Joker’s Stash is a popular “karting” site that offers millions of credit and debit card accounts for sale for Bitcoin and other cryptocurrencies. These cards are believed to originate from successful hacks of retailers and other businesses. While most card sites act as resellers of credentials obtained by others, Joker’s Stash is believed to be responsible for finding the details of the cards it sells.
Our analysis shows that the site has received over 270,000 BTC payments in the past four years – with a current value of approximately $1.6 billion.
In late 2017, Joker’s Stash moved its website hosting to a decentralized blockchain-based Domain Name System (DNS), secured by the cryptocurrency Emercoin, presumably in an attempt to prevent domain seizures by law enforcement. Decentralized DNS is further explained below.
The Joker’s Stash wallet is part of Elliptic’s comprehensive database of addresses associated with illicit activity, which underpins our Forensic and AML products.
Decentralized DNS
DNS is a service that converts an easy-to-read URL in your browser’s address bar (eg “google.com”) into the IP address of the computer hosting that website (eg 172.217.15.110). DNS operates from servers run by a range of organizations, from Verisign to NASA. The police can contact these organizations to remove certain domains, preventing access to these sites.
By moving to a decentralized DNS system, administrators of illegal sites can prevent this from ever happening, as there is no central organization or server that can be asked to remove a DNS record.
Cryptocurrencies such as Namecoin and Emercoin enable just such centralized DNS systems to be built on their blockchains. A given domain name and corresponding IP address can be recorded on one of these blockchains by paying in cryptocurrency with that information encoded in it.
Joker’s Stash, for example, uses Emercoin. To access the site, you would add the Emercoin extension to your browser. When a domain name is entered in the address bar, this extension checks the Emercoin blockchain for the domain and the corresponding IP address needed to connect to the site.
This gives illegal websites a way to remain active despite attempts by law enforcement to deactivate their domain names. However, it also opens up a new possibility – tracking cryptocurrency payments used to set up DNS records.
Compliance Financial Services Global