Nemesis: A Dark Web Giant Built on Drugs, Fraud, and Ransomware

Nemesis was one of the most recognizable darknet marketplaces, launched in 2021 and serving as a major hub for trading drugs (including fentanyl and synthetic opioids), stolen data, forged documents, ransomware, and DDoS services.
At its peak, Nemesis reached over 150,000 active users and more than 1,100 vendors, many of them based in Germany.
In narcotics alone, the platform surpassed 30 million dollars in revenue.

Nemesis incorporated several mechanisms designed to obscure the origin and destination of funds, making financial tracking extremely difficult.
These included built-in mixing services to blend transactions, multi-signature payments for added security and complexity, and internal crypto conversion options, all of which contributed to a thick veil of anonymity around every deal.

The Iranian Operator Behind the Marketplace

The owner of Nemesis, Behrouz Prasad, an Iranian national, collected a commission from every transaction and maintained full control over the platform and its wallets.
He went even further by offering dedicated crypto laundering services to drug traffickers and cybercriminals who relied on Nemesis as part of their wider operations.

A joint intelligence operation involving Germany, Lithuania, and the United States gathered extensive intelligence that eventually led to the discovery sealing Prasad’s fate.

The OPSEC Mistake That Exposed Everything

An OSINT investigation uncovered a critical link.
Prasad used identical passwords on two unrelated services: the Bitfinex cryptocurrency exchange, where wallet addresses tied to Nemesis operated, and the administrator account on Nemesis itself.

Matching passwords across accounts is common, but when the password is as unusual as “behrouP.3456abCdeFj”, it becomes a flashing red warning sign for any experienced investigator.

Further analysis using blockchain tracing platforms exposed IP addresses and usernames belonging to Prasad, who had committed one of the most classic OPSEC failures in cybercrime: password reuse.

The pile of evidence grew until, on March 20, 2024, special forces from multiple intelligence agencies raided his home and arrested him.
All Nemesis servers were seized in the operation.

Following the arrest and the evidence discovered, the US Department of the Treasury imposed sanctions on Prasad, including full asset seizure in the United States and a complete prohibition on any business or financial dealings with him.

DarkSignal’s Closing Thoughts

Time and time again, we see major operators who run multimillion-dollar criminal infrastructures, violate federal laws, and risk decades in prison, ultimately falling because of a simple OPSEC slip.
Intelligence agencies count on these mistakes, just as they did with Ross Ulbricht, with Prasad, and with many others.

Who will make the next mistake?