[PSA]Blackbank may have exit scammed or is compromised.

Firstly, I have not been as active the past few days so this could have been posted. If this is the case I will remove it.

Anyway, /u/blackbank_team, the reddit account controlled by the blackbank team made a post yesterday regarding concerns.

I know, you're afraid and i'm afraid too that mdparity will never ever come back But to answer all of your questions My messages here aren't usually pgp signed, but there are only 2 persons who have credentials for this profile I can't believe mdparity has decided to exit scam now, if he has done it i'm astonished, but i believe he hasn't done it, some might have happened to him, since he's not answering my messages I will give him until the first day of june before declaring BlackBank dead, so let's wait toghether MrDoe

The exit scam is pretty self-explnatory and is a real possibility. However, I would like to explain why I think the mdparity may have been compromised.

Those of you who have been around awhile can skip or skim this paragraph because they are probably familiar with this episode. When BB first opened, there was a troll/script kiddie [whyusheep] (very similar to hacks4crack) who was wreaking havoc on darknet markets trying to show off his l337 skills. Coincidentally, two of the markets he may have "hacked" were seized by LE or were robbed1. Anyway, he discovered and irresponsibly disclosed a misconfiguration on BB's server (more information on that in the paragraph after the next one). This started a battle between mdparity and whyusheep. Whyusheep was trolling mdparity pretty hard and had a "mental" break down. I don't remember exactly what was said or if he exposed anything, but this does call into question his judgment.

Indeed, I remember whyusheep posting hints about finding linkedin (maybe other social media too) profiles related to mdparity. Mdparity said they were red herrings. In my opinion I think mdparity was honest because the profiles and tracks were a little too obvious.

Now back to that misconfiguration whyusheep exposed. I don't think many people recognized this as a serious issue, but it was. For those who don't remember, whyusheep found a way to list the server's directories content them ( this is what I mean ) In addition, the scripts were world readable. This may seem trivial to non-technical people, but I'm sure the tech savvy people realize the problem this posses. This allowed anyone to download the scripts themselves, which can be examined for vulnerabilities [easier to find vulnerabilities with the source], sensitive information leak, and coding style. Remember, Ross's SR code had an hardcoded IP, which lead to a VPN and was eventually used to identify him

It's also highly possible that BB had other misconfigurations based on the one exposed by whyusheep. An experienced webadmin would have disabled directory listing which suggests mdparity had little experience as a web server admin. This does not bode well for mpdarity or BB because there are a ton of ways of misconfiguring a web server and some of these misconfigurations could have leaked more specific details.

1 I don't believe whyusheep reported anyone to LE or steal from SR2. I think that hackers or LE were monitoring this sub and saw the vulnerabilities who exposed and then abused them. He exposed a very bad XSS vulnerability for Utopia. It was found in message titles so no interaction was necessary to carry out the attack.

----begin theory------

This could have been abused by LE to obtain the admins session cookie then upload and execute some malicious script to get shell and ping home; I doubt the admins configured their stack correctly and disabled IMCP all together.

--------end theory-------------------

For SR2, I believe he dosed them. He also exposed the fact that the script (and possibly the DB) was using floats to represent balances. A float lacks the precision to handle bitcoins.

-----begin theory-----

A hacker saw this noob mistake and decided to pentest and possibly found a race condition another good nontechnical explanation exploited it to empty SR2's wallet.

-----end theory--------

edit formatting

edit2 add reference for VPN being used to locate Ross thanks /u/MLP_is_my_OPSEC


Comments


[15 Points] Ser__Ocelot:

https://www.reddit.com/r/DarkNetMarkets/comments/1z7qz1/should_i_be_able_to_see_this_directory_listing/cfrd1cq

Gotta wonder how this will all turn out

EDIT: His post history is rather strange.

I believe in freedom because my freedom has been lost.

I don't ask people to believe in me. What I ask is myself to believe in freedom. I'd gladly die for others.

If I could walk outside I would. If I could eat better I would. I lost my freedom a long time ago.

Christ. Maybe he is (was?) not well.


[6 Points] Itsonlymeffs:

I NEVER trusted BB for two reasons....

1) As soon as I saw the image of the owner "MDParity" was a picture of Guy Fawkes this made me suspicious.

2) He addresses every post with "Howdy"

End of story


[3 Points] ThisIsNotTheEndBreak:

To the people that has coin in their accounts should really look up the wallet address and see if the coin is still in there. If it still is, I would think something simply happened to the admin, possibly death because LE would take every penny, same with an exit scam.


[4 Points] mad87645:

Can someone explain everything that has happened in this thread like I'm 5 please? I'm just here for the drugs, I can't work out the rest of this shit.


[5 Points] tonyeverready:

allo

i am manuel fernando flamingo. i would like to join the cosa nostra artistry. yo soy well versed in communicado de los cryptos and can purchase a booter from los hackos forumos.

entiendo JAR scriptos y how to say...JAWA DRIWEBY. please assept my resume.


[3 Points] None:

Popcorn, Mountain dew, GO!


[3 Points] MLP_is_my_OPSEC:

Once the agents seized the Silk Road website files, they could read the IP address for that VPN server. The hosting provider gave up the access records for the VPN server to the FBI, which showed that it had been accessed from an address at a coffee shop near where Ulbricht was staying.

Source: http://www.coindesk.com/ross-ulbrichts-silk-road-head-smacking-rookie-errors/


[3 Points] PartyTimeSupply:

Isn't there talk about the coins not being moved out of the BlackBank wallet?

I REALLY hope that he has just had some fucked up emergency on top of the DDOS will be the explanation and we will all be able to move on and get our coin.

But the realist in me thinks he did get popped. I'm just hoping he had some type of degaussing loop/kill switch for his personal machines. His post history made him seem like a good guy, and at least then we'd have more than one market go down with a honorable discharge.


[3 Points] AussieCryptoCurrency:

I have maintained that BB will exit scam for very simple reasons no one has paid much attention to...

BB uses a masterkey multisig setup. It's basically 2 of 3 OR BB_masterkey. So whether or not the vendor and customer hold the 2 key majority, BB can always override with their masterkey.

Didn't the fact that deposit addresses were being re appropriated (along with funds) suggest to anyone that these guys are dodgy?

ALL it takes is a slick interface and people flock to it every fucking time. Until this lesson is learned, the exit scam will keep getting used.

FFS, DNMs have a 100% failure rate.


[3 Points] GrandWizardsLair:

The only thing we know for sure is that BlackBank is currently inaccessible, as are any coins which were held by BlackBank. At this point speculating is pointless. Feeding the ego of some anonymous teenager who wants to claim credit for something he had no part in is counterproductive. Best to accept your losses and move on: let the "force of evolution" keep wanking while he pretends he actually has the capability to do anything other than troll Reddit.


[2 Points] Jay-__:

Damn, why have I never heard of any of this?

Usually I'm pretty thorough with researching old things I should know about, but I completely missed those.

The only security-related thing with BB I saw was when someone here bragged about, supposedly, stealing BTCs because BB re-used addresses.

Do you may have links to any of those old threads mentioned?


[2 Points] drpnit:

Thanks, but isn't it coincidental that he would shut the market down for maintenance and then get picked up by LEO?


[2 Points] Rdns:

reddit did it again! unraveled the mystery


[2 Points] sobulbous:

How convenient hacks is now a sheep... Always after the fact, never before.


[2 Points] Lucid_Enemy:

also this hacks is different before when he was here he claimed his style of attack, this one is avoiding talking about his attack (other then telling us hes doing a DDoS (before claiming a lone DoS) other then explaining some social engineering hes just claiming shit with no evidence. hacks your kinda really bad at this (unless acting full retard is part of your act) just log out of your accounts and leave. you posting on here and doing this stuff is for attention, I dont give a fuck how your retort will be saying you dont care (you do every time someone attacks you) you do cause you wouldnt be doing this for anything other then attention. STFU and enjoy your millions or whatever you have, like the rest of us (you dont see me spouting off as to my fun little exploits, or any huge vender flashing there coin like its bling) go fuck shit up on some carding sites or some CP sites or some shit where you'd be doing good.


[2 Points] None:

This is the first thread that I've seen go well over 200 comments in a while lol.


[1 Points] Iamnotacopreally:

Lot of heat. Maybe he just walked away.


[1 Points] None:

Well this is a fascinating thread. I wasn't around for the whyusheep stuff, but still...fascinating.


[1 Points] None:

[deleted]


[1 Points] None:

so will it be back?


[1 Points] dellwho:

for once an exit scam on a market i've never used.


[1 Points] bbexitsxam:

I dont have any proof other than word of mouth, but a recall the day before bb went down i couldn't withdraw my leftover btc from the site. I got redirected to the withdraw page countless times when i made my request. the next day blackbank went down, so ill let you put 2 and 2 together.


[1 Points] None:

...and once again hacks is deleted. Elusive bastard.


[1 Points] darknetALERT:

God bless you, Sharpshooter.


[1 Points] the_furrow_farrow:

i havnt been able to get into my bb account for almost 2 weeks.

none of the below addresses will allow me

http://wztyb7vlfcw6l4xd.onion/

http://e546hpsknibe5mky.onion http://ducz6fkrzwexlnii.onion http://icou3kog5yzedrbb.onion


[0 Points] Lucid_Enemy:

i think hacks for douche or what ever the fuck you are is using this whole "evolutionary" thing to say hes behind evo...I just bought a new popcorn maker (I FE'd still need to update) time to break her in...


[-1 Points] hacks4smack:

I find this all to be hilarious, you are all just pawns


[-3 Points] None:

One question: How have you idiots not yet realized I'm whyusheep yet (and possibly The Avid and Cimon :) )?

Well MDParity didn't realize it despite the many conversations we have had over the year, so I can't blame you.

Also want to see some BTC transactions from MDParity I got recently? Maybe you can see if that help solve your mystery.

Script kitty turned into a lion, sharp like knife. I like the race condition theory, remember when I DOSd agora and they were sending out quadruple withdrawals? That was a funny example of race conditions.

Edit If you need proof I'm hacksforcrack I can sign a message with the key I gave out in the Absolem/Havana debacle.