The “Apollon” Dark Web Marketplace Might Be Exit-Scamming

Last updated July 6, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Seeing darknet marketplaces exit-scamming isn’t something unusual. There is no customer-brand trust relationship to protect, there is no credibility stemming from anything tangible, and these platforms simply don't respect their members. Everyone joins marketplaces to sell or buy illegal goods and services, so they’re in a dangerous, risky, and untrustworthy place. Thus, we often see marketplaces suddenly grabbing all the deposits of their members’ wallets, sending everything to their personal crypto coin stash, and then shutting down the website. Recent dark web rumors say that "Apollon" might be the latest marketplace in the process of doing precisely that.

According to a report by "digital shadows," Apollon has initiated the process of exit-scamming on January 26, 2020. Around that time, its operators started launching DDoS (Distributed Denial of Service) attacks against other English-language forums and marketplaces on the dark web. The vendors who were locked out of their accounts naturally went elsewhere to post about the problem and about the fact that Apollon was exit-scamming. Hence, the marketplace operators thought it would be a good idea to try and silence them by DDoS-bombing their websites.

apollon DDoS dark web

Source: Digital Shadows

The Torum administrators added a permanent banner on the forum to warn everyone about Apollon's ongoing exit-scam. At the same time, the Kilos search engine announced they would delist all Apollon offerings from their index. Apollon responded by DDoSing Torum, Empire, Dread, DarkBay, DarkMarket, Avaris Market, Envoy, The Hub, Avengers, and possibly many more. The fact that Apollon stayed online during the DDoS attacks was a telltale sign for many that the marketplace was behind the attacks. At the same time, the Apollon admins chose not to respond to the allegations, while some moderators openly claimed that they suddenly lost their privileges on the platform.

apollon-moderator-dark-web

Source: Digital Shadows

Amidst this situation, a Torum user reported something interesting that introduces an alternative explanation for Apollon’s actions. He claimed that Apollon’s server had a flaw that resulted in a leak of the site’s IP address, and so the admin’s identity was on the line. The admin was allegedly extorted by the person who held this info but denied paying a ransom. Thus, the DDoS attacks are an effort to hinder the dissemination of this sensitive information. Right now, Apollon remains online and still doing business, so it’s unclear if they are really exit-scamming or not. Possibly, they are now trying to make the most out of Apollon by grabbing the deposits of the last remaining unsuspecting victims before they shut down the platform for good.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: