I'm a programmer that mostly uses PHP / Python. Months before AlphaBay was shut down, I was learning the Magento framework, an enterprise-grade platform for building marketplaces. When I was learning Magento, I thought it looked awfully familiar to a site I frequently liked to use - AlphaBay. I went to AlphaBay's forums and inspected the CSS, and I was right; some of the CSS classes were identical to the ones used in Magento. Fast forward a few months later to April 2017, and a major security headline was that over 200k Magento merchants were compromised with a remote code execution vulnerability.
In Cazes indictment that was published by the feds, we learned that he used the email address 'pimp_alex-91@hotmail.com' to send out a welcome email in the early days of AlphaBay. Before Cazes was arrested, the feds used a remote command exploit to shut down the servers, so the Thai police could raid him while he was at his computer.
To conclude, a welcome email was never sent out containing Cazes email address. When Cazes was setting up Magento on his server, he had to enter in an email to complete the setup of Magento. Once the feds were in the server with the exploit, they found that email in the source code. They then had to lie in the indictment because they could not say they hacked into the servers, so they said some bullshit about a welcome email (which couldn't be really proven or disproven, if Cazes didn't keep logs).
I did not connect the dots until now, I hope you enjoyed reading.
References:
https://threatpost.com/high-risk-zero-day-leaves-200000-magento-merchants-vulnerable/124965/
https://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Forum example:
https://nestify.io/wp-content/uploads/2016/12/Forums-Magento-Forum-Qualified-Magento-Tips.png
I am a certified Magento 1 and 2 developer(have been a Magento dev for ~5 years and have dropped around $8000 in to those certs) and when I visit a DNM its a hobby to peek at their source. Alphabay did not use Magento for its cart system; the urls were wrong for a Magento system. OP, look at the URL for any magento product and compare that to what they looked like in Alphabay - Alphabay was much shorter - yes you can shorten them using Magentos routing but its unlikely for administrative reasons. Look at the category URLs in Magento, once again they are nothing alike.
Also the resources in the site were not Magento like. Magento caches and stores files in specific places and those URLs were not in the source anywhere. The URL are very noticable when you know what you are looking for, any Magento dev would recognize a Magento template looking at the source. Ex: /pub/static/{cache}/{site}/frontend/{vendor}/{store}/{lang}/{asset} nothing like that existed in Alphabay source code. To change this would require a massive rewrite to the core of the system. This is the killer issue of your theory. To change this would pretty much be a rewrite of Magento as the core depends heavily on this structure and if you know Magento you know this and you know why. The entire system depends on very important URL structures to "fallback" in to the proper content and layout. This URL structure is the bread and butter in the "fallback" system of how Magento works. Without things like store and vendor, Magento implodes. Things like pub, static, and frontend are necessary for Magento, and they just weren't in the source anywhere.
The CSS styles you say you saw were not in the carts section. You may have found them in the forums, but Magento is not a Forum system, those systems in Alphabay were 2 separate systems. Finding a few similar CSS styles in the forums is not finding Magentos actual css styles in their cart such as: product-image-photo, product-item and so on, also finding similar CSS style doesn't mean a lot as "product-item" is VERY generic and could be in any cart system. I actually never went to Alphabays forums so I don't know what they used, but Magento is not a forum system so it doesn't really matter what styles you found in the forums as they would have been 2 different systems and also explains why they had two different logins instead of one - they did not share the same DB for users.
Magentos Checkout Sytem is drastically different than Alphabays flow, they just weren't the same system. Magento would have to create Magento admin accounts for every merchant(which is possible and likely) but I know that merchants in the back end did not get a Magento admin to manage their products. They would have had to rewritten much of the admin system if it was Magento. Ask a vendor on the site if they had to manage attribute sets, store views... The admin in Alphabay was drastically more simplified. Edit: Just to clarify this, I do not know about the Admin of Alphabay, I am talking about how the Vendor Admin of products and fulfillment are handled inside the system. The way Magentos admin works would would not allow for this due to how the DNMs sites checkout and fulfillment works - they are two drastically different "flows" and systems.
I always look to see if a cart is woo, magento, Xcart, OScommerce/zencart, interspire(bigcommerce)... on just about every shop I go to on the internet out of professional curiosity, Alphabay was not Magento 1 or 2. I am 99.9% sure of that - that .1% is if they really did decide to rewrite massive amounts of the core which is just stupid because doing so would mean they could never upgrade their system and any developer knows thats a terrible idea - especially when dealing with a DNM site.
Alphabay looked like a generic cart to me, nothing stuck out to me that made me think it was Magento... If anything I would have said it looked more like ZenCart or Xcart but once again the URL and assets in the source just didn't match up for them either. IMO Magento is a poor choice for a DNM cart anyway - its the most bloated cart you could find. If you arent going to use different store fronts, languages, multiple templates, the advanced product types(grouped, configurables, bundles...) or the ability to extend the Mage object outside of Magento(I didn't see this happen anywhere but maybe it happened in the forums?? Where products able for purchase or review in the forums?) why use Magento at all?
Edit: Spelling, grammar and clarity.