Richlogs, a Genesis Market wannabe, did an exit scam?

Richlogs Genesis Market Underworld Market Exit Scam Clear Web Dark Web Hacker Forum

The cyber landscape was intrigued back in April 2019 when a new online marketplace called Richlogs, now known as Underworld Market, has emerged to offer victim’s stolen digital identities, including access to their unique online activities, sensitive account credentials, IP addresses, and more.

Richlogs was also dubbed a ‘Genesis Market wannabe’ since its services are similar to the latter, such as offering stolen digital fingerprints. Genesis Market was first detected to operate on both the clear web and the dark web around 2017. Since then, the malicious marketplace has been the most trusted among threat actors and is titled as a high-profile repository of stolen digital fingerprints.

On the other hand, upon appearing in 2019, Richlogs introduced themselves to offer the same services for interested clients. Threat actors can maximise the stolen digital footprints these dark web marketplaces offer by utilising the victims’ data against anti-fraud security tools and impersonating their victims to commit cybercrime.


However, our experts from iZOOlogic have recently noticed the last activity of Richlogs on a dark web forum, wherein some users have questioned whether the marketplace has done an exit scam against their clients.


The website of the malicious credentials marketplace was found inaccessible by our researchers, hence, making them wonder whether the marketplace has performed an exit scam against their clients. Additionally, some users on Richlog’s dark web forum profile commented about the sudden inactivity of the marketplace and how their website could not be accessed despite their claims that it was working.

Upon registering on the now inaccessible website of the credentials marketplace, interested clients must first deposit $50 as an account balance. After the initial deposit, they will access the shop and browse the services available.

With the number of clients that the malicious credentials marketplace had over time, it is inarguable that these users might have been just victimised by an exit scam from the administrators of Richlog, considering that their website has suddenly become inaccessible. Their dark web forum profile has become dormant for almost a year now.

Furthermore, our researchers have also detected that the credentials marketplace had been suspiciously banned from XSS, a Russian-based hacking forum.

With these discoveries in mind, iZOOlogic’s security experts will continue to probe Richlog’s cyber activities and update clients with the latest findings regarding this intriguing issue.

And with fraud being a global concern within the cybersecurity sector, our experts highly advise everyone to always protect their online presence by constantly changing account passwords, activating two-factor authentications, clearing cookies and browsing histories, and implementing cybersecurity tools in all devices.

About the author

Leave a Reply