Top 7 Most Notorious Darknet Villains in Russia

After the dramatic events of the past summer, the Russian darknet is still recovering. With the closure of the RAMP drug marketplace, some tried to fake a RAMP migration, collect as much money as possible, and disappear, while others spun conspiracy theories. The Russian darknet became filled with rumors and, almost unanimously, chose seven semi-mythical figures as its main characters. Read below to learn how these legends came to be.

How the Russian Darknet Changed

Following a series of arrests and shutdowns, the landscape of the Russian drug market changed drastically. In July of that year, within just one week, the largest domestic drug marketplace RAMP ceased operations, the Rutor forum disappeared, the biggest BTC-e exchange and the largest bitcoin mixer were closed. The BTC-e administrator was arrested in Greece.

Immediately, false prophets and scammers appeared, aiming to capture the attention of darknet users involved in illegal activities. In the chaos, users created a host of dark entities, some of which seemed to materialize.

1. Existence

Existence was a former RAMP administrator who resolved disputes between sellers and buyers. Before the platform fell, he lost his PGP key, as his associates warned. Since then, Existence likely became someone else. He allegedly started working on launching RAMP 2.0, while couriers, dealers, and growers flooded local forums with panicked messages about the system being stolen.

RAMP 2.0 launched, but entering the business turned out to be not so much dangerous as unprofitable due to fierce competition among the remaining dealers. Existence used his old, stolen key to invite major dealers to the new platform, then disappeared with the domain and a pile of deposits. Users and dealers were left to watch the fallout and try to identify the scammers. The whole crypto-madness looked almost charming—like an 8-bit Tarantino movie, where crooks fighting other crooks for money sometimes seem like knights of the free web, but act just like the snake and the toad in the old Russian saying.

Recently, someone named Becon contacted the editorial team, claiming to have worked closely with Existence and to have been good friends. Their conversations, which took place over Jabber, covered not only work but also personal topics. However, Becon admitted to being an active user of the notorious PlayPen site, which was the world’s largest repository of child pornography. The RuOnion site administration has always stated a strong negative stance against pedophiles and never adds such sites to their onion catalog, regardless of money or other benefits.

When asked why Becon was sharing this information about both himself and his supposed friend, he said he would change his nickname and live quietly, but since Existence scammed him out of money, he would do everything possible to ruin Existence’s reputation forever.

Part of their chat included disturbing discussions and links, which are not provided here due to their offensive nature.

The community monitored forums, waiting for a sign from the much-hated Existence, whoever he was. Shortly after RAMP’s fall, a user appeared on a crypto forum looking for a middleman to sell 10,000 bitcoins for cash—about 1.65 billion rubles at the time. But no clear signs followed.

2. Sber

As Existence became as popular as Michael Jackson in the Tor world, with a loyal base of haters, a new villain emerged—Sber (also known as CTS, Gazprom, Azbuka Vkusa, Starbadz, Dom-2, and thousands of other names), or simply Narek Surikovich Najaryan, born in 1990. This hacker understood too much—an ideal sociopath raised without any ethical boundaries.

Unmasking someone in the darknet is risky: first you deanonymize someone, then you get deanonymized yourself. But Sber made doxing his trademark. He would expose the data of former associates and business partners. The strange names Sber used were the names of unreliable shops with bad reputations, which he allegedly ran on RAMP. Najaryan would create shops with similar names, promote them, and shut them down after the first big order, then repeat the process.

When RAMP 2.0 went offline, Sber made his move. He robbed all registered users and took personal data, some of which matched users from the original RAMP. Users noted that money was being stolen from wallets by substituting addresses in their accounts. When the site went down, Sber was blamed for both the collapse of RAMP 2.0 and the theft of Existence’s key.

Soon after, Sber publicly accused his former employee and police officer Ilya of being behind the RAMP reincarnation scam, even posting his passport online. This public doxing led to a flood of accusations from all sides. Users saw Sber’s style in every dealer. There were rumors that the creator of the Zanzi instant darknet shop system tried to buy the outdated RAMP 2.0 for 2 million rubles, but was scammed by the (fake) Existence.

Later, one of the old RAMP admins, Lizard01, confirmed that Existence was real, just not trustworthy, and that the Zanzi buyer was a virtual persona. This clone attack confused everyone. The only safe conclusion: Sber is not just one Narek, but an organized and well-protected group of skilled scammers.

3. Sleepwalker

This hacker started by consulting on anonymity and experimenting with creating virtual identities. Later, he took responsibility for the collapse of the now-defunct Amberoad marketplace. In reality, he was the technical director of Runion. When the administration left the project in 2017, he was left alone and let the platform fall apart.

After that, he began acting erratically—aggressively trying to dominate the market and destroy everything around him. In one case, a potential client who needed a hacker contacted him through an unsecured email, and Sleepwalker published his personal data. More recently, out of anger and frustration, he did the same to a dealer trying to start a business on the instant shop platform he developed.

4. Zed

Zed was the administrator of the old Runion darknet forum, who started by promoting libertarian ideas and the image of a warrior for good against all things repressive and profit-driven. But after the RAMP shutdown, he announced a new marketplace within Runion, collected deposits, and disappeared for a month, claiming a DDoS attack. He later returned to ask for more money.

Zed became hated, and users called for a boycott of the forum, which now contains little more than hacking guides, VK page hacks, and a crowd of teenagers.

Nikkon, Zed’s associate, moderator, and guarantor, was responsible for turning Runion into a manual for police cybercrime units. He became known for scamming forum users out of $1,500, extorting money, and cheating visitors to carding forums.

5. OXID

OXID, a “promising” hitman who claimed to control his emotions, posted an ad detailing his services. Serious criminals never advertise themselves—this is an unspoken darknet rule. In other words, posts like “I’ll kill quickly” or “I’ll sell a lot” are pure scams.

OXID was a newcomer who wanted to become a darknet hero. His ability to write and express himself attracted attention. He admitted he had never worked as a hitman but was ready to kill, deciding for himself where and how. He wanted to appear humane and refused to harm women or children.

This sparked the usual debate: anonymous users demanded proof and blood. OXID claimed he could “shoot through a skull,” but said he wouldn’t show it to anyone.

Conclusion

The Russian darknet is a world of rumors, scams, and ever-changing legends. These seven figures—whether real, fake, or somewhere in between—have become the most notorious villains in the Russian darknet’s recent history.