- Table of contents
The author
Cyber Threat Intelligence | OSINT | Multilingual
Table of contents
Related Articles
The Rise of the Chinese Dark Web: Deepmix to Chang’an
Or Shichrur & Yuval Shnitzer
Executive Summary
In 2022 & 2023 Western government agencies have managed to take down multiple prominent dark web forums such as RaidForums in April 2022, BreachedForums in March 2023, and Genesis Marketplace in April 2023. This might make threat actors in the West feel less confident in initiating activities on such monitored platforms and could shift their focus to Chinese-speaking forums.
Furthermore, in the past year, Western law enforcement agencies have managed to arrest major cyber criminals from both the West and Russia (albeit not on Russian soil), with the seizure of dark web forums and analysis of users’ data playing a crucial role in these arrests.
The monitoring on Western Forums could be the catalyst for a shift of non-Chinese speakers towards the Chinese dark web. This shift could lead to a change in which victims are being targeted, with an increasing likelihood of Eastern victims being targeted.
Western agencies’ lack of regulation and oversight on the Chinese dark web trading market offers a “safe” ecosystem for Western Threat Actors to carry out their activities.
We delve into the current rivalry between two of the leading Chinese underground dark web forums, Deepmix (in Chinese: 暗网中文论坛) and Chang’an (in Chinese: 长安不夜城). Both forums allegedly prioritize the safety and anonymity of their users, while simultaneously accusing each other of fraud and theft.
The Rise in Chinese Dark Web Trading Forums
The Chinese dark web has seen a rise in the popularity of underground trading forums with two platforms, Deepmix and Chang’an, leading the way. Since their respective launches, these forums have gained significant traction among traders and buyers looking for a secure and anonymous platform to conduct business. Both forums offer comprehensive features and support for multiple cryptocurrencies, making it easier for users to trade with one another.
As these forums continue to gain popularity, a rivalry has emerged between them. It’s worth noting that Deepmix was established in 2013 and is considered a more trustworthy platform, due to its longevity. On the other hand, Chang’an, which was established in 2022, has a more user-friendly interface and a Telegram group that allows for more efficient communication between users.
Since the shutdown of some of the most prominent Western dark web forums, significant developments in the Chinese darknet have also surfaced. It’s predicted that non-Chinese speakers may begin to use Chinese speaking platforms more frequently, as Western English-speaking platforms are more easily monitored by government agencies such as the FBI, Europol and other intelligence agencies.
Deepmix (in Chinese: 暗网中文论坛)
The Chinese-language dark web forum “Deepmix” (formerly known as Chinese Darknet Forum) was founded in 2013 and has since become the primary online destination for Chinese-language dark web users. In 2015-2016, the forum was restructured as a dark web marketplace responding to user demand for Bitcoin payment options.
Over the past ten years, the site has focused on maintaining user anonymity and protecting user information, mainly using TOR, while also ensuring users’ financial security by implementing measures such as coin mixing and dispute resolution mechanisms. The site has faced ongoing attacks from governments and other actors seeking to compromise user privacy.
The site has no grand plans for development but aims to provide a secure and anonymous space for users within the TOR network.
Chang’an (in Chinese: 长安不夜城)
Chang’an is a Chinese dark web trading market launched in early 2022 and has quickly become one of the largest in the industry. Its user-friendly website interface includes a built-in function for contacting the administrator.
The platform supports multiple cryptocurrencies, including BTC, ETH, and USDT, and has a meager withdrawal fee of 1% with a minimum of 0.0003 and a cap of 0.0005. In addition to its user-friendly platform, Chang’an has an official Telegram group, “@cabyc“, which started in the same year and has since become popular among users. The group provides a forum for users to ask questions, share tips, and receive updates on the market.
Despite being relatively new, Chang’an has received positive user reviews, proving reliable and showing potential for continued development.
Deepmix vs. Chang’an: A Battle for Credibility on the Dark Web
The First Incident: Deepmix vs. Chang’an
On March 15, 2023, Deepmix made an accusation against Chang’an, calling it a fake trading website. The forum’s login page displayed a statement claiming that a former data provider on the site had built a telegram group and a search group and established a dark web navigation website on the surface web, setting up a fake trading website called “Chang’an Nocturnal City” on the dark web. Chang’an’s manager is alleged to have maliciously slandered Deepmix, accusing the site of being unable to withdraw coins as a buyer and as a seller, and failing to resolve complaints.
Chang’an replied to these accusations by accusing Deepmix of being an old-fashioned fraudulent platform. Chang’an went on to allege that Deepmix had previously defrauded users of funds by changing their usernames to IDs and then extorting huge handling fees from old customers. Finally, Chang’an suggested that if the former leading forums “Loulan City” (in Chinese: 楼兰城) and “Tea Horse Ancient Road” (in Chinese: 茶马古道) had not been taken down, Deepmix may not have been able to continue operating.
as an Announcement for All Users while Logging in to the Site.
Deepmix’s speculation regarding a popular dark web navigation website that was allegedly set up by Chang’an could be “onion666.com”. The reason for this assumption is that on the onion666.com website, Deepmix is classified as a fraud, while Chang’an is advertised as a trustworthy platform (See Figure 5). The manager of Deepmix could have made this assumption, and it’s possible that this assumption sparked the rivalry between the two platforms. However, without concrete evidence, this remains mere speculation.
The 2nd Incident: Deepmix Accuses Chang’an of Stealing Passwords from Users
On April 8th, Deepmix made an announcement claiming that Chang’an had stolen account passwords from Deepmix users. The forum received multiple reports from users who were unable to access their accounts, and after investigating, Deepmix concluded that these users had entered Chang’an’s Telegram group “@cabyc”.
Deepmix further accused Chang’an’s manager of attempting to cheat users on Deepmix and subsequently building a trading website on the surface network. In contrast, Deepmix boasted about its credibility in the dark web and implied that Chang’an lacked this credibility, due to operating on the surface network. However, without concrete evidence, the claims made by both platforms remain unverified.
Developments In Chang’an’s Telegram Group
By April 17th, the Chang’an telegram group chat became home to many heated conversations regarding withdrawing money from Deepmix. For example, one comment was pinned, focusing on accusing Deepmix of changing users’ passwords to steal their accounts’ money. Its author warned anyone who still had money in Deepmix; they advised users to withdraw their funds immediately by claiming to be an example of someone affected by the situation. According to the author, Deepmix’s manager changes users’ passwords and provides various excuses for being unable to retrieve them. The author also accuses the Deepmix manager of spreading false rumors about the arrest of Chang’an’s management.
Accuses Deepmix of Changing Users’ Passwords to Steal their Accounts’ Money.
Following this comment, multiple users with substantial balances attempted to withdraw their funds from Deepmix. However, those users encountered a message informing them that their accounts are now at risk, withdrawals are suspended, and that they need to wait for the risk period to pass. The owner of Deepmix replied that they froze specific accounts as those account clicked on a phishing link, but many users claim they didn’t.
The rivalry between Deepmix and Chang’an highlights the risks and complexities of conducting underground trading on the dark web. While both platforms claimed to prioritize the safety and anonymity of their users, accusations of fraud and theft between the two led to a loss of trust and a potential compromise of user data. Presumably, the lack of regulation and oversight in the dark web trading market only exacerbates these issues. The Deepmix and Chang’an case serves as a cautionary tale for anyone looking to engage in underground trading since the lack of concrete evidence makes it difficult to determine who is telling the truth.
