It has been a long time since we heard about a large dark web marketplace bust. On April 4th, that has changed after the FBI seized Genesis Market’s clearnet domain in cooperation with other international LE agencies in an operation called “Cookie Monster”.
You can see the message yourself here.
What is unusual about this crackdown is that the Genesis .onion domain is still up. The “Cookie Monster” operation resulted in 119 arrests across the globe, yet just a few hours after the seizure, the account belonging to Genesis posted on Russian hacking forums XSS.is and Exploit.in (you can find the links on our wiki) a message announcing that they will post new domains in the near future. It seems that the admin has not been arrested, but this could definitely be a honeypot.
Even if it was true that the .onion domain is secure and has not been infiltrated by LE, nobody should risk ordering stuff on a possibly honeypot website.
Genesis Market focused on selling stolen accounts to various services including for example Google, Facebook, eBay, Gmail, Paypal or Amazon. To bypass security measures while logging into the accounts, vendors often sold fingerprints or session cookies instead of usernames and passwords. That is where the name of the operation – “Cookie Monster” originated.
Session cookies are set in our browsers every time we sign into a website. It is a piece of information that is used to verify that the user is currently logged in. If an attacker manages to steal this cookie and import it into their own browser, the website will give them access to the account until the cookie expires or gets deleted from the server.