Darknet Marketplace Snapshot Series: B1ack’s Stash

March 25, 2025

In DarkOwl’s Darknet Marketplace Snapshot blog series, our researchers provide short-form insight into a variety of darknet marketplaces: looking for trends, exploring new marketplaces, examining admin and vendor activities, and offering a host of insights into this transient and often criminal corner of the internet. This edition features B1ack’s Stash.

B1ack’s Stash is a dark web carding marketplace that specializes in the distribution of stolen credit and debit card information. Emerging on April 30, 2024, it quickly gained notoriety by releasing 1 million stolen payment card details for free, a strategy aimed at attracting cybercriminals to its platform. The market sells credit card information to users occasionally shares free credit card dumps (as seen below). In this blog, DarkOwl analysts take a deep dive into the market, how it operates and what the reaction to the site has been on the dark web.  

B1ack’s Stash Emerges with its Free CC Dump in April 2024 

According to DarkOwl Vision, B1ack’s Stash began advertising its websites and free credit card information across well-known dark web forums between the spring and summer of 2024, including XSS, Exploit, Verified, Club2CRD, WWH Club, and ASCarding. The site then released several “dumps” claiming to contain credit card information.  

Figure 1: Screenshots of B1ack’s Stash advertisements

The technique of making free data available to promote a site is nothing new, other well-known carding marketplaces, such as BidenCash and Joker’s Stash, operate similarly. However, they are not assessed to be directly related. 

Joker’s Stash was one of the largest and most infamous dark web carding marketplaces, operating from around 2014 until it voluntarily shut down in early 2021. It was known for selling high-quality stolen payment card details and used blockchain-based domains to evade law enforcement. The closure of Joker’s Stash left a gap in the cybercriminal ecosystem, which was later filled by other marketplaces. 

B1ack’s Stash, on the other hand, emerged in 2024 and quickly gained attention by releasing millions of stolen credit card details for free—a tactic often used to attract cybercriminals. While it shares a similar purpose with Joker’s Stash, there is no confirmed connection between the two. 

While B1ack’s Stash may seek to capitalize on Joker’s Stash’s legacy, evidence suggests it operates independently rather than as a direct successor. 

B1ack’s Stash Reappears in the Media (February 2025)  

In a more recent development, on February 19, 2025, B1ack’s Stash escalated its operations by claiming to leak an additional 4 million stolen credit card details for free. This massive data dump was publicized on underground cybercriminal forums like XSS and Exploit, serving both as a marketing tactic and a means to establish credibility within the cybercrime community. 

Figure 2: XSS screenshot courtesy of security affairs

The leaked data encompasses a wide array of sensitive information, including: 

  • Primary Account Numbers (PANs) 
  • Expiration dates 
  • CVV2 codes 
  • Cardholders’ personal details 
  • Email addresses 
  • IP addresses 
  • User-Agent strings 

According to a blog by SOCRadar, the release of such comprehensive data poses significant risks, including financial fraud and identity theft. This data enables cybercriminals to commit fraud, resell stolen credentials, and facilitate identity theft. 

The following screenshot from DarkOwl’s Vision UI provides an example of sensitive data exposed in B1ack’s Stash’s recent free credit card dump. It shows PII such as: Name, DOB, email, CCN, CVV, Expiration, Address, and IP. 

Figure 3: Screenshot of Feb 2025 Freebie CC Dump

This incident underscores the persistent threat posed by dark web marketplaces like B1ack’s Stash, highlighting the critical need for enhanced cybersecurity measures to protect both individuals and organizations from such illicit activities. 

B1ack’s Stash’s Darknet Footprint 

While B1ack’s Stash has been most active on XSS since April 2024, it has also heavily advertised itself on Exploit, Verified, Club2CRD, WWH Club, ASCarding, and likely other forums. It also maintains a popular Telegram channel with 2,755 subscribers. 

Exploit: 

  • Free 1 million CCs release advertisement and various dead download URLs, which were reportedly active at the time of the post on April 30, 2024.  
Figure 4: Screenshot of B1ack’s Stash Free CCN Dump in 2024 on Exploit

Verified: 

  • The following B1ack’s Stash advertisement was originally posted on the popular hacking forum, Verified, on April 17, 2024, but still is a popular thread on the forum. 
Figure 5: Screenshot of B1ack’s Stash Verified Advertisement

Club2CRD: 

  • Same content as above verified advertisement, which was originally posted on the popular credit card fraud forum, Club2CRD, on April 16, 2024.  
Figure 6: Screenshot of B1ack’s Stash Club2CRD Advertisement

WWH Club:  

  • The following post appeared on the popular Russian language credit card fraud forum, WWH Club, on June 12, 2024. Its content is identical as the content posted on other forums. However, the second below screenshot shows additional information that was not previously shared. Details like the database name, country list, PII type, validity rate, and its refund policy. 
Figures 7 & 8: Screenshot of B1ack’s Stash WWH Club Advertisement

ASCarding:  

  • Same content as above. This B1ack’s Stash advertisement also appeared on the popular credit card fraud forum, ASCarding, on April 17, 2024.  
Figure 9: B1ack’s Stash ASCarding Advertisement

Telegram

B1ack’s Stash also has a presence on the popular messaging app, Telegram. Its official Telegram channel has 2,755 subscribers and occasionally posts advertisements for selling credit card data.  

Figure 10: B1ack’s Stash Telegram Account 

Their official TG account posts in English and Russian. The below post is related to their “4 million free cc release” from February 2025.  

Figure 11: Screenshot from B1ack’s Stash Telegram Account 

Community Reactions: Is B1ack’s Stash Legit? 

B1ack’s Stash’s sudden rise in popularity has been met with mixed reactions from dark web users. Most comments range from negative to neutral, while very few users gave clearly positive endorsements based on their site experience. 

On December 27, 2024, a Telegram user on the official channel for the popular carding forum ASCarding questioned whether B1ack’s Stash could be a scam, stating: 

“I got 2 non vbv from b1ack stash a while ago, they didn’t work at first but somehow on the 4 try I think i managed to withdraw 5$, am i doing something wrong or just b1ack stash is shit, i got the proxy in his area on firefox, vpn on whole pc, gmail account on his name, mac changer.” 

Figure 12: Telegram Screenshot from DarkOwl Vision 

DarkOwl analysts discovered a well-known dark web research website called Dark Web Informer, which also mentioned B1ack’s Stash twice on its Telegram channel. 

Dark Web Informer is a cyber threat intelligence platform that provides insights into activities on both the dark web and the surface web. The site covers topics such as data breaches, darknet markets, ransomware incidents, and threat alerts. 

In addition to its main website, Dark Web Informer maintains a presence on several platforms, including GitHub, LinkedIn, and Medium, where it shares cyber threat intelligence information, tools, and articles. Recently, on February 17, 2025, Dark Web Informer claimed that B1ack’s Stash is a “legitimate” fraud site. 

“TheDarkWebInformer wrote: Yes, B1ack Stash is a “legitimate” fraud site. In May of 2024 1 million cards were leaked for free.” 

Figure 13: Telegram Screenshot from DarkOwl Vision

Conclusion 

B1ack’s Stash’s emergence and rapid growth highlight the ongoing evolution of dark web marketplaces and the persistent threats they pose to global cybersecurity. By strategically releasing millions of stolen credit card details for free, the marketplace has garnered significant attention—both from cybercriminals looking to exploit the data and security researchers tracking its impact. 

 While comparisons have been drawn to now-defunct platforms like Joker’s Stash, B1ack’s Stash appears to be a distinct operation aiming to establish itself as a major player in the underground economy. Its presence across multiple dark web forums, coupled with an active Telegram channel, indicates a calculated effort to build trust and legitimacy within illicit communities. 

 The continuous leaks of sensitive financial data underscore the urgent need for enhanced cybersecurity measures. Organizations must proactively monitor for compromised credentials, implement robust fraud detection systems, and educate users about the risks associated with stolen payment information. As cybercriminal tactics continue to evolve, law enforcement, financial institutions, and cybersecurity professionals must collaborate to anticipate and counter emerging threats in underground marketplaces like B1ack’s Stash. 

Curious about the darknet? Contact us!

Explore the Products

Button Product Vision
Vision UI ›
Button Product Search
Search API ›
Button Product Entity
Entity API ›
Button Product Score
DarkSonar API ›
Button Product Score
Score API ›
Button Ransomware API
Ransomware API ›
Button Product Datafeeds
Datafeeds ›

See why DarkOwl is the Leader in Darknet Data

Get a Demo
Get a Demo

Products

Services

Use Cases

Company

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.