Nemesis darknet marketplace raided in Germany-led operation


German police said they seized the infrastructure of the popular illegal darknet marketplace known as Nemesis and took its website down.

Visitors to the cybercrime website were greeted on Thursday with a red banner announcing the takeover. At the bottom, the police placed an animated spaceship reminiscent of a 1990s video game called Nemesis.

The spaceship blows up the marketplace logo and then vanishes from the screen, leaving behind a QR code that links to the website for the Bundeskriminalamt (BKA), or German federal police.

The shutdown of Nemesis and the prosecution of its operators “are a further blow to underground economy actors operating on the dark web and demonstrate the effectiveness of international law enforcement in the digital space,” the BKA said in a press release.

The German agency said it teamed up with law enforcement from the U.S. and Lithuania to investigate the Nemesis operation. During the year-and-a-half-long investigation, they discovered marketplace infrastructure in Germany and Lithuania, the BKA said.

Law enforcement confiscated criminal servers and seized data that could help to identify users of the platform, the BKA said. They also obtained €94,000 ($102,000) worth of cryptocurrency assets, allegedly earned through illegal activity. The website operators are suspected of drug trafficking and running a criminal trading platform.

Nemesis was founded in 2021 and has been growing rapidly since then, according to the BKA. More than 150,000 users and over 1,100 sellers were registered on the platform. The police estimated that nearly 20% of these sellers are based in Germany.

Nemesis sold all kinds of illegal goods — drugs, compromised data and  cybercrime services such as ransomware and tools to conduct phishing or DDoS attacks.

German law enforcement hasn’t responded to Recorded Future News’ request for comment about whether the website’s administrators were arrested. However, according to local media outlet Der Spiegel, the operators haven’t been identified. 

Even though Nemesis’s infrastructure was shut down, it doesn’t mean that the criminals won’t start their operations somewhere else.

For example, after law enforcement took down the website of the notorious ransomware gang LockBit, the group attempted to relaunch its cyber extortion operation. LockbitSupp, the group’s administrator, opened a new website and claimed that the takedown didn’t affect his business but rather gave him additional publicity.

“What doesn’t kill you makes you stronger,” he said in an interview with Recorded Future News’ Click Here podcast.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Two Russians sanctioned by US for alleged disinformation campaign

Next Post

Apparel giant VF sends out breach letters to millions following 2023 cyberattack

Related Posts

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection. Attack chains leverage phishing emails that
Read More

Python’s PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI,
Read More