To most users, one of the greatest mysteries of the internet is the existence of the dark web. It’s a place where criminals live and thrive–where illegal and immoral services are made readily available. Under this knowledge, most conclude that the dark web market is unorganized, consisting of scattered sellers in dingy basements looking to make quick money. The reality, however, is far more corporate and ruthlessly efficient. An estimated $1.5 billion dollars to $3.2 billion flows through the dark web each year, all from selling illegal products and services. The business model that top marketplaces follow does not deviate from those on the clearnet. Prices are dictated by the laws of supply and demand, vendors have reputation scores, and a organizational hierarchy to ensure the business functions properly. Site administrators oversee this model, and depending on the marketplace, manage who gets access and who does not through a vetting process.
The items and services sold range from “Fullz” (information package of confidential information of a real person), illicit drugs, and violent services, to handcrafted malware and zero-days for threat actors. The list below contains current dark web commodities, their corresponding market valuations based on aggregated 2025–2026 threat intelligence data, and the context of their use cases.
Personal Identity (PII)
- Basic PII (<$15): Bulk acquisitions of names, phone numbers, and emails. Primarily used for mass phishing campaigns and populating credential stuffing dictionaries for automated attacks.
- SSN (US) $1 - $6: Oversupply from historic data breaches keeps individual SSN prices low. Used as a foundational data for synthetic identity creation and basic fraud.
- “Fullz” (US Identity Package) ($20.00 – $100.00+): Complete identity packages containing a Name, SSN, Date of Birth, and Address. Deployed for comprehensive account takeover (ATO), tax fraud, and opening fraudulent lines of credit.
- Scanned Passport / Driver’s License ($70.00 – $165.00): High-resolution document scans leveraged to bypass stringent Know Your Customer (KYC) regulations on financial platforms and cryptocurrency exchanges.
- Complete Medical Record (Up to $500.00+): Highly sensitive records containing immutable biological, historical, and demographic data. Weaponized for complex insurance fraud schemes and targeted, high-yield blackmail.
Financial Access
- Credit Card (Standard w/ CVV) ($10.00 – $40.00): Acquired via digital skimmers, physically breached payment processors, or from credential leaks. Values degrade rapidly once the card is flagged by bank fraud detection algorithms.
- Credit Card (Verified >$5k Limit) ($110.00 – $120.00): Premium tier cards validated through underground “card-testing” services. Enables immediate, high-value fraudulent purchases or direct money laundering.
- Online Bank Login (Low Balance) ($200.00 – $500.00): Direct portal access. Prices scale proportionally to the verified account balance; low-balance accounts are often used as disposable mule accounts for layering illicit funds.
- Online Bank Login (High Balance) ($1,000.00 – $2,000.00+): High-balance credentials (>$100k) allow for massive, immediate fund exfiltration via automated wire transfers before heuristic detection mechanisms trigger.
- Verified Crypto Account (e.g., Kraken) (Up to $1,170.00): Pre-verified accounts with high KYC clearance levels. Highly prized for the untraceable liquidation, mixing, and laundering of ransomware extortion proceeds.
Corporate Access (IAB)
- Basic User / VPN Credentials ($50.00 – $1,000.00): Allows direct entry into corporate environments. Often acquired via brute force or infostealer logs. The primary entry vector for standard lateral movement and persistence. Price often determined by level of access or relevance to target.
- Domain Admin / Cloud Admin Access ($10,000.00 – $50,000.00+): Credentials with the highest administrative and network control access, allowing threat actors to disable endpoint telemetry, exfiltrate entire databases, and deploy ransomware at large scale.
Malware & Tools
- Infostealer Subscription (e.g., Lumma) (~$1,024.00 Monthly): Malware-as-a-Service (MaaS) model. Silently extracts credentials, financial data, and highly valuable browser session cookies to bypass 2FA protections.
- Ransomware-as-a-Service (RaaS) (20-30% Profit Split): An affiliate-based model orchestrated in the private core of the dark web. The RaaS developer receives a 20-30% cut of the ransom payment, while the affiliate takes the majority share.
- DDoS Attack Service (24hr) (~$45.00): Commoditized botnet rental. Utilized to extort unprotected domains, distract security teams during a secondary data exfiltration breach, or disable competitors.
- General Exploit Listings ($100.00 – $200,000.00): Pricing ranges wildly based on target prevalence. Often packaged with payload templates for mid-tier operators lacking technical skill.
- Zero-Day Vulnerability (Enterprise) ($80,000.00 – $200,000.00+): Premium, undisclosed software flaws. For example, a reliable WinRAR zero-day listed at $80k due to the software’s massive legacy installation base and high reliability among consumers.
Market Operations
- Mandatory Vendor License / Bond (~$3,000.00): The cost of doing business. Implemented by 77% of marketplaces to act as a financial security bond and ensure vendor commitment to the platform’s anti-scam rules.
