Transforming from Administrator to Extortionist: The Downfall of Incognito Market's 'Pharoah'

Introduction: Moving Past the Exit Scam

In March 2024, Rui-Siang Lin, a 23-year-old Taiwanese administrator of Incognito Market referred to as 'Pharoah', transformed a typical exit scam into a widespread extortion scheme. Motivated by arrogance, he deceived his community on two occasions: initially by misappropriating funds, followed by extorting vendors.

The Emergence and Shift

Incognito Market has facilitated the movement of over $100 million in illicit drugs since 2020. In early 2024, withdrawal activities came to a halt—a typical indication of theft. Rather than disappearing, Lin issued an ultimatum.

The Demand for Extortion

Lin asserted that they had private messages and order information, requesting ransoms ranging from $100 to $20,000 to avert the disclosure of 557,000 order records to law enforcement authorities.

Tactical Mistake

By continuing online to exploit users, Lin increased his visibility to federal investigators, employing a 'double-dip' tactic that ultimately led to his downfall.

The Paradox of Expertise

Court records disclosed that Lin was employed by the Taiwanese Ministry of Foreign Affairs, where he trained law enforcement in blockchain analytics. Nevertheless, he utilized a centralized exchange account linked to his actual identity to finance the market.

OpSec Error

The individual who ridiculed users for inadequate security was ultimately apprehended due to identifiable financial transactions.

The Detention at JFK

In a significant error in judgment, Lin traveled to the United States on May 18, 2024, just weeks after initiating his extortion campaign. He was apprehended by HSI agents at JFK Airport.

Final Thoughts

Rui-Siang Lin's decline was orchestrated by his own arrogance. The effort to demean and exploit his users transformed a prosperous heist into a federal indictment.

References

United States Department of Justice, Krebs on Security, Wired, Leafie.