From October 2014 to January 2015, the art collective !Mediengruppe Bitnik delved into darknet culture with an exhibition in Switzerland titled The Darknet: From Memes to Onionland. This exhibition showcased the purchases of the Random Darknet Shopper, an automated online shopping bot that spent a set amount in Bitcoins each week on Agora. The project aimed to explore philosophical questions about the darknet, including the legal responsibility of software or robots. The display of the robot’s purchases, which included a variety of traded goods like a bag of Ecstasy pills labeled “with no bullshit inside” (containing 90 mg of MDMA), was situated next to a police station near Zürich.
In August 2015, Agora’s administrators released a PGP-signed message announcing a temporary pause in operations to protect the site from potential attacks that they believed could be used to reveal server locations.
In the shadowy realm of the Dark Web, Agora, the largest marketplace for illicit drugs, has taken a lesson from the downfall of the infamous Silk Road: When the cloak of anonymity begins to fray, it’s wise to retreat and regroup. On Tuesday evening, Agora announced that it would temporarily go offline to fortify its defenses against potential attacks that could reveal the site’s servers and operators.
In a message posted both on the market site and the “darknetmarkets” Reddit forum, Agora’s anonymous administrators reported that they had detected “suspicious activity” aimed at compromising the anonymity provided by Tor, the software used to cloak their servers’ IP addresses. This activity, they feared, might enable law enforcement to track down not only the site’s operators but also its buyers and sellers.
To counter this threat, the Agora admins plan to implement a software update but require a hiatus to do so safely. They did not specify when the market would resume operations. “At this point, while we don’t have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy,” reads their message. “Thus, and to our great sadness, we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved.”
The Agora team did not detail the specific Tor vulnerability they were addressing, but it is likely related to a recent paper by researchers from Qatar University and MIT, published ahead of the Usenix security conference. The paper outlined a method of “fingerprinting” that could identify Tor hidden services with up to 88 percent accuracy.
The Tor Project responded to this research, noting that such an attack would require controlling a large number of Tor nodes—volunteer computers that help route traffic through the Tor network. In a blog post, Tor director Roger Dingledine suggested methods to mitigate the attack and emphasized that researchers often overestimate the feasibility of such fingerprinting techniques.
Despite these assurances, Agora’s admins expressed concern over the potential resources required for such an attack. “Most of the new and previously known methods do require substantial resources to be executed,” they wrote. “But the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources.”
Agora’s temporary shutdown is a significant setback for the Dark Web’s drug trade. The site had grown to become the largest online marketplace for drugs, boasting over 17,000 drug listings and more than 20,000 total listings, including counterfeits, drug paraphernalia, and other contraband. (The site had recently decided to stop selling firearms.) A Carnegie Mellon study estimated that Agora was generating $150,000 in sales daily as of last February. Following the abrupt closure and theft by a competing marketplace, Evolution, in March, Agora absorbed much of Evolution’s market share.
On Reddit’s darknetmarkets forum, many users praised Agora’s decision to prioritize user safety over continuous operation. “Props to Agora and their iron testicles,” one Redditor commented. “Yes, it’s a major inconvenience for vendors and users alike, but hey, who knows, maybe some people will even get clean during this period!”
During Agora’s downtime, other market sites like Abraxas, Alphabay, and Nucleus are expected to capture its displaced customers. Nicolas Christin, co-author of the Carnegie Mellon study, remarked, “I don’t know who will be the new crowned king, but people will pick up the pieces. The demand is here and people aren’t going anywhere. They want their drugs and people will find ways of selling to them.”
However, Christin also noted that the Tor vulnerability serves as a crucial reminder for operators of anonymous sites. “The world isn’t coming down. It’s not like there’s an attack that immediately de-anonymizes everything,” he said. “But it may be a reality check for some of these site operators. Tor is not a magic box that provides you a cloak of invisibility, Harry Potter style.”