 Last night on the dark web, an administrator of a hidden marketplace that was too spicy, even by dread standards, created a new account on dread in order to make a warning post. Nemesis Market got seized. The post goes on to say, Hello, I'm Francis. Nemesis Market got seized by one of the law enforcement in Europe. Please clean your house. They have access to all of your info in the past two months. I will update you guys soon. Nemesis will be back soon. And this please clean your house basically means, Hey, you're probably about to get raided, so make sure you don't have anything in your house that could result in you going to prison. And then we have the current Bitcoin block height from when he made this post and the hash as a kind of timestamp for when this post was made. Now, like I said, Nemesis Market was too spicy for dread. That's why they didn't have their own sub dread. At least they didn't have one for the past couple of years. They had one prior to that. And the reason being, or at least one of the reasons being that Nemesis Market had vendors on there that sold weapons, which is against dreads rules. And it's also one of the unofficial rules of dark net marketplaces. Don't sell guns, bombs, hitman services or anything like that because then you're going to bring a whole lot more unwanted law enforcement attention to you versus if you were just a marketplace that was selling unregulated Peppa Pig gummy vitamins. Another difference between Nemesis and other markets besides the sale of 3D printed guns is the built-in forums that they had. There was actually a section of Nemesis that had the same layout as dread with different sub dreads for different vendors and different topics. Their capture system was powered by MamiMilker technology and overall the website had a really nice design, at least as far as hidden markets go. Now, of course, when a market suddenly disappears from the dark web people suspect exit scams first since that's how most of these marketplaces go out. But we didn't really see any exit scam symptoms like keeping deposits and user sign-ups still opened on the site but not allowing withdrawals and the admins stalling saying that there's maintenance issues and other stuff like that to keep people going to the site. You know, we didn't see any of that and of course the admins going out of their way to warn people on the dark web's Reddit that they've already been banned from that a law enforcement seizure is taking place isn't really consistent with exit scam behavior either. Now, throughout this thread Francis gives us some details about how the takedown happened or at least how he believes it happened. He claims that Lithuanian law enforcement pulled the trigger so I guess they were really the ones to actually initiate the takedown even though it was an international effort as we'll see soon. And further down in the threads he says that the store's crypto wallet actually got seized first and then he saw the whole site get taken down after Francis was able to make an announcement in the nemesis forums. And Francis might have indirectly given us a hint about the problem his site had here where another user asks him what version of PHP his site was using and Francis says, I don't remember, but I believe my tour bridge fucked me. So it could have been a classic PHP vulnerability. I'm pretty sure that's how the lock bit ransomware group got him taken down. Could have really been that his tour bridge fucked him. You know, who knows? We'll probably never really know unless the administrator somehow can get a copy of his site and then disclose to us what happened later on because of course law enforcement isn't going to give us all those details. And the admin reiterates later on that the marketplace will be making a return and that he's not really afraid of getting caught. He even made the bold claim in this thread saying that good thing I can share my exact GPS coordinate and no law enforcement in Europe and USA can touch my ass as if he's, I don't know, like staying with Kim John oon or something like that. But in a matter of hours, things clearly changed because this thread got deleted along with all of this new users post and then hug bunter the admin of dread created a new post titled nemesis market has been seized. While it isn't publicly confirmed, I'd like to state that I am confident that nemesis market was in fact seized. I agreed the post yesterday from the admin Francis was strange, especially his follow up or lack of it was unclear how he could know specifically that it was Lithuanian law enforcement, but this can usually be explained by hosting companies providing some sort of tipoff through an email regarding a law enforcement request for information. If there isn't a gag order equivalent in place. This is usually quite common. He was also very confident of not being identified and that he was in an untouchable location before removing all of his post and sending me a message to state his situation has changed and he is now on the run. As always, vendors and buyers take whatever precautions you think you may need from the fallout of a market seizure. Prior to his post, he had sent me this signed message. I can share for clarity, which checks out as his PGP. I didn't save his post yesterday and there is no way to recover it once he removed it. And then we see that it's basically just a short summary of what Francis's post from yesterday that I saved said. Now, if we try to visit the onion link for nemesis market, we just get this warning from no script because for some reason the European cops didn't progressively enhance their seizure banner like they usually do. But it's no problem though. I'm just going to go ahead and lower my tour security settings and you know, execute some European law enforcement JavaScript. What is the worst that could possibly happen? So now that the site is finally loaded, we can see that it actually looks like the German federal police were in charge of making at least the seizure banner. So we've got the message that this platform has been seized and oh, look at this, the German cops. They've got an animation budget. That is your fancy German tax dollars hard at work there to make these modern police seizure sites. But it is kind of cool though. You know, they've got this little Batmobile looking thing that has police written on it blowing up the nemesis market to reveal this QR code. And if you were to give in to the irresistible urge to scan the German glowy QR code, you're just going to end up at bka.de, the German federal police's website. And they have a blog post here about the takedown that mentions some things about the site, that it had more than 150,000 users and 1,100 sellers. And the police also estimate that 20% of those sellers are actually in Germany. They also mentioned that 94,000 euros worth of cryptocurrency was seized from the site. So that confirms what the administrator was saying about the wallets getting seized. No breakdown yet though on what coins were seized exactly because my understanding is that nemesis market accepted Bitcoin, Monero and Litecoin at the very least, kind of similar to my online store based out when where you can get merch like the tie dye tortilla or the come and find it hoodie and actually save 10% of checkout when paying in Monero XMR. And we also have a little bit of a timeline for the investigation down here. So they mentioned that nemesis market was founded in 2021. I've seen some other sources saying they were founded in 2020, I think they themselves even say that they were founded in 2020. But anyway, the German federal police go on to say that their investigation started in October 2024 and it presumably took more than a year for them to find a vulnerability in the site and exploit it at least to the point where they could seize the site and they felt like they had collected enough information because I do suspect that law enforcement would have penetrated the server and lingered there for at least a few weeks, maybe even a few months to gather data about the vendors, the users and the admins especially, which seems to be the case since Francis is now apparently on the run. So once again, we see that the life of a hidden marketplace is not a long one, although nemesis did manage to last longer than your typical dark web market which typically gets hacked, seized or exit scams within the first two years. Even though this obviously isn't the ending that the admins wanted or that anybody would have wanted. I still applaud Francis for making an announcement on Dread and getting the news out for vendors and customers to take the need of precautions since Dread is basically the front page of the dark web. But of course, proactive measures are the most important ones with this stuff. You should always be using PGP, never rely on any kind of in-site encryption that a marketplace claims to offer to your post or messages or whatever. Use Monero and avoid saying too much online in the first place and of course, follow other basic OPSEC rules. Maybe we'll hear later on from the admins what the bug was in their site if it really was a PHP vulnerability like some people suspect, but there's a big gap to fill in the online black market space after nemesis' takedown and incognito's exit scam. And I'm sure it won't be long until the vendors and customers that didn't get swept up in this make their way onto another marketplace.