One of the largest carding platforms in the Dark Web, UniCC, has announced its “retirement” from the criminal industry.
UniCC has been active since 2013. The platform specialized in what is known as ‘carding’: credit card fraud and the sale of stolen details which can then be used to make unauthorized transactions, to clone cards, and to potentially facilitate identity theft.
The retirement notice was posted in both Russian and English on a number of dark web forums.
“Our team retires,” the post read. “Thanks to everyone who has been part of us for years. To loyal partners, clients, and colleagues who assisted us in many ways, I would separately thank each one but it is not professional. If I or some of our team members failed your expectations – we [are] truly sorry.”
The operators then gave the apparent reasons for UniCC’s closure: the age and health of its team.
“Don’t build any conspiracy theories about us leaving. It is weighted decision, we are not young and our health do not allow to work like this any longer.”
The UniCC team then warned users that they have 10 days to wrap up their business and clear their accounts before the platform, alongside its affiliate domain — LuxSocks — closes.
“We ask you to be smart and not follow any fakes tied to our comeback and other things,” the operators added.
According to an analysis conducted by Elliptic, since 2013, UniCC has generated approximately $358 million in stolen data purchase revenue through cryptocurrencies including Bitcoin, Ether, Litecoin, and Dash.
“Tens of thousands of new cards were listed for sale on the market each day, and it was known for having many different vendors — with the fierce competition keeping prices relatively low,” Elliptic noted. “As UniCC retires, focus will now be on who emerges as the main successor. The carding market overall recently surpassed more than $1.4 billion in sales with Bitcoin alone. Meanwhile, the operators behind UniCC will be seeking to cash out their formidable profits.”
In February last year, one of the largest carding forums, Joker’s Stash, called it quits. The platform facilitated the trade and sale of stolen payment card data, but following the seizure of a number of domains used by Joker’s Stash several months prior — and the apparent hospitalization of the operator due to COVID-19 — the service closed.
It is estimated that Joker’s Stash also generated millions of dollars in illicit profits during its lifetime.
Whether or not the operators have truly ‘retired’ or are just seeking to cash out, this does not mean it is the end of the story — law enforcement could still knock on their door, one day.
Speaking to the BBC, the UK National Crime Agency (NCA)’s Alex Hudson, intelligence manager, said the closure has created “mixed” feelings. While the operators have left the criminal industry and the potential pool of tradeable stolen data has shrunk slightly, it may also feel like unfinished business.
“If there is a regret, it’s that we do need to hold them accountable for it and they need to understand that they will still be held accountable,” Hudson commented.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0