A Ukrainian-born citizen now living in Wisconsin, USA, recently made an extremely bold claim. He allegedly stole about $25,000 in Bitcoin from the largest darknet marketplace in Russia, Solaris. Instead of using this opportunity for personal benefit, the hackers sent the Bitcoin directly to a charitable organization based in Kyiv.
But who was this hacker, how exactly did he manage to break into such a prominent darknet website’s backdoor, and what does this mean for Solaris users?
It’s All Hold Security, LLC Work
Meet Alex Holden, the CEO of the Information Security consulting firm Hold Security, LLC. This is the madman who has publicly stated that he managed to hack into the Solaris darkweb infrastructure. He even claims to have obtained the code and database of the website.
Alex Hold is a Ukrainian-born cyber intelligence who lived in Kjiv until his teenage years. By age 14, he moved to Wisconsin and eventually started the Hold Security firm.
This isn’t the first time that Hold Security has publicly admitted to taking action against darkweb services. Just two weeks ago, they released a statement that they’d identified prevented multiple ransomware gangs like the Zombinder creators.
They played a major role in dealing with the 2014 JP Morgan hack. In August 2016, Holden’s firm discovered evidence leading to a breach of Oracle’s MICROS POS and others.
The website advertises itself as a group that deals with
“Deep Web Monitoring, Cyber Threat Intelligence, Credential Integrity Services, Electronic Identity Management and Protection, Security Assessments/Pen Testing, Regulatory Compliance, Risk Management, Incident Response and Cyber Investigations.”
While they may be proving themselves as a functioning company, they’re adding a target to their backs by playing against the big leagues like Solaris.
How Was Solaris Hacked?
Holden is now being dubbed “the darkweb Robinhood” as he’s given back to his homeland this Christmas, but how exactly did they hack into the Solaris mainframe? Well, Alex and his team have been hesitant to release exact details on how they managed to gain access.
The team proved that they were able to access the darknet marketplace backdoor with screenshots sent to Forbes representatives. In his conversation with the Forbes team. The Hold Security team managed to:
- Cake control of the internet infrastructure powering Solaris
- Gain control of a number of administrator accounts
- Grab the websites source code
- Collect a database of the users along with data such as “users, drop off locations, drug deliveries meetups.”
- For a brief moment, they even took control of the Solaris master wallet. A specific wallet used by both dealers and buyers for deposits and withdrawals (essentially the website’s internal exchange.)
Solaris Darknet Marketplace likely makes above $100 million per year if we compare it to alternative darknet market data. Which begs the question of why Hold Security only managed to control the wallet for a brief moment (presumably before the Solaris team noticed)
The master wallet is only used for the purpose of funds moving in and out instantaneously. Alex Holden claimed that “it rarely contained more than three bitcoin, worth $50,000. That meant there wasn’t a huge amount for him to siphon off, though he did manage to grab 1.6 bitcoin, worth $25,000, and send it to Enjoying Life. Hold Security is also making a separate donation of $8,000.”
This may open up a few questions on how much the team actually managed to grab, and why such a small amount was grabbed. The non-profit organisation Enjoying Life cofounder Tina Mikhailovskaya did confirm that he’d received the donations.
Mikhailovskaya also confirmed that these funds would be used for the elderly, families and internally displaced persons who suffered because of Russia’s war.
What Does This Mean For Solaris Darknet Marketplace Users?
From our research, the Solaris Darknet admin has not made any comments on this, which may speak for itself. Hold Security LLC is a well-established firm; they’ve managed to fight against some of the world’s most prominent hackers, and Solaris may be one of their biggest fishes yet.
The $25,000 stolen from Solaris will barely have a dent in their revenue this year. But the greater risk is now with the users and the future of the website. Unfortunately, I don’t speak Russian and can’t see the overall impact so far, but if the community follows patterns of other fallen darknet markets. Vendors are already searching for new homes.
The user data and drop-off locations could be used against the community. And since Alex Holden refuses to provide information on how he hacked the website, it’s safe to assume he’s injected further backdoors into the marketplace, causing many issues for the future of the marketplace.
A large reason for Alex Holden’s attack was due to Solaris’s connection to a hacking crew known as Killnet. The Killnet currently works as a “patriotic mercenary promising to target Ukrainians and their supporters.” Alex hopes that his attacks on Solaris mean less opportunity for the Killnet crew to continue their endeavours.
Alex also said, “Maybe Russians without their drugs would soberly look at their country and do something. Maybe the Kremlin won’t defend their country’s drug trade and fix the drug problems instead of invading Ukraine.”
I guess we’ll see the outcome in the coming months, but for now, we’d suggest looking for a new Darknet Market.