Popular Darknet Markets tutorial on bitcoin mixing is a dubious phishing scam

Darknet Markets, a commercial website, is running a phishing scam which targets novice users looking for a tutorial on bitcoin currency mixing through an article on their site.

Mixing bitcoins is the process of using a third party service to remove traces of the sender and receiver of the coins. It essentially deletes the history of where the currency has been, who has used it and what it has been previously used for.

The most worrying aspect of this scam is that a simple Google search for a term like "bitcoin mixing" yields the Darknet Markets' site within its top-three results as of now.

The website and the page look like a proper tutorial, but that is just on the surface. Despite being reportedly informative and straightforward as a tutorial, the links that it leads to as trusted mixing services are fake, says Motherboard.

The article is titled A Simple Guide To Safely And Effectively Tumbling (Mixing) Bitcoins.

Links that lead out of the explainer have been carefully recreated and appear, at least to the untrained eye, as real and legitimate. But the report verified that the sites are set in different URLs and are not what they claim to be. Once the money goes into the mixers, it will apparently be lost forever.

The dark market links that the website promotes on its sidebars are also reportedly recreations of infamous dark net sites that have already been blocked, says the report. Among other sites on the sidebar, there's Alphabay – one of the largest market places for drugs and other illegal items which was taken down after a global cybercrime operation in July this year.

"This is pulling people in who are looking for a particular phrase on Google, lulling them into a false sense of security with good information, and then hitting them with a dodgy link to steal their money," said Lee Munson, a CompariTech security researcher, in an interview with Motherboard.

"Whoever has done this, has done their homework. This is probably the best phishing scam I've ever seen," he added.

According to the Google search result, this page has been up and running since at least July 2015 and has reportedly not had too many updates since then.

As to why it remains on top of search results in spite of Google continuously revamping its search algorithm is anybody's guess. However, Google results hijacked by spam from drugs and dating sites are not unheard of.

One of the reasons, according to Munson, why this could be is because of other legitimate sites linking back to this one thinking that it is genuine as well, leading Google to increase Darknet Markets' search value.

The site might also be making use of standard search engine optimisation techniques, he said.