Stolen gift cards, hacked login credentials, copyrighted books, and email and password lists are available for purchase on Bitify. Open the site and browse—these aren't hidden on some darknet successo
Stolen gift cards, hacked login credentials, copyrighted books, and email and password lists are available for purchase on Bitify. Open the site and browse—these aren't hidden on some darknet successor to Silk Road. They're listed for sale on the regular internet. Bitify calls itself "the world's largest Bitcoin Marketplace and Auction site" and promotes a strong escrow system that protects transaction participants from fraud. The platform's response to illegal merchandise appears far less thorough.
Browsing Bitify's listings at the time of publication revealed Potbelly gift cards worth $50 selling for $5. BlazePizza cards worth $100 moved for $10. WhichWich cards worth $20 went for $7. These cards were obtained through crime. Gift card resale markets do exist—people sell unwanted gifts to strangers. But standard pricing doesn't work this way. Legitimate gift card resellers offer 3-20% discounts off face value. Bitify cards sold at 80-90% off. These discount levels signal stolen merchandise.
Criminals source stolen gift cards three different ways. Method one uses a stolen credit card or hacked PayPal account to buy cards in the first place, then resells them on resale sites for cash. Method two involves thieves visiting stores, recording card numbers and PINs from unsold inventory, replacing the security stickers, and waiting for customers to activate them. Software monitors when stolen cards activate, and the credentials hit resale sites within hours. Method three deploys botnet code that runs thousands of card number and PIN combinations against company websites until valid, funded cards emerge. Those cards also reach resale sites.
Several indicators confirm these cards were stolen. Sellers instruct buyers to spend their purchases without delay. If the original cardholder empties the balance first, the Bitify buyer's funds vanish. Transfers to new cards can be reversed if the legitimate owner contacts the card issuer. Other Bitify sellers market tutorials on "cleaning" gift cards obtained on Bitify and similar platforms. The technique's efficacy remains unknown, but offering such tutorials means everyone participating understands what's occurring.
Beyond gift cards, the platform sells stolen credentials and account access. Email and password combinations get listed. Credit card numbers get posted. Steam gaming logins appear in bulk. Copyrighted material moves through the marketplace—unauthorized ebook sellers undercutting legitimate publishers by vast margins. Premium subscription accounts get peddled—NBA League Pass, HBO Go, Netflix access. The sales patterns don't match account sharing. Sellers move multiple subscriptions across the site. They guarantee replacement accounts if a buyer gets locked out. They advise customers to use VPNs. These aren't the actions of someone sharing their own Netflix account with friends.
Bitify's leadership responded when contacted about these listings. Ahmad Aoun, the CEO and founder, sent this statement: "We are very cooperative when companies contact us to take listings they believe infringe on their copyrights and/or licenses. We try to maintain a trustworthy site, but we do miss some listings due to the nature of the marketplace. We only allow listing of gift cards by verified users so that our buyers and Bitify are protected. We are looking into implementing a feature where sellers will be able to upload gift card credit on the site and the credit would get checked with the source of the card through an API. We hope this will eliminate or at least reduce any chances of suspicious cards. Netflix and NBA accounts seem to be shared accounts rather than hacked. I'm not entirely sure how the accounts can be shared as I'm in Australia and most accounts seem to be American, but from my understanding, a single account can be shared between multiple people to stream at the same time. At least my Netflix AU account allows that (up to 4 devices if I'm not wrong). As for Windows keys and licenses, they are not hacked licensing. I had personally approached two large sellers and inquired about the source of the keys and they explained the are bulk enterprise keys, hence the cheap price."
Aoun may be correct about the Windows keys. Bulk enterprise licenses sell on eBay for similar prices. His claim about account sharing doesn't survive scrutiny. Most streaming services ban account sharing in their terms. Accounts get suspended when discovered sharing. The bigger problem: Aoun's explanation doesn't describe what these sellers are selling. They market "lifetime" access to accounts. They guarantee new accounts when buyers face lockouts. A person sharing their own Netflix subscription wouldn't operate that way.
On gift cards, Aoun sidesteps the central problem. Verifying sellers does nothing to verify card sources. An API system would need to compare the credit card used to purchase the card against the Bitify seller profile—and payment networks won't provide that data to Bitify. This safeguard doesn't exist.
The marketplace also features items in hazy ethical territory. One seller advertises a turnkey ICO package—a prebuilt website and coin for launching an initial coin offering "with no coding experience." Creating ICOs violates no laws. The ICO industry swarms with scams. Services that simplify ICO launches compound the problem and damage Bitcoin's reputation.
Bitify offers a reporting mechanism for suspected violations. Testing showed that a password and email listing disappeared after two days. New listings for stolen credentials kept appearing. Bitify doesn't directly sell these goods, which may offer legal protection. Legal history cuts against this assumption. The Napster case and the Silk Road prosecution both established that authorities hold marketplace operators responsible for the actions of their users. Bitify may be Bitcoin's largest peer-to-peer marketplace, but what's for sale there reflects serious failures in content oversight.
