Less than 30 minutes after Versus Market announced that the market had gone into invite only mode, details emerged that the market had been hacked. So at the time of writing this article, Versus is down and its users should be extremely careful. The market has experienced a complete takeover. Database files, cryptocurrency wallets and real IP have been exposed.
This is the third time in a row that the market has been hacked. In 2020, the market was hacked for a record two times. This was not only a blow to the market but to the entire darknet fraternity. Versus has grown to be a respected market and this series of hacks only renders the management weak.
In the first incident in March 2020, the market first posed operations to conduct security audits. This was after one of their middleware servers posed a potential IP leak. A few days earlier, DDOS attacks started against the market. After a series of attempts to recover the market, the efforts became fruitless. The market was declared hacked.
Another hacking incident happened in July 2020. This time round, huge losses were experienced. The management announced that somebody had accessed their servers and stolen the majority of the Bitcoin in Escrow. And this second hack particularly was a very big blow to the market. In as much as it was able to recollect and be back on its feet, all wasn’t well. Most dark web enthusiasts knew that a thing like this could possibly repeat. Very many vendors showed the market their backs. So today’s incident is the third in a span of three years. Something honestly needs to be done.
Confirmation of the Hack
DeSnake, who is the anonymous AlphaBay admin and co-founder, is always known to notify the dark web community of any hacks and security threats. Just like he did with Archetyp, DeSnake also announced the takedown of Versus Market. DeSnake said that the takedown was brought to his attention by the hackers and so he had to inform the public. Other prominent darknet administrators also verified the information.
According to DeSnake, the hack is so severe that there’s very little possibility of the market standing up on its feet again. The admins of Versus have very little control over the market at the moment. And so the market is expected to go down at any moment due to an exit scam. It’s just a matter of when, and not what if. Any user of the market is therefore advised to take caution as early as they receive the message. Otherwise things might turn South on them.
Apart from DeSnake, Dread admin, Paris also confirmed the hack. Paris said the hack is real and that the exploit has been on the Versus server for at least three years. So there’s no chance that the law enforcement are involved in this. They’ve traced the market and its activities for a very long time and their journey most probably came to an end. Paris further warned the public not to engage the market anymore.
According to other users, the market was reportedly taken down by DeSnake. They argue that the AlphaBay admin wanted to show users how insecure this market is and how to protect it from law enforcement. DeSnake however , hasn’t personally verified such information.
Announcement Of The hack Of Versus Market
DeSnake writes;
“Disclaimer: Before I begin with the post I would like to point out that I do not have anything against /u/WilliamGibson himself. Yes I do not think security (getting hacked 3 times) and stability (offline almost all the time during DDoS) is on point. Especially for their status as a marketplace, even more so 3 years down the line. Yes, their inability to get their Staff issues/communication spills over the business. And the posts from customers speaks for that. However at the very least they kept going and were providing a platform for people to trade.
I was contacted around a day ago by the hacker /u/threesixty about the security issues on Versus. As with everything I take it with a cup full of salt before I do my own verification. I took a look at his profile and of course it was a new one. It led me even further to believe this to be FUD. He had created a post on the Versus subdread /post/e408c16ab482106c4eea/ which got surprisingly little attention for the details that it was outlining and claiming
Further details
I decided to ask him for further details and in an encrypted PGP message he provided an interesting amount of information. Now anyone could have created that information so the only way to verify it was to test myself. I was almost certain it had been patched by Versus… but even after the post threesixty had done the vulnerability was still sitting there plain as day. It allowed anyone to browse through the system and potentially escalate to full control over the server.
Together with the good-willed hacker 360, we were able to get even more proof. So on top of what he had recovered initially, indeed it is the real server of Versus. All proof was provided to Paris right before putting this post up.
The Vulnerability
Testing the vulnerability was straightforward and as threesixty said, a textbook one. There was no complexity in it or discovering it. How no one has reported it or fixed it in 3 years. I do not understand. Complete props go to him for finding it.
The Impact
Complete takeover. Database, files, cryptocurrency wallets (of course those that have used multisig are okay either way), real IP exposed etc. Complete pwn.
From threesixties (and mine) side nothing has been taken or modified in any shape or form. Only information was downloaded such as databases and files (including system ones to prove the existence) which would allow us to prove the vulnerability exists to other high ranking people like /u/Paris . Cryptocurrency wallets were never touched.
Given the issues with security that are now happening for the 3rd time in the market’s history, Staff problems also affect Versus. I have no doubt that affects the security and maintenance of the marketplace. Staff are a core part of the marketplace without Staff administrators, and vice versa. So for all of you marketplace admins make sure your Staff are well, financially and in other ways. When you are an employer it is your duty to ensure you create a good environment for individual employees to thrive and grow both professionally and personally…” DeSnake continued even further with the PGP signed message.
Paris further writes
“/u/DeSnake has provided me with the exploit and rationale. I have personally verified it.
IT IS REAL.
The exploit is extremely simple but compromising. It allows for full access to the underlying file system on the server. This includes information within the /etc/ directory as well as wallet directories. It is a full information compromise of the system. Everything to the server’s IP address, to the backup of the database in the admin home folder. And even to the wallet files themselves. I am able to traverse nearly the entire file system with web server level access. There is no jail, WAF, and minimal care to limit the information disclosure in the event of a web server compromise. I am able to view the history of IP addresses which have previously accessed the server.
This is a major compromise and it is very easy to find and pull off. Even a simple scriptkitty that is running a web server tester will find this exploit. /u/WilliamGibson I will be passing this information over to you. This shouldn’t be a problem with even the most basic jailing practices on the web server layer.
Until such time as this is fixed nobody should use Versus. I can’t say that enough. This entire server is probably compromised already by law enforcement and being monitored. It is a total compromise and is without a doubt one of the worse outcomes to a simple security exploit I have seen in a very long time.”
Differences Within The Administration of Versus Market
There has reportedly been no good blood between the management of Versus and it’s employees. This, according to most people’s opinions is the major cause of all these problems. This publication keenly studied some comments under DeSnake’s post and most people accuse the administration of Versus Market of poor management.
It is alleged that Huxley, Poe, Gibson and Rowling have had some differences in opinion. It all came to a head about two weeks ago, and they’re probably still kind of simmering about that. A lot of factors contributed to this and several things were said. Both bad and good.
A user wrote “There were a lot of factors, a lot of… underlying issues, a lot of kind of hurtful things were said, and it was honestly kind of ugly. I’ve been talking with all of them, seeing it from all sides. And while I’m honestly kind of hesitant to pick sides on that whole mess, considering I don’t have any sort of actual bond to the market itself anymore. I will however say some things definitely could stand to have a bit of a shake-up. Especially in the process it has been handled with.
Of course, I could be wrong. These guys that I’ve known for almost a decade could have decided to go completely irrational at the drop of a hat, burning not only these names but also their entire reputation for the rest of their careers on the Darknet.
My point is, be careful, all.”
Will Versus Market Come Back?
Many are asking; Will Versus Market come back to the game? Well, that we don’t know, but what we know is that markets rarely return after something like this becomes public. It may return just like AlphaBay did but after several years. And AlphaBay was probably a different scenario. The co-founder, DeSnake, was a determined fellow and could not imagine seeing their legacy thwarted down. The return was also part of revenge for his fellow administrator who died in unclear circumstances.
Another thing, remember this is now the third time Versus is experiencing such a thing. But now on a more advanced scale. We don’t want to conclude prematurely that the market won’t rise up, but users must be careful. Versus is now an exit scam in waiting, and there’s nothing we can do about it. Nobody, not even the administrators would like to see their sweat poured out. They’re going to try with any means possible to recover anything they might have lost. At the end, vendors and customers are going to surfer.