darknet market versus shuts down after hacker leaks security flaw

​The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers.

When conducting criminal activities online, dark web marketplaces must keep their physical assets hidden; otherwise, their operators risk identification and arrest.

The same applies to the users and vendors, who need to remain anonymous while using these illegal platforms. Anything that undermines trust to protect their info renders the platform extremely risky.

Apparently, after finding these vulnerabilities, the operators of Versus have decided to pull the plug themselves, finding it too risky to continue.

Versus launched three years ago and reached very high popularity in the cybercrime community, offering drugs, coin mixing, hacking services, stolen payment cards, and exfiltrated databases.

darknet market versus shuts down after hacker leaks security flaw

Drug sale listing on Versus for EU-based users (KELA)

Going dark

Last week, a hacker exposed the marketplace’s poor security by leaking a PoC on how to access the file system of the site’s server on Dread, a darknet social media space.

darknet market versus shuts down after hacker leaks security flaw

Hacker mocking Versus security on Dread (KELA)

Versus went offline to conduct a security audit like the site says it has done twice before, following suspicions of severe flaws or even actual hacks.

After they went offline, users became concerned that the Versus was conducting an exit scam, that the FBI had taken over the site, and various typical assumptions that accompany these sudden moves.

darknet market versus shuts down after hacker leaks security flaw

User of popular hacking forum discussing the shutdown

Soon though, the platform’s operators re-emerged to announce that they were shutting down the marketplace.

A staff member who is among the main operators of Versus posted the following PGP-signed message:

“There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability.

After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential IP leak of a single server we used for less than 30 days.

We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption)

Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years.

The message ends with a notice to vendors on the platform, promising to post a link for them to perform transactions without time restrictions, allowing the retrieval of escrow balances.

A turbulent success

Versus was exposed for IP leaks in March 2020 and suffered a massive Bitcoin theft from user wallets in July 2020. In both cases, the platform owned the mistakes and was completely transparent about what happened.

This allowed Versus to continue forward and become a large marketplace in terms of user numbers and transaction volumes. However, the operators probably realized the risk of exposure was too significant to continue.

Whether or not members of the law enforcement have already exploited the existing vulnerability remains to be seen in the weeks/months ahead.

Keyword: Darknet market Versus shuts down after hacker leaks security flaw

TECH'S NEWS RELATED

Ian could become 'catastrophic' Category 4 hurricane. NASA considers stashing rocket

Credit: CC0 Public Domain Tropical Storm Ian was forecast to rapidly gain strength Sunday while racing across the Caribbean toward Cuba and threatening a big hit to Florida’s west coast later in the week. Ian was 540 miles southeast of Cuba early Sunday, cruising northwest at 12 miles an ...

View more: Ian could become 'catastrophic' Category 4 hurricane. NASA considers stashing rocket

Study finds all African carnivores at risk for range loss

Credit: Pixabay/CC0 Public Domain A new Yale School of the Environment-led analysis identifying gaps in maps that help forecast range contractions for African species found that all species studied have a portion of their range at risk and small carnivores warrant more concern. The study, published in Proceedings of ...

View more: Study finds all African carnivores at risk for range loss

Bitcoin Short Investment Funds Hit All-Time High of $172M: CoinShares

The $172 million assets under management in short Bitcoin funds is the highest it's been since the first one launched in January 2020.

View more: Bitcoin Short Investment Funds Hit All-Time High of $172M: CoinShares

States take on PFAS 'forever chemicals' with bans, lawsuits

Credit: Pixabay/CC0 Public Domain “Forever chemicals” are everywhere. The thousands of chemicals in the group known as perfluoroalkyl and polyfluoroalkyl substances, or PFAS, are found in cookware, packaging, cosmetics, clothing, carpet, electronics, firefighting foam and many other products. The chemicals, which do not naturally break down, are so widespread ...

View more: States take on PFAS 'forever chemicals' with bans, lawsuits

Hackers use PowerPoint files for 'mouseover' malware delivery

Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. No malicious macro is necessary for the malicious code to execute and download the payload, for a more insidious attack. ...

View more: Hackers use PowerPoint files for 'mouseover' malware delivery

Xuan-Yuan Sword VII, more eastasiasoft games heading to Switch

In recent years the publisher eastasiasoft has been making an effort to release a number of games outside of its titular region, with both the Xuan-Yuan Sword and Sword and Fairy RPG series in particular standing out. Today, the company made a batch of announcements for Switch ports, including two ...

View more: Xuan-Yuan Sword VII, more eastasiasoft games heading to Switch

2024 Chevy Silverado HD Trucks Get Fresh Mugs, Flashier Interiors

New Transmission, Mightier Diesel Fresh Face, Flashier Interior ZR2, Coming to a Silverado HD Near You The 2024 Chevy Silverado 2500HD and 3500HD get a facelift, and most models receive a ritzier interior with bigger screens. Gas-fed models now have a 10-speed automatic transmission, and diesel models make 470 ...

View more: 2024 Chevy Silverado HD Trucks Get Fresh Mugs, Flashier Interiors

Infinix Zero Ultra coming with 180W charging and 200MP camera

Infinix Zero Ultra is the company’s new “flagship” Gizchina News of the week 200 MP sensor or 200 MP through interpolation? Infinix is clearly trying to conquer the market with compelling technology. A few months ago, the company teased its 180W Thunder Charge system. That came after teasing 160W ...

View more: Infinix Zero Ultra coming with 180W charging and 200MP camera

Web3 Needs Better Security Services, And Forta Is Here To Provide Just That

AMD’s Zen 4 Has Arrived, Start With A Look At The Ryzen 5 7600X and Ryzen 9 7950X

How Tech Makes The Workplace More Efficient

Skeb Coin: A Token Ecosystem Designed to Maximize the Creative Potential of over 2.3 million Users

GTA 6 release window may have just been leaked

Examining the role of α-ketoglutaric acid (AKG) and its receptor OXGR1 in male sperm maturation

VW Gen.Travel Autonomous Concept Is So Ugly It’s Cute

Bank closures across the UK drive people to the Post Office to handle cash

Creepy apps cause emotional stress: The normalization of affective discomfort in app use

Fermi's ground-breaking figure: How the radial wave function transformed physics

Discovery of the largest natural carbon onions on Earth

Android vs. iPhone: Android fans reveal why they’ll never switch

OTHER TECH NEWS

;