This is an archived post. You won't be able to vote or comment.

all 90 comments

[–]throwawayyyy23423 16 points17 points  (31 children)

100% sure a scam from the admins. Beware - the admins of diabolous/sr3 are the same people for obvious reasons (same file names, same "code", same design to name a few).

[–]impost_r 13 points14 points  (0 children)

Well that convinced me.

So options were:

  1. Admins were arrested, didn't cooperate, cops tried to get some people to incriminate themselves for a couple of days and then seized it <- unlikely since the arrests would've been made public

  2. Admins got arrested, cooperated. <- unlikely since the it was pretty obvious according to some reports that something was very wrong. If they had been compromised business would have continued as usual.

    As the two above are not not likely to be true:

  3. Admins acquire currency, burn down website, fornicate with women in Belize. <- very likely

[–]deepdot[S] 5 points6 points  (0 children)

Aaaand... this seals the deal.

[–]throwawayyyy23423 1 point2 points  (0 children)

very nice :)

[–]Oktomom 1 point2 points  (0 children)

Nice one gwern!

[–][deleted] 0 points1 point  (0 children)

Definitely nice bro.

[–]sharpshooter789 -1 points0 points  (11 children)

Someone posted this, but the admins left up phpmyadmin lol.

http://andromedam363aux.onion/phpadmin/

I wonder the admin account is properly secured. They may have left some interesting info in the DB.

[–]sharpshooter789 0 points1 point  (8 children)

I just realized this is not phpmyadmin. This must be their own admin script. Can you remember the admins name so I can try a bruteforce attack?

Also, they are using basic HTTP authorization. I haven't seen that used since the early 2000's and older router admin pages. Fortunately, Tor hidden services are encrypted end-to-end so the data is protected unlike normal HTTP.

[–]impost_r 0 points1 point  (6 children)

I wouldn't be surprised if it was "root", the standard phpmyadmin username. It wouldn't be the first market operator using that as the admin username.

[–]sharpshooter789 0 points1 point  (5 children)

Does phpmyadmin use HTTP authentica?

[–]impost_r 0 points1 point  (4 children)

Last I used it it had a weblogin, but then again I just found this: https://i.imgur.com/wODOM.png

[–]sharpshooter789 0 points1 point  (3 children)

Damn what's default password?

[–]deepdot[S] 5 points6 points  (1 child)

100% Scam.

Darkbay = Ultravioletcity = Silk Road 3 (past) = Andromeda = Diabolus = Silk Road 3 (current)

All even looked the same.

[–]InfinitelyOutThere 2 points3 points  (0 children)

Wow I love that thread of absolutely fucking up over and over again

[–]sharpshooter789 2 points3 points  (2 children)

Lol. Someone should try to crack the authentication and see what interesting data can be recovered.

[–]CMelo7 -2 points-1 points  (1 child)

admin:admin

[–]sharpshooter789 0 points1 point  (0 children)

Are you serious?

nvm, CMelo7 is full of shit.

[–]TTSDA 0 points1 point  (1 child)

oh wow, that's a pretty gaping security hole

[–]throwawayyyy23423 0 points1 point  (0 children)

believe me ... there where much bigger security issues than this one...

[–]SecondChanceUsername 1 point2 points  (2 children)

I still highly doubt this but it WOULD make a lot of sense for SR3 to open, generate as much funds to the site as possible and then (if Evo and Sr3 were same admin crew) for them to pull the scam together at exactly the same time, a short period after Onymous.

[–]Jay-__ 2 points3 points  (1 child)

Pretty sure he meant that andromeda admins = SR3 admins, even tho I never used either.

[–]throwawayyyy23423 0 points1 point  (0 children)

yes, thats what I am saying: Andromeda = SR3.0 (former Diabolous). Same people.

[–]CallMePepporoniNips 8 points9 points  (1 child)

lol ive never used these sites but this sub is the best entertainment around

[–]trancepticon 1 point2 points  (0 children)

Me too! I was fucking waiting for this since the day Andromeda was announced!!

Come here for the drugs, stay for the mxe dealers and fbi scares

[–][deleted]  (9 children)

[deleted]

    [–][deleted] 7 points8 points  (4 children)

    It sucks that OP deleted that post but galaxy did a good job summarizing what it said here.

    [–]Derrick4Real 2 points3 points  (3 children)

    Admins, can we at least put a caution warning next to Andromeda on the sidebar (or wherever markets are listed now)?

    I'm mobile so I can't see sidebar...but it might be time to make this temporarily visible until proven otherwise.

    [–][deleted] 3 points4 points  (2 children)

    In the "Marketplace list" there is a warning next to the url and under "active warnings" in the sidebar Andramada is listed. I guess the next step is the WoS. Until we know more I suppose we will just remove it from the market list.

    I will discuss what to do with the other mods later.

    Edit: It's not like anyone can use andramada now anyway.

    [–]galaxyandspace 7 points8 points  (1 child)

    I just tossed it up on the wall of shame ..

    [–][deleted] 1 point2 points  (0 children)

    Good call, thank you!

    [–]deepdot[S] 5 points6 points  (3 children)

    I think they just scammed, i find it weird that it gets the seized banner and 2 minutes after someone mails me that the market was just seized.

    [–]brightmoor 6 points7 points  (0 children)

    I concur about them scamming and putting up the seized page. When onymous happened and they offered a place for vendors on seized markets to go I went there and opened up a support ticket for the vendor upgrade. A week goes by with no response and then the ticket is just gone. It seems like they abandoned the place and took the coins and just put up the seized page to throw people off.

    [–]impost_r 2 points3 points  (1 child)

    Was it an anon account that mailed you?

    [–]deepdot[S] 2 points3 points  (0 children)

    Was it an anon account that mailed you?

    Yap.

    [–]deepdot[S] 3 points4 points  (3 children)

    For all the concerned people, alternate Evo urls here from Verto:

    http://i25c62nvu4cgeqyz.onion/viewtopic.php?id=8741

    [–]RonPaulsErectCock 0 points1 point  (1 child)

    It's down

    [–]deepdot[S] 0 points1 point  (0 children)

    Seems up here

    [–]Vestigium 4 points5 points  (9 children)

    evo working? i cant get on it. no fbi banner though

    [–][deleted] 2 points3 points  (7 children)

    [–]fun-gee 5 points6 points  (6 children)

    Vendor's only link is still up and working.
    Withdrawals work too.

    [–]cocainecowboys3 -1 points0 points  (2 children)

    whats the vendors only link?

    [–][deleted] 4 points5 points  (0 children)

    I'm guessing the link only accessible to Evo vendors.

    [–]fun-gee 0 points1 point  (0 children)

    It's gofckurs1fzbub.onion,
    :p
    And please beware of phishing sites...

    [–]tobeburned 0 points1 point  (0 children)

    It's working for me, but REALLY SLOW. edit: so slow I've been waiting minutes for everything on the login page to display.

    [–]ownowfuck 7 points8 points  (0 children)

    Smells like an exit scam. These are going to be common in the next month or so, especially with the smaller; less-known markets (of which there are only what, like 3 left)? Those smaller market admins may be a bit more scared given Onymous. Wouldn't expect Evo/Agora to fall victim to this though.

    It's definitely possible that it was temporarily honey-potted, then once the notice on Reddit went up they were just like "Meh...we suck put up the seized banner."

    [–]sheeproadreloaded2 2 points3 points  (5 children)

    Nobody can be moving bitcoin about on andromeda except the thieves.

    If you can, i'd like as many of you as possible judt to deposit a few cents-worth of bitcoin in your old deposit address.

    Do it now.

    If it moves, it will be going tpo one of two places. The FBI, or to an exchange (possibly via a tumblr, but they are easily beatable for large quantities of bitcoins.

    When ypou leave a comment on here, put your wallet address at the bottom of the post.

    As we saw with Blake's arrest the other day, the FBI will get the Andromeda thief in the end. not for robbing you, of course. But for profiting from an illegal marketplace.

    If they can find the initial wallet used by the thief, they have until 2140 to arrest him.

    It will be a single person, like all bitcoin thefts. the admins won't know what's going on. only the site owner.

    [–]andyandroscam 4 points5 points  (4 children)

    They didnt put much effort into hiding the escrow wallet cleanout.

    The andromeda thief bitcoin wallet address is known and theres a direct path back to each andromeda user wallet that had a tx in escrow. Each tx is a transfer to the andromeda theifs wallet.

    cant this be used to do whatever kind of trace ur thinking? Will be hard to get people to deposit and then publicly claim their wallet address on reddit i think.

    [–]impost_r 0 points1 point  (3 children)

    Link?

    [–]Andyandyandro 0 points1 point  (1 child)

    1DgCxv3YA6Pnsr1rk4ZMtRNpPh4Z5KzZrB

    Thats the wallet they dumped all the escrow bitcoin to

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Hello /u/Andyandyandro:

    Your comment has been automatically removed. Please review the subreddit rules. Bitcoin addresses are not permitted in /r/DarkNetMarkets.

    If you have extra Bitcoins, please consider donating to one of the following organizations:

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]Andyandyandro 0 points1 point  (0 children)

    Reddit keeps autodeleting the addr. So heres the place they transferred all the escrowed coins from. There was about 40 bitcoins when i checked. Heres wall address minus the spaces and dots of course: 1Dg
    Cxv3YA6 ... Pnsr1rk4Z... MtRNpP... h4Z5KzZrB...

    [–]sniffinforbacon 1 point2 points  (1 child)

    What are the odds that Evo goes down at the same time?

    [–][deleted] 3 points4 points  (1 child)

    Im wondering if the market was scamming what was up with the free pot/address request? That seems more likely an address collection by authorites to me. If they scammed maybe that was some blackmail deal or just a diversion of some sort. Possibly the market was hacked and this has all been some hackers trying to get the coins out plus maybe a blackmail deal? If anyone has some popcorn I am willing to trade some dank ass sand.

    [–]og_by_monsanto 1 point2 points  (0 children)

    Oh shit not another one

    [–]ertzs 0 points1 point  (0 children)

    Evo is not working either...

    [–]ownowfuck 0 points1 point  (2 children)

    Ok so re-thinking this, here is what I don't get and why I'm leaning towards this whole thing being a scam:

    • The DOJ had full access to the SR2 servers. They had a UC with admin access, who could most likely see plaintext'd addresses (and nothing ever came of this???)

    • The UC at SR2 never did anything like "HEY GUISE COME GET UR FREE W33D YO, JUST GIMME DAT ADDRESS"

    • Andromeda continues on just fine after the seizures, obviously not hosted in the bulk of domains that was taken down

    • Andromeda does a lot of scammy type shit the other day, then gets outed as "COMPROMISED," but a pseudononymous redditor who deletes his post minutes after the fact

    • Andromeda is "seized"

    Definitely seems more like a scam to me.

    [–]ownowfuck 0 points1 point  (0 children)

    Guess I should have read the rest of the thread first...

    [–]deepdot[S] 0 points1 point  (0 children)

    I updated the OP with summary of all the scam indicators.

    [–][deleted] 0 points1 point  (0 children)

    Shit like this makes me have trust issues with trying new DNM's.

    [–][deleted]  (1 child)

    [removed]

      [–]AutoModerator[M] 0 points1 point  (0 children)

      Error-Sheep-Referral/Invite

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

      [–]long_wang_big_balls 0 points1 point  (0 children)

      I'd drop this market quicker then a hot potato

      [–]cryptonut[🍰] 0 points1 point  (0 children)

      Its time you lot started seriously looking at decentralised markets like what Syscoin is working on. When the UI is improved and trustless escrow implemented Syscoin will kick ass. LE cant take it down and no chance of being scammed. www.syscoin.org

      [–]ChalupaBatman_710 0 points1 point  (5 children)

      Oh yay! Another episode of DNM starts now!

      Serious question: if this place just got seized the fuck out, and people are starting to scam, why still risk all this and keep ordering? It just doesn't make sense to me.

      [–]SecondChanceUsername 4 points5 points  (3 children)

      Some one is working on a user friendly fool-proof marketplace as we speak. They cannot stop all DNMs

      [–]Plumerian 2 points3 points  (1 child)

      Open Bazaar.

      [–]Jay-__ 0 points1 point  (0 children)

      Never ever underestimate fools.

      [–]iLoveDNM 0 points1 point  (0 children)

      Drug dealers get busted all the time, shit gets seized all the time. Doesn't stop the flow in regular drug trade.

      reddit gold

      In Summation

      Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

      By purchasing Reddit Gold, you agree to the Reddit User Agreement.

      • make my gift anonymous
      • include a message

      Please select a payment method.

      Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.

      Would you like to learn more about giving gold?