrypted database snapshot that investigators used to map the entire platform architecture, including vendor PGP keys, transaction records, and administrator access patterns.
Archetyp was Europe's longest-standing English-language drug marketplace, with 600,000 registered users and €250 million in transaction volume. The seizure resulted in multiple arrests across six countries and the confiscation of cryptocurrency holdings worth tens of millions. The operation demonstrated that even well-maintained Tor infrastructure can be compromised through ancillary system failures — in this case, a backup process running outside the Tor-protected environment.
OPSEC lesson: Infrastructure security extends beyond the primary platform. Backup systems, logging processes, monitoring tools, and development environments must receive the same security treatment as production servers. A single unprotected auxiliary process can expose the entire operation.
Abacus Market - Exit Scam
Type: Premeditated disappearance · Date: Late June–July 2025
Abacus held roughly 70% of English-language market share when it stopped paying out and vanished, taking an estimated $12M in escrow and vendor funds. On-chain data showed deposits collapsing from about $230,000 to $13,000 a day in the weeks before, and most of its traffic later moved to Torzon. Full breakdown: Abacus Market case study →
Nemesis Market - OFAC Sanctions
Type: Infrastructure seizure + financial sanctions · Timeline: Seized March 2024, admin sanctioned March 2025
Infrastructure seized in Germany and Lithuania during the initial operation. The administrator, Behrouz Parsarad, was identified as operating from Iran and placed on the OFAC (Office of Foreign Assets Control) sanctions list — the first darknet market admin directly linked to Iran and sanctioned by the US Treasury. The market had 150,000 users and processed approximately $30M in drug transactions.
Significance: This case introduced financial sanctions as a new enforcement tool alongside traditional infrastructure seizures. OFAC sanctions carry global reach — any entity worldwide that processes transactions for sanctioned individuals faces severe penalties, effectively cutting the target off from the global financial system.
BidenCash - Carding Seizure
Type: Law enforcement seizure · Date: ~May 2025
A carding marketplace specializing in stolen credit card data and identity documents. All onion mirrors went offline simultaneously; Telegram channels were shut down. The seizure represents enforcement expansion beyond drug markets into fraud-specific platforms — indicating that no market category is immune from prosecution.
Haowan Guarantee - Telegram Purge
Type: Platform moderation · Date: January 2025
Following stricter Telegram content policies, Chinese-language black market channels operating under the Haowan Guarantee umbrella were systematically removed. Described by Wired as "the Internet's Biggest-Ever Black Market Shutdown", the purge affected tens of thousands of vendors and buyers. This event demonstrated enforcement expansion beyond Tor to centralized platforms where operators have no control over infrastructure.
2017-2023: The Enforcement Acceleration
Kingdom Market - Server Misconfiguration (2023)
Type: LE seizure · Date: December 2023
German BKA investigators discovered that misconfigured HTTP server headers
revealed the real IP address of Kingdom Market's backend infrastructure.
This single configuration error bypassed all anonymity layers — Tor, encryption,
and operational security protocols became irrelevant once the server's physical location
was exposed. The subsequent seizure led to the arrest of administrators and the
shuttering of the platform. OPSEC lesson: Server headers, error pages,
and default configurations must be audited exhaustively. Tools like curl -I
should be used regularly to verify that no identifying information leaks through HTTP
responses.
Hydra Market - Mega-Market Seizure (2022)
Type: International LE seizure · Date: April 2022
The largest darknet market ever, with around 17 million accounts and an estimated $5.2 billion in turnover. The Russian-language platform pioneered dead-drop delivery (later adopted by Catharsis and Bazaar) before German police seized its servers and $25 million in Bitcoin in April 2022. No successor has come close. Full breakdown: Hydra Market case study →
White House Market - Honorable Retirement (2021)
Type: Voluntary shutdown · Date: October 2021
White House Market (WHM) set the gold standard for ethical market closure. The platform accepted only Monero, mandated PGP encryption for all communications, and maintained stringent security standards throughout its operation. When the administrators decided to retire, they issued public notice, returned all user funds, and shut down voluntarily. No theft. No drama. The rarest outcome in darknet market history — and a template that no major market has replicated since.
Empire Market - Catastrophic Exit Scam (2020)
Type: Exit scam · Date: August 2020
Empire Market was the largest English-language darknet market at the time of its collapse, having inherited a significant user base from Dream Market's retirement. The administrators exited with approximately $30 million in user funds — making it the largest exit scam in darknet market history at that time. The disappearance caused massive ecosystem disruption, fragmenting the vendor base across multiple smaller markets and eroding user trust in escrow-dependent platforms.
AlphaBay & Hansa - Operation Bayonet (2017)
Type: Coordinated seizure + honeypot · Date: July 2017
The FBI seized AlphaBay after admin Alexandre Cazes left his personal Hotmail address
(pimp_alex_91@hotmail.com) in the site's welcome emails. Dutch police had
already taken over Hansa and ran it as a honeypot for 27 days, catching the AlphaBay
refugees who fled there. The migration trap set the template for every takedown since.
Full breakdown: AlphaBay case study →
2013-2014: The Origins
Silk Road - The Template (2013)
Type: FBI sting · Date: October 2013
The original darknet market, founded by Ross Ulbricht in 2011 and the proof that Tor plus Bitcoin plus escrow worked. It fell because Ulbricht reused the alias "altoid" on public forums, one of which carried his real Gmail address, linking "Dread Pirate Roberts" to a real person. Every market since copies its design, and every OPSEC guide warns against the mistake that ended it. Full breakdown: Silk Road case study →
Silk Road 2.0 - The Sequel (2014)
Launched weeks after the original's seizure under operator "Defcon" (Blake Benthall), Silk Road 2.0 was compromised from the inside by an undercover agent on staff and seized in November 2014 during Operation Onymous. More in the Silk Road case study →
Pattern Analysis: Why Markets Fall
Across 13 years and 17+ major shutdowns, recurring patterns emerge. Understanding these patterns helps users assess current market risk:
| Failure Category | Frequency | Examples | Detection Signal |
|---|---|---|---|
| OPSEC failure by admin | Most common for seizures | Silk Road (username), AlphaBay (email), Kingdom (headers) | Usually invisible until arrest |
| Exit scam | ~30% of all market deaths | Abacus ($12M), Empire ($30M), Evolution ($12M) | Declining deposits, admin silence, increased "maintenance" |
| Voluntary retirement | Rare (~10%) | WHM, Dream Market | Public announcement, funds returned, orderly closure |
| Honeypot/takeover | Rare but devastating | Hansa Market (27-day LE operation) | Subtle interface changes, new CAPTCHA types, altered canary |
| Infrastructure exploit | Growing trend | Archetyp (backup leak), Versus (vulnerability disclosure) | Platform response to security researchers, bug bounty programs |
| Platform moderation | Emerging (2025+) | Haowan/Telegram purge | Terms-of-service changes, platform policy announcements |
Key Takeaways
- Record multi-jurisdiction cooperation — 2025 demonstrated unprecedented cross-border LE coordination, with operations spanning 6+ countries simultaneously
- Exit scams remain the #1 user risk — even dominant platforms (Abacus, 70% market share) can vanish overnight. Never store funds on a market longer than a single transaction requires.
- Financial sanctions are a new weapon — OFAC sanctions against Nemesis admin Parsarad introduced a tool that operates outside traditional law enforcement, with global financial system reach
- Ecosystem resilience continues — after every major takedown, vendors migrate and users redistribute. The ecosystem has never failed to reconstitute, though trust recovery takes months.
- Enforcement scope is expanding — now targeting Telegram channels, clearnet nodes, fraud platforms, and carding markets — not just drug marketplaces
- OPSEC fundamentals remain constant — the same errors that took down Silk Road in 2013 (username reuse, personal email exposure) continue to take down markets in 2025. Technology changes; human error does not.
For current market security assessments, see our Top Darknet Markets 2026 page. For protective measures, see our OPSEC Fundamentals guide.