The alleged architect of the world’s largest dark web market accidentally gave away his personal email address to anonymous users who signed up for his website — including federal investigators
Alexandre Cazes, 25, was the head of AlphaBay, a black market website that sold every imaginable contraband from heroin to hacking tools. On Thursday, the Justice Department revealed how they brought down AlphaBay and Cazes, who died in a Bangkok jail cell last week.
Authorities in the U.S. and Cazes’ native Canada were on his trail for years. AlphaBay was the largest black market site in history, eclipsing Silk Road, a notorious dark web market that shuttered after its founder’s arrest in 2013. AlphaBay was “10 times the size of Silk Road,” FBI officials said Thursday.
ADVERTISEMENT
AlphaBay launched in 2014. Within a year of its opening, undercover investigators began purchasing contraband from the site. Over the course of a two-year investigation, investigators bought marijuana, heroin, meth, fentanyl, an ATM skimmer, and 46 fake driver’s licenses, according to criminal complaint unsealed Thursday.
But AlphaBay protected its administrators through IP-anonymizing networks, making it difficult for investigators to learn who was running the site. Then they learned of an early flaw in the privacy-obsessed network.
“In December 2016, law enforcement learned that Cazes’ personal email was included in the header of AlphaBay’s ‘welcome email’ to new users in December 2014,” the criminal complaint reads. The address, pimp_alex_91@hotmail.com, also appeared in early password retrieval emails.
Cazes “was definitely a computer genius,” who started his own web design business at 17, his father told Quebec’s 106.9 FM in a Friday interview. But pimp_alex_91, which alluded to Cazes’ first name and birth year, was hardly anonymous username.
Investigators soon discovered that the address was connected to Cazes’ PayPal account, which he used to pay for membership in a pickup artist-linked discussion forum where Cazes “routinely posted” about “his financial success and expertise with cryptocurrency,” according to court documents.
An investigation by The Daily Beast has revealed a 2010 forum post by a French-speaking user (Cazes is from Quebec, Canada) that includes a screenshot of an email addressed to the pimp_alex_91 address.
In the post, pimp_alex_91 mocks the phishing email’s obvious flaws. “Fail phishing internet pirate,” the user wrote. A teenager at the time of the post, Cazes would later be accused of much greater crimes than phishing.
On July 5, Royal Thai Police executed a search on Cazes’ home in Bangkok, with assistance from the U.S.’s FBI and Drug Enforcement Agency. It was one of three properties Cazes owned in Bangkok, his father told 106.9 FM. Cazes also owned homes in Antigua and Cyprus, as well as a fleet of flashy vehicles including a Lamborghini and a Porsche.
Shortly before Thai Police stormed Cazes’ main home, law enforcement had forced AlphaBay into a service outage. When police entered Cazes’ bedroom, they found him on his laptop rebooting the site to bring it back online. On the open laptop were the login codes for AlphaBay and all its servers, as well as a document listing all his assets. “TOTAL NET WORTH,” the document read, according to court filings, “$23,033,975.”
A week later, Cazes was dead.
