How Dutch Police Busted Hansa Dark Web Marketplace


Hansa was once the second largest dark web marketplace after AlphaBay selling everything from illegal drugs to stolen databases, credit card information and malicious software.

But then Dutch Police came in, secretly took control of Hansa days before seizing its domain and arrested its administrators, buyers, and sellers.

The sudden bust of Hansa shocked the customers as well as the IT security community keeping an eye on dark web marketplaces.

Now, Dutch police have revealed how they took over Hansa and shut down its large-scale drug-related operations.

Following are the details explaining how the police busted Hansa marketplace.

This information was revealed by Gert Ras, head of The Dutch National High Tech Crime Unit (NHTCU) and investigator Marinus Boekelo during Kaspersky Security Analyst Summit (SAS) 2018 in Mexico.

How Dutch Police Busted Hansa Dark Web Marketplace
Marinus Boekelo (left) and Gert Ras (right) – Image credit: @pwnallthethings/Twitter

Bitdefender Tipping Dutch Police

It all started in 2016 when Romanian anti-virus software and cybersecurity firm Bitdefender informed Dutch police that servers hosting Hansa marketplace were based in the Netherlands.

This came as a big surprise for the authorities since tracking a dark web domain on Tor is if not impossible then at least pretty difficult.

The same year Dutch police successfully created a duplicated copy of Hansa server and discovered its chat logs.

That is when the authorities identified that Hansa was being run by two German citizens and upon contacting the German authorities it turned out that both were already under investigation by police for pirating an eBook server.

Dutch And German Police Worked Together

This was like a jackpot for both authorities who decided to work together and arrest the suspects on piracy charges rather than for running an illegal marketplace

. However, the administrators sensed something was wrong and moved their operating servers from the Netherlands to elsewhere.

This was devastating for the authorities since they were keeping an eye and downloading data from the Netherlands servers and there was no other way to track Hansa’s activities and its new servers.

But in April 2017 administrators Hansa made a payment from a Bitcoin address which the authorities had previously found in the chatlog files they downloaded from the site’s servers.

Upon tracking the payment’s destination it turned out that the hosting servers for Hansa were moved to Lithuania.

FBI Comes In And AlphaBay Goes Down

While the Dutch and German authorities were hunting for Hansa, the FBI was about to take down dark web’s largest marketplace AlphaBay.

The FBI got in touch with the investigators and they came up with a plan that would not only take down administrators for Alphabay and Hansa but also its buyers and sellers.

The plan was to shut down AlphaBay and let its users move to Hansa since it was the most active marketplace after AlphaBay and it was evident that a massive influx of users would take place. On June 20th, German authorities raided and arrested Hansa administrators and seized their devices including unencrypted hard drives and laptops.

During the investigation, administrators handed over login credentials of their accounts including logins for the chat system they and 4 other moderators used for correspondence. Now, Hansa was fully in control of the Dutch police.

On July 4th, the FBI arrested the owner of AlphaBay from Thailand and seized his laptop along with login credential for the site which led to the shut down of AlphaBay.

One week later, it was reported that its owner Alexandre Cazes, a Canadian citizen has commuted suicide in a Thai prison which created a lot of confusion among users and as expected tons of users moved to Hansa while Dutch Police had complete access to their passwords, chats, IP address and sales record.

The operation was so secretive and professional that the four other moderators of Hansa were totally unaware of it. A couple of weeks later, Dutch police defaced Hansa with a message that said: “This hidden site has seized by the Dutch National Police.”

How Dutch Police Busted Hansa Dark Web Marketplace

Hence, that was the end of AlphaBay and Hansa, two of the largest illegal marketplaces on the dark web. Before these two, Silk Road was the largest ever marketplace to deal illegal content including banned drugs on the dark web however it was also shut down by the FBI while its owner Ross Ulbricht is serving life in prison.

The End Game

According to Wired, after shutting down Hansa, Dutch police extracted data on over 420,000 users and 10,000 home addresses leading to the arrests of several vendors while the search for more vendors is still on by Europol. Moreover, they have also seized millions of dollars worth of Bitcoins.

The Dutch police also shared a list of active, arrested and identified Hansa vendors and buyers.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.