Both were used as honeypots after capture and possibly the same payload that was used on Playpen was done on Hansa to identify users?
When Playpen cases were taken to trial it would be dismissed because they would not disclose the exploit, is it a coincidence both are identical? If so it proves a tor exploit does exist and they would need to control the market to idenifty users and collect ips. Auto pgp + ips + purchased goods.
I remember they said there were like 10 of thousands of users of playpen, they only idenfitied 900 or so. This can be attributed to the % of people running TBB on windows with js enabled. If they had a real attack it would have been 100%.