SSNDOB sold personal data for Bitcoin before takedown — it may be back

Listen to this article.

SSNDOB, the darkweb marketplace that made $19 million by selling sensitive data for Bitcoin, has apparently been shut down after an international operation between US and European agencies. However, a new .org domain has cropped up — it’s unclear whether the duplicate website is a copycat or an effort by the marketplace to stay online.

On Tuesday, the US Department of Justice (DoJ) announced it had seized SSNDOB’s websites, which sold the personal data of 24 million US citizens for over $19 million. The takedown included agents from the Federal Bureau of Investigation (FBI), the Internal Revenue Service (IRS), and police in Cyprus and Latvia.

The four seized servers (,,, and were in use since 2015. The sale of personally identifiable information can be used for nefarious purposes such as blackmail, phishing scams, and creating assumed identities.

SSNDOB’s seized website (via Chainalysis).

Data on offer included passwords, credit card numbers, and social security numbers, among other types of sensitive information. SSNDOB sold the data for as little as $0.50, although some customers spent up to $100,000 in Bitcoin at a time. 

According to BleepingComputer, a large portion of the data was harvested through breaches at hospitals and other healthcare settings. SSNDOB was pretty user-friendly — a login screen led to a URL which directed to the darkweb marketplace.

  • Users were given an address to top up with crypto which they could then spend on the site.
  • Data could be searched for with specific characteristics like a name or a country.
  • The operators even offered customer support.

However, a .org domain with the same name is currently operational, purporting to offer the same services. It’s unclear whether it’s connected or a copycat operation. The site feature blog posts in broken English helping the potential customer in picking the right information to buy.

For example, one post tells users to avoid buying driving license information belonging to someone convicted of drunk driving or involved in a hit and run. A clean license will make the assumed identity “more attractive and professional,” it said.

Protos has decided not to provide a link to the new .org website as it’s malicious.

Read more: Dark web giant Joker’s Stash just ‘retired’ with $1B in Bitcoin

How SSNDOB handled its Bitcoin

According to a report by Chainalysis, SSNDOB also accepted Litecoin, but most users chose to pay in Bitcoin.

The blockchain analysts also found a link to the Joker’s Stash. The now-defunct darkweb supermarket for credit card details made $1 billion in Bitcoin before shutting down on its own accord in February last year.

SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash between December 2018 and June 2019. Chainalysis suggests “the two markets may have had some relationship to one another, including possibly shared ownership,” (our emphasis).

The New-York based crypto forensics firm found that SSNDOB’s Bitcoin payment system was active since April 2015, receiving $22 million worth of crypto across 100,000 transactions. Most funds came from exchanges but around 10% was deposited through Bitcoin ATMs — a higher amount than is normally seen in these types of operations.

According to the DoJ, the operators advertised its services online and attempted to evade law enforcement by placing servers in different countries — presumably in Latvia and Cyprus.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.