“Where’s the Money?” as Orphaned AlphaBay Users Have Hansa Identity Crisis

There are many things that confuse me about this story despite spending days trying to unravel it. There are many unanswered questions that I have and there are many elements of the “story” that do not make sense to me. I have decided to write them down and see if someone more astute than I am can help me out.

Petra Haandrikman 

On the 17th July 2017, Brian Krebs published Exclusive: Dutch Cops on AlphaBay ‘Refugees’ on the Krebs On Security blog. Mr. Krebs had interviewed Petra Haandrikman, team leader of the Dutch police unit that “infiltrated” HANSA. 

Ms. Haandrikman’s LinkedIn bio reads as follows:

“Experienced Chief Inspector with a demonstrated history of working in the law enforcement industry. Skilled in Crisis Management, Coaching, Public Safety, Government, and Law Enforcement. Strong quality assurance professional graduated from OvD-P (engeland).” [sic]

Ms. Haandrikman does not appear to hold any specific IT or Computer related qualifications but that does not matter to me. You can read her interview with Mr. Krebs for yourself.

What does Ms. Haandrikman call what she did, for between 50 and 100 days, with HANSA?

Is it called surveillance, is it undercover work, is it entrapment, a combination, or is it criminal enterprise, or is it something else?

The official line is that it was the final part of an undercover operation in which the Dutch authorities seized control of the illegal market place in mid to late June following the arrest of two HANSA site admins from Siegen, NorthRhine-Westphalia in Germany.

Did they fulfil or allow the fulfilment of “orders”?

I cannot really find a definitive statement on what they actually did do? Wilbert Paulissen, Head of National Investigation of the Dutch National Police said “these servers and their corresponding infrastructure were seized and an exact copy of the market place was transferred to Dutch servers. Buyers and sellers could still access the darknet site, but without realizing the police and the public prosecution service in the Netherlands had seized control of Hansa.”

Do Ms. Haandrikman and her colleagues, in an effort to “erode confidence” in the criminal community with respect to dark markets, accept that they were active facilitators / actors in the community for between 50 and 100 days? 

As the US Drug Enforcement Agency was closing down AlphaBay, The Dutch National Police were operating HANSA. Mr. Paulissen explained : “The core is that we as the police and the justice department succeeded in taking over the complete website and have total control of Hansa.”. 

The joined up operation was structured so that orphaned AlphaBay users would find a new home at HANSA. The double-whammy of uncertainty that recently orphaned AlphaBay users would feel when they discovered that their new parent HANSA was an impostor would apparently cause large parts of the criminal underworld to have an existential crisis and would result in dark markets going quiet.

What are the actual figures we are talking about in terms of EUROs accounted for by transactions on HANSA from the date that it fell under the complete control of the Dutch authorities?

“Since the end of June, the High Tech Crime Team and the Darkweb Team of the police and the Public Prosecution Service have gained insight into large numbers of sellers and buyers, who traded chiefly in hard drugs. The usernames and passwords were intercepted. On average, 1,000 orders per day were placed in response to almost 40,000 advertisements. Last year, Hansa Market had 1,765 different sellers. Since the authorities seized control of Hansa Market there have been more than 50,000 transactions, mainly involving soft drugs and hard drugs.”

During the period that the Dutch authorities operated HANSA “Accounts with a total of more than 1,000 bitcoins, representing a value of some two million euros, were seized. The bitcoins were transferred to an account of the Public Prosecution Service.”

But an alternative analysis of the figures suggests that orders of potentially up to EUR€50 million could have been placed / fulfilled during the period that HANSA became fully compromised by the Dutch.


  1. How much money / assets were actually seized by the Dutch authorities and in what form – Bitcoins, contraband … – and where are they now?
  2. The exclusive operation by the Dutch authorities of HANSA after they seized the infrastructure following the arrests in Germany was the last part of the operation. But was it the last part of an undercover operation or was it the exclusive running of a criminal network, without the assistance of externals, by a law enforcement agency?
  3. During that period did a law enforcement agency in complete control of a criminal network explicitly allow and facilitate criminal activity?

Answers on a postcard.

References & Other Related Articles

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

Feds Seize AlphaBay and Hansa Markets in Major Dark-Web Bust

Darknet Takedown Authorities Shutter Online Criminal Market AlphaBay


The Biggest Darknet Market on the Deep Web Has Been Shut Down By International Authorities

Alphabay shutdown: Bad boys, bad boys, what you gonna do? Not use your Hotmail… …or the Feds will get you ♪



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s