On 15th December, Kingdom Market's administrator was arrested. One day later, it was seized by German (BKA) law enforcement. These are the events that occurred before and after it's seizure.
About Kingdom
Kingdom Market was launched in March 2021 and had over 42,000 listings. Kingdom had it's fair share of issues like any other darknet market, but because of the administrators nationality coming to light, a specific controversy sticks out.
A few large vendors on Dread accused the market itself of scamming them. They claimed a buyer would make a large order, upwards of $200,000, of drugs. The buyer would then dispute the order, and even when the vendor provided proof the order was shipped, the market would side with the buyer. Causing the vendor to lose hundreds of thousands of dollars. Coincidentally, some of these buyers asked their order to be shipped to Slovakia.
Law enforcement claim they have been investigating Kingdom since May 2022.
Before Seizure
On 15th December, the day it's administrator was arrested, reports of problems logging in started to arise on Kingdom's subdread. Two of the administrators, responded to these posts:
Both responses indicated that Kingdom's staff were unsure of what's going on. One user commented "I would be more concerned that the Drives (servers) are being Imaged right now".
On 18th December, one of the administrator of Dread, warned users that "Kingdom Market has likely been seized by law enforcement". This was posted before law enforcement had announced Kingdom's seizure. The post:
Dread staff has received information from a trusted party that multiple individuals, which had sufficient server access to Kingdom's infrastructure, have been arrested by law enforcement with their systems seized. We do not know, and probably won't ever know, the extent of the compromise. It is a shame, but with the current information provided, the chances of Kingdom market returning is from being down is basically zero.
Read the full post here.
The lack of seizure banner and official announcement caused some users to believe that Kingdom had exit scammed under the guise of of a seizure. Some users still remained skeptical even after a seizure banner was placed on Kingdom's main links, because the link to the press release returned a 404 error. Eventually law enforcement fixed the press release link.
After Seizure
3 days after Kingdom's seizure, presumably law enforcement, tautened Kingdom users on Dread. In a post titled "Announcement to the residents of the kingdom" by /u/FallenKingdom, that was signed by the market's key:
Dread users were quick to insult law enforcement. The top reply was from /u/metalgeardonkey, tortimes.com's biggest supporter, who commented:
5 days after Kingdom's seizure, the "Support Admin", /u/OhLongJohnson posted a update on Dread. In a signed post titled "Words from OhLongJohnson, KM gone forever". Here are key quotes from his post:
I regret to tell you that admin`s gone, market gone, seized.
I am okay for now, hopefully this will stay as it is now.
Sorry the Kingdom disappointed you, sorry you lost money while the market was took down. At least wallets were at the different place than servers.
Unfortunately I am not able to tell you any details regarding how was our market set up as I was not in developing the whole market, the old one or new one. I was only communicating with others regarding opsec findings and so. I can say wallets were located in a different place at least it should be due to the security reasons.
Read the full post here.
Interestingly, after apologizing for any lost money, he repeats that he believes the market's wallets were not seized.
Administrator's Arrest
On 15th December, US law enforcement arrested Alan Bill, alias “Vend0r” or “KingdomOfficial,” who was suspected of being the Kingdom Market’s administrator. Bill is a Slovakian national residing in Bratislava, Slovakia.
Below are Bill's OpSec mistakes that led to his arrest and seizure of Kingdom:
- He used cryptocurrency addresses in his name to receive money from Kingdom's wallets.
- He used the the same IP to access Kingdom's Reddit account, his cryptocurreny wallets, his email address and visa application.
- He had large unexplained deposits of Euro into his Slovakian bank accounts totaling approximately €189,000. Many of these deposits were made in cash.
- He used Reddit for market related discussion and ran the subreddit r/kingdomofficial.
- He used Reddit to purchase graphic design services for Kingdom. The cryptocurrency account that paid for the graphic design services came from a wallet that had previously received cryptocurrency from Bill’s known cryptocurrency wallet account. In addition, that same account received deposits from ChangeNow that are linked to requests resolving from the previously discussed IP.
- His email account has several saved images, videos and files that contain the word “Vend0r.” Vend0r is the username of the individual who created the Kingdom subdread on Dread.
- His Google account has numerous files that show recovery information and seed phrases for various cryptocurrency accounts, IP masking tools, and encrypted cloud storage and file hosting services. One of the recovery seeds is associated with the same cryptocurrency wallet that was used to send cryptocurrency to the graphic designed discussed above.
- His email account has a saved video file that shows an individual accessing the back end administrative functions of Kingdom, including to address customer disputes and tickets.
- His Google account was used to search for terms such as “kingdom Market”, “alpha bay Litecoin icon”, and “server housing” on October 1, 2020, which is approximately five months before Kingdom became active.
- His Apple iCloud backup contains numerous text messages where BILL is asking others to communicate with him on encrypted messaging applications, such as Wickr, WhatsApp and Telegram.
Notes
If Bill was the only person that had access to the Dread account /u/kingdommarketofficial, law enforcement can be seen reassuring users that Kingdom will be back after it's administrators arrest:
Though it's more likely multiple staff members had access to the account.
Law enforcement claim they are still looking for other Kingdom staff.
Kingdom's seizure has been covered by other news sources, but I didn't find any articles that covered the events before and after the seizure