The U.S. law enforcement has arrested an alleged operator of “Incognito Market,” a major online dark web narcotics marketplace that facilitated more than $100 million in illegal narcotics sales globally.
Rui-Siang Lin, a 23-year-old from Taiwan, was arrested at John F. Kennedy Airport on May 18 for allegedly operating the Incognito Market using the pseudonym “Pharoah.” Lin oversaw all aspects of the site, including managing employees, vendors and customers, revealed an unsealed indictment filed with the federal court at the U.S. Southern District of New York.
Since its inception in October 2020 until its closure in March, Incognito Market sold vast quantities of illegal narcotics, including hundreds of kilograms of cocaine and methamphetamines, globally via the dark web site that could be reached through Tor web browser.
The underground marketplace facilitated an overall sale of more than $100 million of narcotics in its 41 months of operation. The popularity of this marketplace can be gauged from the fact that by June 2023 it was generating sales of $5 million per month.
Features and Transactions of Incognito Market
Incognito Market mimicked legitimate e-commerce sites with features like branding, advertising and customer service. Users could search listings for various narcotics after logging in with unique credentials.
The site offered illegal narcotics and misbranded prescription drugs, including heroin, cocaine, LSD, MDMA, oxycodone, methamphetamines, ketamine, and alprazolam.
“For example, in November 2023, an undercover law enforcement agent received several tablets that purported to be oxycodone, which were purchased on Incognito Market. Testing on those tablets revealed that they were not authentic oxycodone at all and were, in fact, fentanyl pills,” the Justice Department said.
Vendors paid a non-refundable admission fee of $750 and a 5% commission on each sale to Incognito Market, according to the indictment. This fee funded market operations, including salaries and server costs.
Incognito Market also operated its own “bank,” to facilitate the illicit transactions. This bank allowed users to deposit cryptocurrency, which facilitated anonymous transactions between buyers and sellers while deducting the site’s commission, again of 5%.
This banking service obscured the locations and identities of vendors and customers from each other and from law enforcement. It kept the financial information of vendors and buyers separate, making it more difficult for any one actor on the marketplace to learn any other actor’s true identity, a complaint filed against Lin said.
The bank also offered an “escrow” service enabling both buyers and customers to have additional security concerning their narcotics transactions. The escrow service was set in such a way that a buyer’s money would be released to a seller only after specified actions, for example, the shipment of narcotics is made. “With the escrow service, sellers know they will be paid for their illegal narcotics and buyers know their payments will be released to sellers after specified events occur,” the complaint said.
The Exit Scam
As Lin suddenly shuttered the Incognito Market in March 2024, he tried pulling an exit scam stealing the users’ funds stored in its escrow system and also tried to ransom the market’s drug vendors. Lin demanded ransom in the range of $100 to $2,000 from them in exchange of not turning their data over to the law enforcement.
Lin’s Technical Prowess
Lin seems like a knowledgeable person in the field of security and cryptocurrency, as per social media accounts listed in the complaint against him.
Lin’s GitHub account describes him as a “Backend and Blockchain Engineer, Monero Enthusiast.” This GitHub account has approximately 35 publicly available software coding projects. “Collectively, these coding projects indicate that LIN has significant technical computing knowledge, including knowledge necessary to administer a site like (“Incognito Marketplace”),” the complaint said.
The coding projects include operation of cryptocurrency servers and web applications like PoW Shield, a tool to mitigate DDoS attacks; Monero Merchant, a software tool that allows online merchants to accept XMR for payment; and Koa-typescript-framework, a webframe software program used as a foundation for web applications.
Lin also did a YouTube interview explaining how his anti-DDoS tool “PoW Shield” worked for Pentester Academy TV in October 2021, displaying his technical prowess.
The final evidence that law enforcement found linking Lin to the administrator “Pharoah” of Incognito Market was a “simple” hand-drawn workflow diagram of a darknet marketplace that was mailed from Lin’s personal email address.
“This diagram appears to be a plan for a darknet market. Notably, the diagram indicated “vendor,” “listing,” “pgp key,” and “admin review,” all of which are features of (Incognito Market),” the complaint said.
Charges and Potential Sentences
Lin faces the following potential sentencing, if convicted:
- Continuing Criminal Enterprise: Mandatory minimum penalty of life in prison.
- Narcotics Conspiracy: Maximum penalty of life in prison.
- Money Laundering: Maximum penalty of 20 years in prison.
- Conspiracy to Sell Adulterated and Misbranded Medication: Maximum penalty of five years in prison.
A federal district court judge will determine Lin’s sentence after reviewing the U.S. Sentencing Guidelines and other statutory factors.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
