< Back to Searchlight Blog

Update on the effects of COVID-19 on the Darknet

Published on 30 May 2020 by Charlie

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.

At the start of last month, Searchlight security covered how the darknet community was adapting to the changes put in place by governments worldwide. Now, a month on from then, Searchlight takes another look at how the virus continues to influence the darknet and what communities have done in an attempt to mitigate its effects.

Whilst conversation about the Coronavirus appears to have peaked around the start of April, it still remains a relatively spoken about topic, getting an average of 46 mentions a day over the past 10 days which is around the same number of mentions that the drug heroin gets.

Delivery issues

The main continual effect that COVID appears to be having on the darknet is extended delivery times. This is being reflected in several ways, the first of which is a large increase of users posting about delays on forums. This has increased from an average of 13 mentions a day in January to 29 per day in the past month.

Possibly due to an increase in buyers complaining about delays in the postal systems, vendors have started adding disclaimers about delayed deliveries on their product listings, as can be seen here with this vendor who sells Ecstasy.

Some users are not just reporting delays but a complete absence of their orders, speculation has begun amongst users on forums such as Dread as to if this apparent increase in missing packages is down to increased security within postal systems, COVID or vendors taking advantage of the current uncertainty.

Possibly due to this uncertainty, some vendors are reportedly choosing to temporarily stop dealing on darknet markets, putting their accounts into “vacation” mode and cancelling any unfulfilled orders. Some vendors are even posting that they are still active and are still delivering, suggesting the issue is somewhat widespread.

At the start of the pandemic, Searchlight covered the surge in multiple types of items being listed on markets, this ranged from surgical equipment and ventilators to claimed “cures for the Coronavirus. The number of these postings appears to have stabilised over time, however, with much fewer new listings for masks being offered on darknet markets.

Unfortunately, the increase in the frequency of chat posts on forums that discuss child exploitation has not seen the same decline. On average, chats received 20-30,000 posts per week before the pandemic, compared to the 50-60,000 that are seen recently.

The number of people using Tor appears to have also continued increasing, including a large jump from 60,000 at the end of April to 75,000 at the start of May. Suggesting that more people may be turning to the darknet during the lockdown.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io

Latest News from Searchlight

03 Jun 2020

Hacked Daniel's hosting database released.

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.


26 May 2020

Update on the effects of COVID-19 on the Darknet

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.


20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.


19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.