How Was ‘Incognito Market’ Owner Caught?

December 13, 2024 • Zachary Amos

Advertisements

In May 2024, the US Department of Justice (DOJ) announced the arrest of alleged Incognito Market mastermind Rui-Siang Lin. The 23-year-old darknet kingpin, popularly known as Pharoah or Faro, had long been on the FBI’s radar and eventually met his comeuppance at JFK airport. 

How Did Federal Agents Catch the Incognito Market Owner?

Law enforcers’ investigation into Incognito Market operations and Lin’s subsequent arrest involved a combination of sophisticated techniques and international cooperation. Here’s how it went down. 

Illegal drug trafficking and sales have always been a major focus among the FBI, Department of Homeland Security and other agencies. So it’s no surprise the illicit activities worth over $100 million conducted within the Incognito Market ecosystem were already garnering attention. 

Details of the bust were announced in a DOJ press release published on May 20, 2024, which revealed that Lin was apprehended on May 18 at John F. Kennedy Airport. Lin was awaiting a connecting flight when federal agents took him into custody. 

As for how the authorities uncovered his connection to the infamous dark web drug bazaar, a blend of old-fashioned investigative work and some luck was involved. 

Cryptocurrency Tracking

Court documents show that on multiple occasions, Bitcoin from Incognito’s administrator wallet was sent to a swapping service. Minutes later, roughly the same amount in Monero (XMR) was deposited in a crypto Exchange account registered to Rui-Siang Lin. His personal email and phone number were on file for KYC. 

Had this been a one-off event, you might just call it a coincidence, but he repeated this cash-out severally to draw suspicion. In one instance, he even publicly posted on a forum about how he sent BTC to the swapping service but never received the XMR equivalent. This revelation helped the Feds identify the exact transaction and his wallet details. 

Traceable Transactions

Lin also used funds from Incognito Market’s admin wallet to purchase at least four internet domains on Namecheap. One of the transactions cost approximately $20,000, paid for using the platform’s finances. The name registered to the Namecheap account was Rui-Siang Lin, again directly connecting him to the dark web marketplace. 

Similarly, Lin maintained a Github account in his name, which he used to showcase his programming prowess, specifically his Proof-of-Work (PoW) shield application. This open-source protocol mitigates DDoS attacks by acting as a smart proxy between the backend service and the end user. Based on this publicly available information, authorities concluded that Lin possessed the requisite technical knowledge and experience to operate Incognito Market. 

Search Warrants 

The dark web accounts for a whopping 95% of the internet and it’s common knowledge that a great deal of activities there are illegal. It turns out the feds have been on Incognito Market’s tail for years. Court documents reveal that the FBI executed search warrants on the marketplace’s servers in 2022 and again in 2023. Initial checks revealed crucial information about the platform’s internal systems. 

In November 2023, the feds finally obtained a judicially authorized search warrant on Lin’s personal email account. The findings were incredibly eye-opening, including a hand-drawn illustration of the marketplace and its configurations. 

Lin’s Diagram of a Darknet Marketplace Obtained From His Email | Source: justice.gov

Undercover Operations

Agents conducted undercover operations to gain access to the marketplace, allowing them to gather intelligence and evidence about the owner.

In one instance, undercover agents posing as buyers uncovered a package, which they thought to be heroin. Upon further testing, the substance turned out to be fentanyl, a highly lethal synthetic opioid. According to the U.S. Drug Enforcement Administration, a mere two milligrams of the substance can be fatal. 

Incognito’s Market Exit Scam 

It wasn’t enough that the dark web marketplace facilitated the exchange of dangerous drugs and illegal activities. Incognito’s Market’s operators went a step further by making off with its users’ funds. 

In its heyday, the platform raked in millions of dollars per month and incorporated many features of legitimate e-commerce sites such as branding and customer service. The infrastructure was quite robust and even included a fully functional banking system capable of storing and exchanging funds, and processing interest earnings. 

However, in March 2024, customers reported being unable to withdraw Bitcoin and Monero, raising concerns about the possibility of an exit scam. In response, administrators claimed the issues were due to a cryptocurrency functionality upgrade affecting usability. 

Accusations intensified after Incognito Market released an official statement on the site confirming earlier suspicions. The announcement stated that operators had collated incriminating information about vendor identities, purchase details and private messages. They threatened to leak the contents unless users paid a ransom commensurate with the volume of their transactions on the platform. 

Cascading Effects 

The announcement that data supposedly deleted through the years were about to be released to law enforcement agencies heightened the stakes. Despite revealing on April 1 that the entire fiasco was just one big April Fool’s joke, people were pissed at the marketplace — especially since a bunch of vendors had already paid up. Whether it was indeed a farce or a genuine fraudulent event, the damage was extensive. 

The exit scam contributed to a growing sense of distrust among users in the darknet ecosystem. As more users experienced losses, they became wary of engaging with other platforms, leading to a more cautious approach to online transactions. Following the collapse, users became more vigilant in their dealings on darknet marketplaces, leading to a greater emphasis on safety protocols and risk management.

How to Report a Scam or Illegal Activity on the Darknet

While the dark web is often associated with illicit activities, it also provides avenues for reporting scams and illegal behavior. Here are some tips on how to effectively report such incidents. 

  • Collect screenshots: Capture screenshots of the vendor’s profile, product listings, and any conversations you had with them.
  • Save transaction records: If you made a transaction with the vendor, keep records of the payment details and timestamps.
  • Document the scam: Write down a detailed account of what happened, including the date, time, and specific details of the scam or illegal activity.

Be Safe When Browsing the Web 

The arrest of the Incognito Market owner, Rui-Siang Lin serves as a reminder for everyone to access the web safely and responsibly. It also marked a significant victory in the battle against online drug trafficking. 

Recent Stories

Follow Us On

bg-pamplet-2