Dark Web
New Dark Web Marketplace STYX Emerges as Hub for Cybercriminals

A new dark web marketplace, STYX, has been launched earlier this year. It offers a thriving hub for buying and selling illegal services or stolen data. The platform provides various illegal service. It includes

  • Money laundering
  • Identity theft
  • Distributed denial-of-service (DDoS)
  • Bypassing two-factor authentication (2FA)
  • Fake or stolen IDs
  • Other personal data
  • Renting malware
  • Using cash-out services
  • E-mail and telephone flooding
  • Identity lookup, and more.

Background of STYX

STYX opened its doors officially on January 19, 2023. It uses a built-in escrow system to broker transactions between buyers and sellers. However, analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web. This is since early 2022, when the founders were still building the escrow module. The platform supports payments with multiple cryptocurrencies and features a special section. The section is reserved for trusted sellers that lists vetted vendors, likely to increase trust in the platform.

To showcase the purchasing process, the market points to Telegram channels where bots interact with buyers and provide samples of the products sold. Researchers have compiled a report presenting some notable cases they discovered while exploring STYX, aiming to highlight the risks that arise from the operation of these illicit platforms and uncover the actual dimension of cybercrime.

Illegal services offered on STYX

Resecurity navigated all sections of STYX and found that it offers various illegal services, including:

  • Tools to bypass anti-fraud filters such as fingerprint emulators and spoofers.
  • Stolen credit card and PII (personally identifiable information) data for sale.
  • “Checking” (lookup) services that extract information about individuals or organizations.
  • Fake ID or “drawing services that offer forged documents for over 65 countries.
  • Telephone, SMS, and email flooding services ranging from $4 to $150 per day.
  • Money laundering services for BEC (business email compromise) scammers and other fraudsters.
  • Manuals and tutorials on hacking and cybercrime operations.


It also identified a group of trending cash-out vendors that charge commissions based on the exact BIN of the card and brand of gift card. The commission spread depends on the popularity of the service/bank, the complexity of the cash-out process, including the tactics the launderers will have to deploy to successfully circumvent a payment platform’s anti-fraud filters. STYX hosts a plethora of cash-out shops that cover the entire world, offering the “clean” funds via Apply Pay, PayPal business accounts with merchant terminals, and various financial institutions in the U.S., U.K., and Canada.

Implications of STYX on cybercrime

The emergence of STYX as a new platform for financially-motivated cybercriminals shows that the market for illegal services continues to be a lucrative business. Digital banks, online payment platforms, and e-commerce systems need to rise to the challenge and upgrade their KYC checks and fraud protections to undermine the effectiveness of the services sold in these crime spaces. With the Genesis Market disrupted, the void for digital identities needs to be filled, and STYX may see an increased flux of customers looking for compromised accounts and personal information.

The risks posed by the operation of STYX are not limited to cybercrime but extend to national security concerns, as the platform offers services that can be used to launch attacks on critical infrastructure or to engage in espionage activities. Therefore, it is critical that law enforcement agencies and international organizations collaborate to disrupt the operation of STYX and other similar marketplaces.