Stolen giftcards, hacked logins, copyrighted books, email and password lists. It sounds like what would be available on the darkweb in some silk road successor site. But all that is being sold in the open, on the regular internet. Bitify claims to be “the world’s largest Bitcoin Marketplace and Auction site” and touts a strong escrow system that makes buyers and sellers safe.
Unfortunately, they don’t seem as concerned with keeping their site safe from illegal items. At the time of this writing, sellers on Bitify are offering $50 worth of Potbelly gift cards for $5, $100 worth of BlazePizza for $10, $20 WhichWich cards for $7 and similar discounts.
Almost certainly, the majority of these cards were obtained through illegal means. While reselling unwanted gift cards is a common and legitimate practice, selling them for this cheap is not. It is typical for gift card marketplaces to offer anywhere from 3-20% off their face value. The cards on Bitify are commonly priced at 80 – 90% off their face value.
Gift card fraud is big business[1]. There are three main ways someone can obtain a gift card fraudulently. First, they can use a stolen credit card or hacked Paypal account to purchase gift cards and then sell them to convert those cards into spendable money.
Second, thieves go into stores find unsold gift cards, copy down the numbers and PINs (replacing the sticker with new ones) and then wait for someone else to legitimately purchase and activate the cards. They use software to continually check if they are activated, and then sell the numbers.
Or third, they use botnets to continually test numbers and PINs on company websites until they find valid, activated and loaded gift card, which is then sold.
In addition to the absurdly low price, there is more evidence that the gift cards being sold on Bitify have been illegitimately obtained. Sellers are oftentimes advising buyers to use their cards as quickly as possible. That is because if the legitimate owner of the card uses the balance, the Bitify buyer will be out of luck. If the balance has been moved to another card and that card hasn’t been spent yet, the legitimate owner may also be able to convince the issuing company to reverse that transaction.
More obvious than that, is that other sellers on the site are offering educational materials on how to “clean” gift cards purchased on sites like Bitify. I don’t know what their method is, or if it works but it showcases that everyone involved likely knows exactly what is going on.
The questionable items aren’t limited to gift cards either. Sellers are offering complete email and password combinations, credit card numbers and Steam logins.
Other sellers are offering copyrighted materials, including ebooks not authorized by the publishing company at a massive discount. There
