Since it reached a peak of over $64,000 in November 2021, the price of bitcoin has plummeted, at one point falling over 70%. Other cryptocurrencies, such as Ethereum and Monero, have dropped similar amounts, wiping out $1.8 trillion in total value.

When a currency drops in value so precipitously, it often triggers an event known as a “bank run,” in which people franticly withdraw the falling currency from the bank and exchange it for a more stable currency. Widespread selling causes fear that the banks will become insolvent, which turns into a self-fulfilling prophecy. The panic snowballs and banks can run out of currency reserves and face collapse.

Learn more: Detect and prevent credit card fraud, phishing and data leaks

Unsurprisingly, there have been runs on many crypto exchanges. Some now are lurching towards bankruptcy, while others have slowed withdrawals to preempt it. There promises to be turbulent weeks and months ahead for cryptocurrency, and it is unclear what the crypto ecosystem will look like when the dust settles.

Underground crypto exchanges

There are also crypto exchanges that operate on the dark web. While these do not function as banks (they do not seem to be places to store funds), they enable actors to exchange between cryptocurrencies and/or fiat. These fly-by-night exchanges do not perform KYC identity checks like the legitimate ones are required to do. Therefore, anyone that is unable to use the legitimate exchanges can use the shadowy exchanges on the underground.

For example, this actor accepts payments from Revolut or PayPal and returns bitcoin or Ethereum. Based on the quantity exchanged, fees range from 8% to 15%

Similarly, this exchange offers a variety of options for transferring to and from crypto, Zelle, PayPal, Cash App.

These exchanges invest in branding. They have names and (by dark web standards) flashy graphics. Like any other black-market service, their fees are far higher than legitimate exchanges, ranging anywhere from 2% to 15%, depending on the exchange and the quantity of funds.

We presume that these exchanges are not simple to establish. Actors need to build reserves of several currencies and design mechanisms to accept payments in various platforms. They also need to market themselves to be discovered and build a reputation so they will be trusted. For all of these reasons, we believe that in 2021, there were only several dozen of these types of exchanges operating on the underground (we can assume that there are plenty of exchanges that do not publicly advertise on dark web forums and are only known by word-of-mouth).

Exchanges and The Crypto Crash

We were interested to see what has happened to these crypto exchanges in recent months.

We took a sample of 34 unique actors that operated crypto exchanges in 2021. Half of these actors have been active for three years, with thirteen of them participating on their respective forums since 2018. They have also accounted for hundreds of posts each. Since most actors on the underground are active for a very short time and write very few posts, these crypto exchange hosts are rather well-established. This is critical for their operations to succeed; for people to trust them in exchanging funds, they must be highly reputable within their forums.

Learn more: Advanced warnings and actionable insights

We checked in with them to see what they were up to in 2022. To our surprise, none of these actors mentioned their exchanges during the brunt of the crypto crash, from April 1 onwards. It is not as if these actors disappeared. Eighteen of them wrote posts during this three-month period, accounting for 328 posts overall. They wrote about a variety of topics.

For example, this actor promoted his refunding service (refunding is a social engineering scam in which a buyer from an ecommerce store requests a refund for an item and keeps the item too).

This former exchange operator asked if there are “any legit darkweb gun sites.”

However, none of the exchange operators from 2021 are still promoting their exchanges.

What happened? It could be that just like the legitimate exchanges, they also experienced bank runs. As crypo prices fell, actors turned to these exchanges to dump it for fiat. They quickly ran out of their dollar reserves (or their operators also feared losses from buying more crypto), and they ended operations.

But were there any new exchanges that took their place? We found four new exchanges advertised on forums from April to the end of June, which does not replace the number that vanished.

Conclusion

With these exchanges gone, we anticipate that it will be harder for actors to swap currency. These exchanges are probably mostly used by less sophisticated actors, who will now be stuck without a way to swap funds (the more advanced cybercrime groups, we imagine, have more complex ways to exchange and launder money and they will undoubtedly find ways to continue doing so).

Read: Automatically monitor dozens of terror-related forums, Telegram channels, and Discord forms.

We must note that while transactions on the underground are consummated in cryptocurrency, the price of items and services is generally in dollars. Therefore, actors that have been holding on to crypto have lost their purchasing power on the dark web, and now others have lost the ability to exchange currency. This drop in liquidity might lead to a slowdown of commerce on the underground.

But if it does, it will only be temporary. While the crypto crash might have knocked underground exchanges out of commission, we anticipate that they will return once prices stabilize and there is money to be made again. There is too much demand and financial incentive for them to be out of the game for a long time.