Some notes from the WSM Admins Criminal Complaint : DarkNetMarkets | Torhoo darknet markets

Some important things to note regarding the WSM CC.
Much of this information I have been preaching for ages now, but I feel it's important to point out real world impact of OPSEC gone wrong.

WSM was the successor of the DNM German Plaza that exit scammed in 2016, and had the same admins.

Lousee was using a VPN coupled with a mobile broadband dongle. He was deanonymized because the vpn connection dropped a few times and connected with his real IP (Mobile Dongle) to backend WSM infrastructure that the feds had previously identified (and imaged!) in its ongoing investigation. While the mobile broadband account was registered with fictitious information, forensic capabilities allowed the connection to be traced to his physical location (his home and place of work). This also allowed the Feds to identify his location by tracing this connection at the time of his arrest.

Kalla was also using a VPN to access WSM backend infrastructure. He was deanonymized most likely because the VPN Provider was logging meta data among other things. However some VPN Providers also use poor data transit encryption schemes as well as hardcoded encryption keys making decryption of captured data trivial. He was using a internet connection registered in his mothers name.

Frost was deanonymized using Blockchain analysis. His PGP public key was linked to a vendor account (dudebuy) on the imaged Hansa server seized by LE in 2017. He used a refund wallet while he was vending on Hansa that he then used a mixing service to cash out. The Postal Inspector de-mixed his coins and found Frost had used these fresh coins to purchase a digital marketing plan from a legitimate company with BTC in the name of Martin Frost and with the email klaus-martin.frost@web.de. As well prior to WSM opening in 2016, Frost used mixed BTC to pay for two accounts with a video game company with the same email address as the marketing company. After these transactions this wallet was reused and funded with transactions mixed from his refund wallet. Later on he paid for another account with the gaming company with the same email address. After this transaction, the wallet was again reused and was later funded (for other transactions) by wallets associated with commission payments from WSM.


During the exit scam it's interesting to note LE noticed members of the public sharing their own analyses of virtual currency transactions revealing that large amounts of virtual currency, estimated between $10 and $30 million, were being diverted from wallets believed to be associated with WSM to other virtual currency wallets.

In response to the exit scam LE obtained search and arrest warrants for all 3 admins.

Kalla, after being arrested and advised of his rights under German law, confessed to being an administrator of WSM. He admitted that he maintained a technical role with respect to WSM and identified the location of the WSM forum. He also admitted that he was involved in the administration and operation of a prior darknet marketplace, GPM (German Plaza Market), along with Frost and Lousee.


I've said it before and I will reiterate my position, mixing services are pointless because of blockchain analysis, and have been for a long time. They give a false sense of security and offer nothing in terms of actual protection.

Please do not rely on VPN's to protect your identity. There are Pros and Cons to using them, as well most have "kill-switch" features. However unless your a infosec professional and understand DNS and how packets are routed, exactly how VPN's operate etc, they should not be used.

Postal Inspectors have blockchain analysis and de-mixing capabilities and are actively tracing DNM purchases!!

As we progress into the future of DNM's, methods and techniques should progress as well. Using mixing services used to work back in the day but they are a huge no-no now. As a community we will not accept a new market unless they use Monero. End of story! BTC can be easily purchased and swapped to Monero, thereby breaking the chain of ownership. I will provide a tutorial on how to properly implement a Mixer as well as mixing your personal coins yourself in the future. Please upvote for visibility and as always, Thanks for reading!