You’ve probably never heard of White House Market. Google can't find it. Its vendors don't advertise much. The few public references to the website are on Reddit forums or specialty tech blogs. But among users of the dark web, WHM was, for years, the go-to online marketplace for illegal drugs and fraudulent credit cards.
Despite never reaching the peak trading volumes of its more-famous cousins Silk Road and AlphaBay, White House Market had established itself as one of the most popular—and secure—markets on the dark web. So when WHM unexpectedly closed on October 1, it came as a shock to the platform’s dedicated user base.
The site’s one-page resignation letter was short on details, saying simply that White House Market had “reached our goal” and that “now, according to plan,” the site was shutting down.
“Thanks everybody for your business, trust, support and of course for placing decent amounts of money in our pockets,” the letter read. “We may come back some time in the future with a different project or we may not.” The letter was signed by WHM’s lead administrator, who is known only by his online handle, “mr_white.”
At the time of its closing, the platform had nearly 900,000 users, of which more than a third—roughly 326,000—were active. Like other dark web markets, it was accessible only on anonymity browsers like Tor and I2P. Going by its advertised numbers, White House Market had around 3,000 vendors, whose listings included credit card and bank fraud, forged documents, illegal and prescription drugs like cannabis and ecstasy, opioids like heroin and oxycodone, hallucinogenic drugs including ketamine and PCP, cocaine, steroids, and amphetamines or meth.
That final listing matches the site’s theme, which features Walter White from Breaking Bad on the banner. But unlike Walter White’s fictional operation, this one had a global presence, with vendors and buyers stationed all around the world, although most transactions were conducted in English.
On Tuesday, less than a month after White House Market ceased operations, the Department of Justice announced the results of Operation Dark HunTor—a sweeping, international dark web takedown that resulted in 150 arrests, along with the seizure of weapons, drugs, and more than $31 million in cryptocurrency and cash. A select few of the dark-net vendor accounts identified were sourced to White House Market, according to court documents. Whether WHM and its administrators are under ongoing criminal investigation is an open question.
It’s unclear how much money WHM’s founders made since starting the site in August 2019, but they charged a 4 percent commission on all sales via an almost-untraceable cryptocurrency called Monero. Nicolas Christin, a computer scientist at Carnegie Mellon University whose research focuses on online crime modeling, security economics, and cryptocurrency, estimates that White House Market facilitated at least $35 million in sales, meaning the administrators’ take-home pay could have been at least $1.3 million over the past two years.
On the high end, Christin estimates, sales could have reached $120 million, which would mean the site’s admins walked away with nearly $5 million.
White House Market was also known for its exceptional digital security, dependable customer service, and, perhaps ironically, its ethics: It didn’t allow vendors to sell child pornography, offer murder for hire, or market weapons, explosives, or poisons.
Now that it’s gone, experts say, new portals will fill the void, borrowing some of White House Market’s tactics and setting marketwide standards in the process, like encoding all communications with Pretty Good Privacy (PGP) encryption and switching to prioritizing Monero, a decentralized cryptocurrency that labels itself as “secure, private, untraceable.”
This is according to a review of black-market websites and interviews with dark-web users and experts who track the industry by Columbia University’s Brown Institute for Media Innovation and MuckRock.
“Historically, based on 10 years of data, anytime a large marketplace has closed, second-tier marketplaces started to fill in the gaps. White House started like that,” said Christin. “You have an evolution from markets and places run by people in the proverbial basement to something that looks a lot more like an industry which is starting to adopt some standard operating best practices.”
Only, these industrywide best practices will make illegal online trades even harder to track for law enforcement.
On the dark web, a peaceful retirement is exceedingly rare. Most of WHM’s predecessors have been shuttered after their founders were indicted, arrested and, in one noteworthy case, found dead in their cell of suspected suicide before reaching trial.
Dark web drug sales—which form the majority activity there by volume—represent a small but growing portion of the total worldwide drug trade. Exact numbers are difficult to pin down, but the United Nations Office of Drugs and Crime estimates that such drug sales quadrupled in size over the past decade, reaching $315 million. Christin, whose team collects the data used extensively by the UN, puts the upper bound closer to $1 billion, since his team can only track a fraction of all sales taking place on these platforms.
The first such modern black market to demand public attention was Silk Road—a $1.2 billion operation at its peak. Silk Road launched in 2011, serving more than 100,000 customers and popularizing the use of Bitcoin in black-market transactions. The market was taken down in 2013 by an FBI investigation. Its administrator, Ross Ulbricht—using the online alias “Dread Pirate Roberts”—was eventually sentenced to life in prison without parole.
Other markets swelled to fill the vacuum, chief among them AlphaBay. It was established in late 2014, and it encouraged (but did not mandate) the use of Monero. By July 2017, AlphaBay was roughly 10 times bigger than Silk Road ever was. Around this time, one of AlphaBay’s administrators, Alexandre Cazes, made a series of mistakes, exposing his identity. Operation Bayonet, a multinational law enforcement operation, pounced and shut down AlphaBay, arresting Cazes, who was found dead in his cell weeks later.
After the bust, users scrambled to find a successor to AlphaBay. Many fled to Hansa, the third-largest market at the time. But Dutch police had already taken over Hansa’s market operations, which meant the newly displaced AlphaBay users were busted through Hansa instead.
Other major contemporaries like Dream faced their own troubles. Dream’s founder had been arrested by US authorities in August 2017. Beleaguered by DDoS attacks and operational security issues, the platform finally shut down in 2019.
Since launching in August of that year, White House Market was determined to do business a little differently. Commenting on the platform’s origin story in a DarknetOne interview this summer, mr_white said they “saw an opportunity, considered we had the required capabilities, and gave it a shot.”
The platform founders implemented arguably the most stringent user security protocols of all dark net markets, or DNMs, in existence today. They popularized the use of two-factor authentication and PGP encryption for all communications between buyers and sellers.
White House Market also insisted that all users shift to Monero for transactions, making them close to untraceable. And while other DNMs balked at mandating complex security protocols for users at the time, buyers did not seem to mind playing by WHM’s rules.
One anonymous buyer I spoke to said White House Market had the best rules and regulations compared to any other marketplace they had used. As mr_white himself put it, “Both PGP and XMR are not as scary as they sound, for most users they learn it once and they will get it right afterwards.”
White House Market also led to other markets mandating PGP encryption and going walletless, says Eileen Ormsby, a lawyer and author of several dark web true-crime books. Those precautions disincentivize platforms and vendors from using so-called exit scams—where an established business stops shipping orders while receiving payment for new orders.
“White House Market was unusual in that it was pretty much a walletless market, although it did not advertise itself as such,” says Ormsby. This meant users never kept a cryptocurrency wallet on the platform and simply paid for services or goods as they came up. The platform also operated in “escrow,” meaning the platform held the money in all transactions until all terms had been met, to keep their buyers’ good faith during trades.
But even the strictest on-platform security protocols can’t necessarily keep DNM users out of the hands of law enforcement. Paul Engstrom—a 45-year-old Las Vegas man who allegedly ran a thriving drug operation, two stash houses, and a team of dealers—had taken pains to set up Monero for all his WHM transactions, court documents say, and used cryptocurrency mixers or tumblers to render less-secure cryptocurrency transactions untraceable.
Prosecutors say that Engstrom was one of the most prolific cocaine vendors on White House Market, going by the handle “Insta.” DEA agents had been investigating Engstrom since October 2020, and he allegedly sold at least 20 kilos of cocaine through White House Market for three times its street price in Las Vegas—netting an estimated $1.9 million in just four months in 2021.
Engstrom’s indictment, announced by the US Department of Justice on Tuesday, also provides a window into how investigators trace even the most careful dark web transactions. Engstrom allegedly used a cryptocurrency-to-cash exchange called BitLiquid to convert his earnings to US dollars. He exchanged Monero for Paxos Standard, a type of tethered cryptocurrency pegged to the US dollar, and then used BitLiquid to exchange that for cash. The DEA agents on Engstrom’s trail, meanwhile, used toll records to determine when Engstrom visited BitLiquid on his phone and monitored the BitLiquid wallet for activity in those time frames. One transaction that lined up—an exchange of $37,000 in Paxos Standard for $36,900 in cash—automatically triggered a currency transaction report, or CTR, because it was over $10,000. That CTR allowed investigators to trace Engstrom’s deposits to his personal crypto wallets totaling $3 million—money that investigators believe come from dark web cocaine sales.
Engstrom, who faces a minimum of 10 years in federal prison if convicted, later told pretrial services that he owned somewhere between $8 million and $10 million in cryptocurrency.
“Whether you use Monero doesn't help you” when you cash out, CMU’s Christin says. “Unexplained sources of income coming from crypto wallets are always a red flag.”
Personal security protocols aside, White House Market vendors like Insta were also subject to a number of other rules if they wanted to trade their goods on the platform. Even as WHM facilitated the sale of illegal drugs and other items, the site admins also abided by and enforced their own brand of ethics.
WHM banned the sale of items like fake Covid vaccine cards, child or animal pornography, deadly weapons, and fentanyl, a cheap but powerful synthetic opioid that is lethal in extremely small doses.
Christin says this moral stance underscores a truism for how black markets exist amid the threat posed by law enforcement.
“Setting aside ethics for a second, if you're an economically rational actor, you don't want murder-for-hire on your platform, because it attracts heat,” he says. “And it's most likely an FBI agent undercover running those things. Weapons, same thing.”
The site’s limited number of vendor registrations also created a level of exclusivity. The trade-off was that WHM's sales value never exceeded at most a fifth of AlphaBay’s peak.
So why close a profitable black market at its peak?
“Anonymity always decreases with time. Just one slip up and you’re done,” says Christin. “If your IP address is captured once, it is a disaster. And so there is a perfectly rational behavior, which is to quit while you're ahead.”
One beneficiary of White House Market’s decision to close up shop might be the newly rebooted AlphaBay, now run by the admin “DeSnake.” DeSnake was one of the admins for the original AlphaBay but escaped prosecution. In a September interview with WIRED, DeSnake wrote that he reappeared to reestablish AlphaBay’s popularity as the go-to online black market. But weeks into the market’s relaunch, AlphaBay was still struggling to attract users. Undeterred, in his interview DeSnake said that dark web markets typically gain an influx of new users only after another popular market shuts down or is busted by law enforcement.
DeSnake is correct. Although no platform has emerged as the go-to DNM in the wake of White House Market’s demise, cannabis, meth, and cocaine vendors on WHM flooded Dread (a dark web Reddit-like forum) to announce where their buyers could now find them. In his sign-off message, mr_white plugged Versus and Monopoly (two smaller DNMs) as secure successors for White House Market’s user base to adopt, also encouraging users to give new platforms a chance.
White House Market’s most lasting impact will likely be that it established a higher industry standard for operations security and customer service among dark net market platforms, making transactions harder to trace and providing a smoother experience for online black market users. Rebooted AlphaBay accepts only Monero now and even runs its own internal Monero mixer to add an extra layer of defense. The walletless market Monopoly, a relatively small player until recently, is rapidly gaining new users and offers them the ability to purge all their order data. Dark0de Reborn is trying to follow in the design footsteps of Apple and Google. Its mission statement places great emphasis on “consumer empathy” and “user experience.”
This is the new breed of dark net markets—one that will make the next big international takedown much harder to pull off.