Joker’s Stash, the internet’s largest marketplace for buying & selling stolen card data, announced today that it was shutting down within a month, on February 15, 2021.
The news was announced earlier today by the site’s administrator via messages posted on various underground cybercrime forums where the site usually advertised its services.
The site had repeated problems this past fall
“Joker’s Stash’s fall comes after a very turbulent close to 2020,” threat intelligence firm Intel 471 said in a blog post today, documenting the site’s demise.
“In October, the actor who allegedly runs the site announced he had contracted COVID-19, spending a week in the hospital. The condition impacted the site’s forums, inventory replenishments, and other operations,” the company said.
“Intel 471 also observed the site’s clients complaining that the shop’s payment card data quality was increasingly poor.”
On top of this, in December 2020, the FBI and Interpol also seized four domains operated by the marketplace.
At the time, the site’s administrators said the law enforcement crackdown had a limited impact on the site, as the domains were only used as proxies to reroute customers from landing pages to the actual marketplace, and that authorities did not seize any servers containing card or user data.
But while the seizure had a limited impact, the domain seizure affected the site’s reputation, showing customers that the once-untouchable Joker’s Stash was now in open season with law enforcement agencies.
Site estimated to have made hundreds of millions of US dollars
While the Joker’s Stash admin did not go into the details that led them to decide to shut down the site, it may be possible that they saw the writing on the wall and decided to call it quits before a more successful law enforcement takedown.
Nonetheless, this doesn’t mean the site administrator is now immune to prosecution. US authorities have often indicted cybercriminals even years after the crimes took place.
Before it announced its “retirement” today, the Joker’s Stash was considered one of the most profitable cybercrime operations today.
“The shop is estimated to have made hundreds of millions of dollars in illicit profits, although this money also goes to the vendors themselves,” Christopher Thomas, Intelligence Production Analyst at Gemini Advisory, told ZDNet in an interview last month.
In 2020 alone, the site posted for sale more than 35 million CP (card present) records and over 8 million CNP (card not present) records.
“In 2020, its major breaches have included BIGBADABOOM-III (which compromised Wawa), NIRVANA (which compromised both Islands Fine Burgers & Drinks and Champagne French Bakery Cafe), and BLAZINGSUN (which compromised Dickey’s Barbecue Pit),” Thomas said.
Joker’s Stash has been operating since October 7, 2014. The site’s administrator said they intend to wipe all servers and backups when they shutter operations next month.