Genesis Market, one of the world’s largest cybercrime facilitation websites and a marketplace for trading personal information, was home to almost 80 million sets of digital fingerprints for sale by 2023. Founded in 2017, and operating simultaneously on both the dark and open web, with a convenient user interface, Genesis Markets quickly gained popularity with online fraudsters as an all-in-one destination to purchase digital fingerprints. Login credentials, browser histories, autofill data, IP address and location information from the site has been leveraged by criminals to log into victim’s accounts on platforms including PayPal, Amazon, online banking as well as numerous cryptocurrency exchanges.
Depending on the quality of the data, personal information was sold for as low as $1. In the 2021 hack of Electronic Arts, a $10 bot purchased from the Genesis Market allowed hackers access into EA's internal Slack account. Due to the association with profit motivated cybercriminals, the Genesis Market has been on the radar of numerous global authorities for some time.
Robert Jones, the director general of the National Economic Crime Centre at the NCA said:
It was a very sophisticated website, very easy to use…you just needed to be able to use a search engine, and then you could start committing crime.
After a combined effort by law enforcement agencies across 17 countries, the ‘enormous enabler of fraud’ was officially shut down on Tuesday, 4 April 2023 with 120 people arrested globally. The global law enforcement crackdown was led by the US FBI, Dutch National Police, NCA in the UK, Australian Federal Police and other countries across Europe.
The NCA estimated that sales from Genesis Markets led to frauds involving over 2 million victims worldwide, with both individuals and companies impacted by way of fraud and ransomware attacks. The FBI believes that Genesis has generated at least USD$8.7M from illicit transactions of stolen data but also noted the possibility of total financial losses surpassing tens of millions of dollars.
The domains for Genesis Market have been seized by the FBI, with a takedown notice available on Genesis’ normal login page, encouraging users to contact the authorities regarding information on the operators of the platform. So far, officials have identified approximately 59,000 users of the marketplace. While continued efforts are made to identify and detain the owners and administrators of the fallen Genesis Market, the seizure nevertheless marks a ‘meaningful blow in the fight against online identity theft’.