For Educational and Research Purposes Only

The demand for malicious and illegal products, services, and data has reached new peaks across Dark Web Marketplaces (DWMs), driven largely by COVID-19 and related global trends. Vendors operating on these platforms primarily trade illicit drugs, counterfeit currency, stolen or fake credit card details, anonymous SIM cards, and malware.

Statistics about DWMs help illustrate the scale of this underground economy. Across major marketplaces, there are nearly 500,000 users and more than 2,400 sellers. These platforms have facilitated over 320,000 transactions, involving the transfer of more than 4,650 Bitcoin and 12,800 Monero. SOCRadar continuously scans DWMs to identify exposed corporate data and helps organizations generate free dark web reports to assess whether their information has been compromised.

Characteristics of Dark Web Marketplaces

DWMs provide access to the shadow economy by offering a wide range of illegal goods and services, including drugs, firearms, stolen credit cards, and fake identification documents. Bitcoin is the most commonly used currency on these platforms, though other cryptocurrencies are also accepted.

The first modern dark web marketplace, Silk Road, launched in 2011 and was shut down by the FBI in 2013. Since then, dozens of DWMs have emerged, many of which were later taken down due to law enforcement action, hacks, or exit scams. Despite this, the DWM ecosystem has proven extremely resilient. When one marketplace is shut down, users rapidly migrate to alternatives, and economic activity often recovers within days.

Information Commonly Sold on DWMs

Almost every type of sensitive information can be found for sale on the dark web. Payment card data, including stolen or skimmed credit card details and the tools used to capture them, remains one of the most popular commodities. Medical and scientific research data—particularly COVID-19-related information—has become increasingly valuable.

Trade secrets, proprietary formulas, blueprints, and security plans are also frequently traded, as they can be exploited for financial or strategic gain. Medical records are commonly used for blackmail or targeted phishing campaigns, while financial records enable identity theft, money laundering, and fraud. Intelligence reports and government documents, though high-risk to sell, command high prices due to their strategic value.

Most Demanded Cyber Services and Products

Among the most sought-after cyber services on DWMs are DDoS-for-hire services, exploit kits for phishing and ransomware attacks, and remote desktop protocol (RDP) server access. Stolen payment card data, bank logs, routing information, and “Fullz” (complete personal and financial profiles of victims) are also in high demand.

DDoS services typically cost between $20 and $100 per day, depending on bandwidth and duration. Exploit kits are automated tools that compromise websites and exploit vulnerable browsers to spread malware, and demand for these kits has increased significantly. RDP access is favored by cybercriminals for conducting account takeovers, payment fraud, and other attacks while remaining hidden.

Pricing for stolen payment card data varies widely and depends on factors such as freshness, country of origin, available magnetic stripe data, and expiration date. Bank account pricing is largely influenced by account balance and the financial institution involved. “Fullz” generally range from $4 to $10, with higher prices for profiles that include financial data or higher credit scores.

How Trade Works on DWMs

Dark web marketplaces function similarly to legitimate online marketplaces like Amazon or eBay. Vendors sell goods, buyers make purchases, and transactions are protected through escrow systems. Funds are released to sellers only after buyers confirm receipt of the product. Reputation systems, feedback, and trust scores play a crucial role in establishing vendor credibility.

How Dangerous Are DWMs?

The data sold on DWMs poses serious risks to both organizations and individuals. Studies suggest that 60% of dark web data could potentially harm enterprises. Hackers attack, on average, every 39 seconds, and ransomware attacks were projected to occur every 11 seconds by 2021. Dark web activity has increased by 300% over the past three years, with cybercrime generating an estimated $1.5 trillion annually.

More than two million users connect to the dark web daily via the TOR browser, whose bandwidth capacity has grown significantly over recent years. The total value of Bitcoin transacted on the dark web rose by 65% in 2019 alone, highlighting the rapid expansion of illicit online activity.