Dark Web Red Rooms: Myth, Scam, or Reality?

Red Rooms are probably the most disturbing legend of the dark web. According to the narrative repeated in hundreds of YouTube videos, they are virtual rooms where spectators pay in Bitcoin to watch live acts of torture inflicted on victims — and can even request specific acts through an interactive chat. The image is disturbing enough to leave a lasting impression on the collective imagination. The question that keeps coming up: is it true? This article reviews the state of the evidence, what documented judicial investigations show, and the technical reasons why this scenario is practically impossible.

Let us state our position upfront: Red Rooms as described in the media mythology do not exist. This does not mean the dark web is free of real and serious criminal activity, but those activities do not resemble the image being sold. This article does not minimize the reality of cybercrime; it simply separates fact from fiction.

⚫ Filtered page. The full catalogue is on Tor. Tor access →

What the Red Room legend actually says

The typical narrative, as it circulates on YouTube and in forums, comes in several variants but shares a few constant elements. A Red Room is said to be a private .onion site, accessible by invitation or after a substantial payment (several Bitcoins). Once connected, the viewer accesses a live video feed. In the most extreme versions, viewers can "order" acts through a chat, with each command added to a Bitcoin-denominated bill. Victims are generally described as people who have been kidnapped and held in clandestine locations.

The name "Red Room" refers to the color of blood, and sometimes to a series of fictional horror videos that circulated on the Japanese web in the 2000s. In popular culture, several films (like Hostel, 2005) have popularized the idea of "elite clubs" paying to witness violent acts, creating a narrative soil in which the Red Room myth took root.

The origin of the myth

The Red Room myth predates the dark web itself. References to "red rooms" can be found on the Japanese web as early as the late 1990s, in the form of creepypasta — digital horror stories shared on forums. With the emergence of the Tor network in 2004 and the growth of the dark web, the myth reactivated and adapted: Red Rooms became a supposed element of the .onion ecosystem.

Several media events helped cement the myth in the contemporary imagination. In 2015, the arrest of Peter Scully in the Philippines made headlines: he was accused of producing and selling videos of child abuse via the dark web. While these cases are real and horrific, they do not match the mythical Red Rooms: they involved pre-recorded videos sold on demand, not live interactive broadcasts. The media confusion between these two very different realities fed the popular belief.

More recently, clickbait YouTube videos about the dark web, which have racked up millions of views since the mid-2010s, widely disseminated the Red Room concept to a general audience. Creators such as Reignbot, Nexpo, and many others have dedicated hours of content to the subject — sometimes debunking it, sometimes preserving the mystery.

Why it is technically near-impossible

Beyond the ethical and judicial aspects, several technical arguments make Red Rooms as described practically impossible to operate on the Tor network.

Tor's bandwidth and latency

The Tor network was designed for anonymity, not for performance. Its architecture routes all traffic through at least three geographically distributed relays, inevitably adding latency and reducing available bandwidth. Tor Project measurements show average latencies of 200 to 2,000 milliseconds, compared to 10–50 ms on a direct connection. Throughput is limited to a few Mbps per circuit, often less.

Live video streaming at a quality usable for "ordering acts in real time" requires latency below 200 ms and a stable throughput of at least 2–3 Mbps. These requirements are incompatible with Tor's infrastructure. The few streaming experiments on Tor (such as Deep Web Radio for audio) rely on significant buffering, which fundamentally breaks the interactive concept of a Red Room.

Operational risks for the organizer

A hypothetical Red Room would require kidnapping victims, holding them at a physical location, having video streaming equipment, managing cryptocurrency payments, interacting in real time with viewers, and doing all of this without being identified. Each step multiplies the operational risks.

A police investigation could exploit blockchain analysis to trace payments, traffic correlation attacks to identify the server, opsec mistakes in prior communications, or infiltration by "undercover buyers." Honeypot operations have demonstrated that motivated law enforcement can penetrate even very closed circles (Operation Bayonet on Hansa in 2017, Operation Onymous in 2014). No rational criminal organization would take these risks for a product with uncertain real demand and clients who are often amateurs incapable of maintaining their own opsec.

The complete absence of authenticated evidence

After more than a decade of the supposed existence of Red Rooms and despite thousands of police investigations on the dark web, no authentic Red Room has ever been documented. Not a single verifiable screenshot, not one testimony from a recovered victim, not one arrest of an organizer with live-streaming evidence. The "proofs" presented in YouTube videos are either screenshots of scams (see next section), Photoshopped fabrications, or staged productions.

Documented scams: Besa Mafia and its successors

What does genuinely exist — and thrives on morbid fascination — are scams that present themselves as Red Rooms or hitman services. The best-documented case is that of Besa Mafia, studied in detail by investigative journalist Eileen Ormsby (author of "The Darkest Web") and researcher Chris Monteiro.

How the Besa Mafia scam worked

Besa Mafia appeared on the dark web around 2015. The site presented itself as an organization of Albanian hitmen offering various services: assassinations, beatings, kidnappings, and in some versions, Red Rooms on demand. Prices ranged from a few thousand to several tens of thousands of dollars in Bitcoin. The site had a relatively professional interface, with a service catalogue, an ordering system, and escrow.

In reality, no service was ever carried out. Besa Mafia was a pure scam: operators collected Bitcoin payments and disappeared with the money, delivering nothing. Over the years, the site extracted the equivalent of several hundred thousand dollars from gullible and ill-intentioned clients. When clients complained, operators invented excuses (mission failure, too much police presence, etc.) to justify the lack of results and sometimes extort additional payments.

Clients who were arrested

The major irony of Besa Mafia is that its clients were arrested, even though no physical victim had ever been threatened. Several high-profile cases are documented: spouses in the midst of divorce proceedings who had ordered their partner's murder, professional rivals, separated parents. Investigators reconstructed the exchanges from Besa Mafia's seized servers and Bitcoin transactions, then identified the perpetrators through their opsec mistakes (emails, postal addresses provided for "target identification proofs").

A notable American case involved Beau Brigham, who had paid the equivalent of several thousand dollars to Besa Mafia to have his father assassinated. Sentenced to ten years in prison in 2017 for solicitation of murder, his case served as a widely publicized warning: the site may have been fake, but the client's criminal intent was real and judicially punishable.

The successors

Besa Mafia was shut down, then mutated under various names: Cosa Nostra International, Hitman Network, Camorra Hitmen, and others. All operate on the same model: a professional interface, fantastic services advertised, Bitcoin payment, zero execution. Chris Monteiro has maintained a detailed census of these sites on his blog "Pirate.London" for years. He estimates that the combined market for these scams represents several million dollars extracted from clients who, in nearly every case, deserve to be prosecuted for their orders even if they were never carried out.

What Europol and Interpol investigations say

International law enforcement agencies that track cybercrime regularly publish detailed reports on dark web threats. Europol's IOCTA (Internet Organised Crime Threat Assessment) report, updated annually, is the European reference. Interpol also publishes global analyses via its Cybercrime Directorate.

None of these reports mention Red Rooms as an active or documented threat. The categories of cybercrime actually being tracked include: ransomware (such as LockBit, BlackCat, Conti), financial fraud, data theft, drug trafficking on marketplaces, cryptocurrency money laundering, and child exploitation networks that distribute pre-recorded material (never live streaming). These threats are real, serious, and actively combated — but they have none of the theatricality of media-style Red Rooms.

When investigators are asked about Red Rooms by journalists, their response is consistently skeptical. The former head of the FBI's cybercrime section, for example, has publicly stated on multiple occasions that he has never encountered an authenticated Red Room case in his career. University researchers studying the dark web (such as those from King's College London, Princeton, and the University of Cambridge) reach the same conclusions.

Real cybercrime on the dark web

Debunking Red Rooms should not cause us to forget that the dark web does host genuinely real criminal activities. It is important to distinguish between sensational threats that do not exist and less spectacular but authentic ones.

Among documented and actively combated criminal activities: drug marketplaces (historically Silk Road, today various platforms that emerge and disappear), sales of personal data from hacks (credential databases, credit card numbers), hacking-for-hire services (mostly scams, but some are real), weapons and fake document sales, and forums discussing illegal activities.

Child exploitation networks represent the most serious and disturbing threat. Unlike mythical Red Rooms, they operate through private invitation-only forums, file-sharing servers, and do not broadcast live. Europol, the UK's NCA, the FBI, and European national police forces devote considerable resources to dismantling them. Operations such as Operation Endgame and Operation Onymous have regularly led to international arrests.

Why so many people search for Red Rooms

A phenomenon worth reflecting on: despite the complete absence of evidence for their existence, millions of people type queries like "red room dark web," "how to access red room," and "red room bitcoin" every month. The searches come from very diverse profiles, a majority of whom probably have no criminal intent but are giving in to morbid fascination or simple curiosity.

This curiosity is problematic for several reasons. It sustains the scam ecosystem (Besa Mafia and its successors thrive on this demand). It feeds the revenue of YouTube creators who produce sensationalist content, reinforcing the myth. And it can expose the most credulous individuals to police honeypots or more personal scams (fraud, blackmail).

The best stance toward this fascination is probably informed curiosity. Understanding that Red Rooms do not exist, knowing why, being aware of the scams that exploit the myth: this is a form of digital hygiene that protects both against fraud and against the legal consequences of overly enthusiastic searching.

Key takeaways

Dark web Red Rooms, as described in YouTube videos and viral narratives, do not exist. No technical, documentary, or judicial evidence attests that a single authentic Red Room has ever operated. The technical arguments (bandwidth, latency, operational risks) make the concept practically impossible to implement on Tor. Cases presented as "proof" are invariably documented scams, confusions with other real crimes, or narrative fabrications created to monetize attention.

What does exist, however, are the scams that exploit the myth (Besa Mafia and its lineage), which collect millions of dollars from gullible and sometimes ill-intentioned clients. These clients are identified and prosecuted for solicitation of criminal acts, even when the site they used was entirely fictitious. Justice, on this subject, does not always distinguish between intention and execution.

To go deeper into the systematic debunking of other dark web myths, see our pillar article on 50 debunked myths, which covers fifty misconceptions with a verdict and explanation for each. Our article on Mariana's Web dismantles the other major dark web legend, that of "hidden levels." And for an overview of the most commonly asked questions, the unusual FAQ answers fifty common queries.

Red Rooms FAQ

Do Red Rooms actually exist?
No. No authentic Red Room has ever been documented by cybersecurity researchers, investigative journalists, or international law enforcement agencies such as Europol or Interpol. Claims of live broadcasts of torture in exchange for Bitcoin payments are unanimously identified as scams — some of which have extracted hundreds of thousands of dollars from gullible and ill-intentioned clients.
Why does Tor make a Red Room technically impossible?
The Tor network's bandwidth is too low and its latency too high to sustain live video streaming at a usable quality. A latency of 500 ms to 2 seconds is normal on Tor, compared to 10–50 ms on a standard connection. Broadcasting video in real time typically requires latency below 200 ms. The few streaming experiments on Tor (audio radio, for instance) rely on large buffers, which is fundamentally incompatible with the interactive 'Red Room' concept.
What is the Besa Mafia scam?
Besa Mafia was a .onion site that claimed to offer services of Albanian hitmen and Red Rooms. Documented in detail by journalists Eileen Ormsby and Chris Monteiro, the site collected the equivalent of several hundred thousand dollars in Bitcoin between 2015 and 2017. No 'service' was ever carried out: it was a complete scam. Several clients were identified and arrested for conspiracy to commit murder.
Are there real criminal activities on the dark web?
Yes, real criminal activities do exist on the dark web: various trafficking, fraud, personal data breaches, computer hacking, and certain child exploitation networks. These activities are actively tracked by Europol, Interpol, and national police forces. But these real activities look nothing like the media image of Red Rooms: they take place via text exchanges, file transfers, and marketplaces — not live broadcasts.
Who produces the videos claiming to show Red Rooms?
The YouTube videos claiming to show authentic Red Room screenshots are content produced to generate views and advertising revenue. The 'visual evidence' is invariably staged — fabricated interfaces, scrolling text on black backgrounds, or screenshots of scams like Besa Mafia presented without context. Not one has ever been authenticated by independent researchers.
What should I do if I come across a site claiming to be a Red Room?
Close the page immediately, do not follow any links, and never pay anything. If the site appears to offer real criminal content (even if fictitious to you), report it to your national cybercrime reporting platform. Your report is anonymous and helps investigators. Do not try to investigate yourself: some 'Red Rooms' are actually honeypots operated by law enforcement, and showing active interest in them may attract their attention.