[peaches-grow]

My first thought as well.

Furthermore, in order to lower the risk of anyone detecting this here's something the LEO could do:

1. They seize control of the servers.

2. They make note of who is an existing user and keep serving them the real PGP keys of other pre-existing users.

3. For anyone who registers after the point in time where LEO controls the servers, replace the PGP keys of sellers and also the keys of these new users with MITM key pairs.

Then when they run the site for a month as they did and they have the influx of users they got from AlphaBay, they will have plenty of evidence on all of the sellers that are active during that period of time due to there being so many new users all of whom you are MITMing, regardless of whether the sellers are new or old because the old sellers are also being MITMed in all exchanges they have with new users.

The sellers were the primary target of interest, so the LEO got what they wanted.

All of what I said is just something they could have done though. Not saying that it's what they actually did.

[pessimizer]

The impression that I get is that after they busted Alphabay, they nabbed a number of sellers and possibly some large buyers, who were held incommunicado. When there was a big migration from Alphabay to Hansa of both customers and sellers, there was an opportunity to set up many of those sellers' entire presence from scratch there. So it wasn't just the site that was compromised, but many of the largest individual sellers themselves, physically.

Of course, I know nothing and have just heard of either of those sites this morning.