UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash.
"Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic. "It is [a] weighted decision, we are not young and our health do[es] not allow [us] to work like this any longer."
The UniCC team also gave its users 10 days to spend their balances, while also warning customers to "not follow any fakes tied to our comeback."
Platforms such as UniCC function as an underground marketplace wherein credit card details stolen from online retailers, banks, and payments companies by injecting malicious skimmers are trafficked in exchange for cryptocurrency. The cards are then used by criminal actors to purchase high-value items or gift cards.
"This process is known as 'carding,' and it has become a key part of the cybercriminal's playbook," Elliptic researchers said. "The technique is very profitable in its own right, but it is also used to help launder and cash-out cryptocurrency obtained through other types of cybercrime."
The sunsetting comes exactly a year after Joker's Stash, the previous market leader, announced its retirement in January 2021 after having facilitated the sale of nearly $400 million in stolen cards. The demise of Joker's Stash worked to UniCC's benefit, which quickly snapped up the top spot with a 30% market share, the researchers noted.
It's also the latest in a growing list of criminal marketplaces to have voluntarily closed shop over the past year, including that of White House Market, Cannazon, and Torrez. This was followed by Monopoly Market, which became inaccessible early this month in what's suspected to be an exit scam.
That said, the illicit market for stolen credit card data has become so lucrative that sales have surpassed 1.4 billion just in Bitcoin, paving the way for new entrants to the space that tend to swiftly fill the vacuum left by defunct criminal entities in a manner that mirrors the ever-evolving ransomware landscape.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The most notable of the lot has been All World Cards, which emerged on the scene in May 2021 and has since drummed up attention by leaking data for one million credit cards plundered between 2018 and 2019 on a cybercrime forum for free, with most cards from the State Bank of India, Banco Santander, and Sutton Bank.
"The wave of recent departures has potentially been a trigger for UniCC's retirement, as illicit actors see an opportunity in the turbulence to either run away with users' funds or retire to avoid increased law enforcement attention," the researchers said.