Crypto dominates payments but there are new players
Transactions overwhelmingly rely on cryptocurrencies like Bitcoin (BTC). “Criminal entities choose this method due to a misconception that cryptocurrency is anonymous and untraceable by law enforcement,” says the AFP.
Increasingly, privacy-focused coins such as Monero (XMR) and Zcash (ZEC) are being adopted to protect anonymity and make tracing funds difficult for law enforcement. Between 2023 and 2024, the share of new darknet marketplaces accepting only Monero rose from just over one-third to nearly half, reflecting a clear trend toward anti-surveillance tactics, according to Kurrie.
The use of mixers and tumblers to obfuscate transaction trails is also on the rise. Privacy coins like Zcash and emerging protocols leveraging zero-knowledge proofs are gaining attention for their ability to further mask transactions. “This shift complicates law enforcement’s ability to track illicit financial flows, pushing agencies to invest in new blockchain forensic tools and cross-chain analytics,” Kurrie says.
Many platforms now offer multiple currencies, escrow services, and automated laundering tools, with niche services that support the illicit payment ecosystem. “These days, dark web payment systems mirror legitimate e-commerce with customer protection and dispute resolution mechanisms,” Carroll says.
This is in part a response to exit scams, such as what AlphV/BlackCat and other marketplaces have pulled. “But much of this appears to be driven around a need for criminal threat actors to get convenient access to quick payments from victims in order to support further operations,” he adds.
What could CISOs do now?
“It’s essential for security professionals to approach the dark web with a strategic mindset focused on intelligence gathering rather than fear,” says Currie.
Where it’s legal, accessing the dark web can serve legitimate purposes for threat analysts, privacy advocates, and security practitioners.
“The true value lies in proactive dark web monitoring to identify compromised credentials, leaked data, and emerging threats in real time. Equally important is maintaining strong operational security by using trusted Tor browsers, VPNs, dedicated devices, and disabling scripts that could expose identity,” says Currie.
To bolster foundational cybersecurity measures, security teams need to incorporate dark web insights into broader threat intelligence programs. These insights provide context around cyber risks and help security teams adjust their defenses. “By having insights into the dark web, security professionals have a better understanding of threat actor behaviors and motivations,” Currie says.
