The Dark Web’s Most Notorious Thief, Phishkingz, Gets Doxxed

The most feared thief on the dark web has been exposed by a vigilante hacker, proving that no one is safe in the lawless underbelly of the internet.


Users of the dark web, where customers can mail order any drug imaginable, don’t only have to worry about the cops. Hackers and scammers are constantly looking to empty unsuspecting shoppers’ digital wallets, typically by tricking them into handing over usernames and passwords.

But events have come full circle for one of the dark web’s most notorious thieves, known as Phishkingz. Over the past few days, a hacker has targeted Phishkingz, figured out what appears to be his real identity, and attempted to extort him. The case highlights how people who hide behind pseudonyms online can sometimes be unmasked, especially due to their own, sloppy mistakes.

“He probably saw the thread I made on Reddit and shit himself,” the attempted extortionist, who goes by the handle InsanityDRM, told The Daily Beast.

The dark web is a small collection of websites that use special software, called Tor, to hide the physical location of the website’s servers. This means law-enforcement agencies have a harder time tracking down who is hosting a dark-web site. This technology, along with the pseudo-anonymous currency bitcoin, has facilitated dozens of online marketplaces, which offer drugs, and sometimes weapons and stolen data.

Phishkingz runs an elaborate network of fake marketplaces designed to look exactly like the originals, but with a key difference—when a customer logs into the fake market, the site sends their login details to Phishkingz. He can then log in and try to steal the target’s bitcoins.

But what separates Phishkingz from other dark-web hackers is that he is not hiding in the shadows. Far from it, Phishkingz taunts his victims publicly on Reddit, and flexes his muscles in media interviews.

“I dominate the phishing scene on the dark web,” he said in a recent interview with news site Deep Dot Web. In that interview, Phishkingz claimed, perhaps optimistically, to have made over $1 million targeting users of AlphaBay, which until recently was the largest marketplace on the dark web.

With that notoriety, Phishkingz has made some enemies.

“I noticed how much he was flexing on the [Trade Route] subreddit,” InsanityDRM, the extortionist, told The Daily Beast. Trade Route is a typical dark-web market that vanished recently.

Phishkingz was “acting like he’s a boss,” InsanityDRM said.“Figured I’d knock him down a peg or two.”

In short, InsanityDRM followed some of the crumbs Phishkingz had left online. During his Deep Dot Web interview, Phishkingz mentioned he hacked a dark-web market called Trishula. So InsanityDRM says he hacked Trishula himself, found Phishkingz’s login details, and cracked his password—the name of a football club and a number.

The Daily Beast independently obtained a copy of the same dark-web marketplace database, which was already publicly available, and confirmed that Phishkingz’s password was the same as the one InsanityDRM claims to have discovered.

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

According to InsanityDRM, Phishkingz used this same password on Reddit and Jabber, an online chat service. To prove he had access, InsanityDRM contacted The Daily Beast from Phishkingz’s account.

InsanityDRM then searched through other hacked databases for people using the same password. He found a match with someone registered on several sites focused on credit-card fraud, using what appeared to be their personal email address. That led to a Facebook account, which also used the same password a number of years ago.

InsanityDRM tried, unsuccessfully, to extort Phishkingz with these discoveries for around $10,000. The person believed to be behind the notorious scam identity has since deleted or increased the privacy settings on his Facebook, and did not respond to a request for comment. InsanityDRM also believes Phishkingz runs, a website that allows people to connect to dark-web markets without using Tor, but which appears to tamper with the content of visited sites.

InsanityDRM says he has already provided all of the information to the authorities.

As Motherboard reported, an IRS agent contacted InsanityDRM asking for more details. InsanityDRM shared screenshots of alleged conversations he had with this agent with The Daily Beast.

“Yeah I provided them with his info,” InsanityDRM said. The IRS agent declined to comment.

Even though dark-web marketplace users may have little legal respite—it’s unlikely someone buying heroin is going to complain to the police when a thief steals their bitcoin—authorities have previously arrested people who hack dark-web customers. Last year, Michael Richo was charged in connection with his own scheme to steal bitcoins using phishing pages. Richo obtained more than $365,000 and more than 10,000 usernames and passwords, according to the Justice Department, and he later pleaded guilty.

“I wonder if he’s finally on the run,” InsanityDRM said of Phishkingz.