Warning: Avoid all markets right now

I advise everyone, especially Vendors to avoid accessing any markets right now.

Hansa staff upgraded my account to Vendor for free to test the market security on the vendor side, at the start of June - I didn't find any security issues, it was very tighly secured, I found an issue where unindexed directories would expose a port number. Not that this would be a security problem as such, but I sent it to them encrypted to be on the safe side around the end of last month, this never had a response and it was never fixed, I thought nothing of this until this has happened and mentioned it to the subreddit Mods earlier today. I have been testing Dream for a few weeks and came across small bugs and SpeedSteppers stopped responding around a week ago. Dream Market now has a clearnet IP address exposed in JavaScript code, this was NOT there earlier today, or an time before that either. See: https://www.reddit.com/r/DarkNetMarkets/comments/6ojwht/dreammarket_important_opsec_issue_leave_market/

Edit: The links to the support desk on the market have been removed...

Dream is very likely compromized, which is increasingly worrying as it seems more and more likely that there is a Tor exploit allowing the identification of servers hosting hidden services. I would personally advise everyone who can go without their supply temporarily, hold out and let the dust settle so we can see what comes of the next few days. I would guess this is definitely not the end of it.

Keep an eye out for any changes in other Markets, I don't have access to Valhalla but from some posts I have read today, it isn't looking too promising. Also keep in mind that there may not be any visible changes after a market takeover, different agencies are involved in this and will handle it differently, they will try and keep any takeovers as secretive as possible.

At this point in time, I have not been able to identify anything to suggest other markets have been compromized but I am in the process of archiving what I can from each market so I can run regular comparisons.

Can we please reach out to Market administrators for signed messages, although this may not 100% prove their identity right now, it may weed out any markets that have been taken over.

Right now we all need to not let them achieve anything further, do not use the markets for your own safety.


Comments


[35 Points] SloppyJoeLieberman:

/u/HugBunter

There's a post from 9 months ago about Dream's chat module IP being visible. https://www.reddit.com/r/DarkNetMarkets/comments/5873oq/is_this_speedstepper_from_dream_market_possibly/

They did recently remove the "support" link from the footer of their page, though. I submitted a support ticket a few days ago and got no answer. Checked again recently and the whole link was removed. Definitely weird.

It isn't new information but I'm still wary of any market at this point. Any information such as that could have long been followed up on. Obviously LE said they will be following up on information obtained via Hansa and AB but who knows what else they may be up to.


[24 Points] Sourcery_Market:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

July 21, 2017 (GMT)

Out of an abundance of caution and for the safety of our users, 
we are going to shut down Sourcery for at least a couple of hours 
and its highly possible we may not be back up until tomorrow morning.  
We want to get a handle on what is going on with all the takedowns.  
We will post a notice when we come back online.  Don't trust anything 
not signed by this key.  We will SIGN a message with this key when we 
do come back online.  We will never deny a request to sign a message 
with this key if there are any questions as to the validity of our 
message and whether or not we've been compromised in some way.  I am 
the sole holder of this key.

Sourcery Market

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFlAcQMBEADA5L1gab3/aLrkTEtFluVrUEUMHwFoYHGAOuavdM8XVy6euhkG
N8yiXa8n4WA/iG18EuXzKf5gj7uk64VAaKNHKetM0aPNR3bBMt4DNiSrZULWnaxU
8Cll7kauc9NeAKFoeM16o6SQ0j3hniwhMaK4ftWN8KTqsx1KdQ5AENB1dn6La5Xf
EaJZVvogsxZ7X2n9yqle2FZDAIYxKXaC6LiKGiuPrRvRjpKyHhcgGtTSBRzlT+oZ
u5R/gQj6zR9mqwqYjKlkXJUuUOYv9/bwCnB8uO9msh5CF78spbHXYFgUkFcYIv7R
GnZjbh+rF8e0gwTE1t/argzAf3XACVPt1fevBvln7S/sh9p59psM0VtZDJoYDoNf
PLyp142ZjtP4mT4H7jAHwVjbA54OEn94aKje1dFfGmZNzcYGjhEGbcl95k1wMox6
BDGFp6mDe9UXVz1msMNsadUuim0nsmo02cEHOp9Jys10tIFlnKJdlVZFpbftSW1C
TqFIW/9eqlgqQtpvrU6293SKZJqwrhH8AGumd/ftp/nSd/AF5IhNszEBNO/NVpVE
W/dbl+/pssmx9o3oiav5gBBlaZxICfl/Q1Bwkmfs1Fw/nesSCH5Djxpj7qzLUeTR
i03zAoaWzDpGlLN0FRBJGPiN6Rj5doKhAkxrNjZSlt5c08+MlMUFzZqSWwARAQAB
tChTb3VyY2VyeSBNYXJrZXQgPHNvdXJjZXJ5QGJpdG1haS5sYS5jb20+iQI9BBMB
CgAnBQJZQHEDAhsDBQkBQv+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI6G
z4/YbLRHeNIQALgfT2h1cDxd6qhCYuVAo8viufBaeHxGTxnQK2Nq6qKLaRFw/zDy
yYQ2AE5W2cSHLSpTUUuZH+w1vjLHA9m2kSsCtksaX9MiofwB/PIT6OU0GRsTfuqE
ms4vVDYiV3JmjpqkYYJIG6O2Ck74H5kNFfEmidkeBB1+pPoCwl1MEspiRNwd8Spo
7/2tr+zJEhq+vM7CLuHi4SH2CQ3CvZL8gCmffZUs8FGsBeE3kwquvJ949yjOiHJ7
LEdx7Pty35XSh/CUZeW/Df3DGggpH/9FNFBScHn5RXCMt2kdslQmjHEa/yUiSTyM
sq4U/KNv5kb02MlJ20PiWgDAcfznH0o7Ce1McAk8OU/1z7KQAZW4o6ixTkU+un3+
+NRmhSlq5Iabvpf+SAhvTmP5v9c9N9uhk1bBnEt+dRoW+fVkXeBC0gXedkPnTOu3
KGDZ7A021a5g5krw8JWAw+DvR59UzJCP1nSWPg6DAl56Z9rJrFQ8GzCvUidykdyr
+7TBxUNpXULFklwksoxnF7r5nlfuqe9erRFWuXj2QB9Hd+zCqnn7NMfh5+jL4DFM
FKc2+APl/pA7o4Rr+7Ci7waUwtAMo9b+LVI053tFOHmYhS44bp0JNp4bi3wVaFV1
8QMDvszNjXweosG3T8U7nsQAp/3DZb2f71HHYPUYrTqRycPqsfAWL4YZuQINBFlA
cQMBEADGb0sUc7EH/GgxnymaZA/YE2vaoKYo9yqQNENZk9R5Uj1WzLFNir+xiA72
N/KSbpn7XKYa1rivluvD7uuDPp0IbmHXC+0N9w+IPyKIJc2JORldIGwczZwysP3J
eXN08R0t01gG003btOMxsGHN/XvlwX6g1aXcYyzz5aq5sVelyIRFGqnz2LFt1DRQ
JaOw2f3iRest9uPqTSTsSokKrp82jp+rIJB5ykQCqACP5cfWmw0/5/aSo5/URGG4
Biihi2yF73QBVMfs2NE7mNn11oWjBa0B/U0lCe0KE6FcayRwTb8WjjJsZTccFin1
gehhqVvqGKf2lH3gIyvnjyCJe7catzZO/+2v3Z957g4FLSheBcEIYUwnCC1LFcVO
wrrhN3SWKMW4KzqOp7SdY+0IvW9l5S4/EUuz5JXWLFnvUMApeX4Iyv3ekdGCKg59
7scoL97b4P7FwAjwJmf5730LESllumDlAF3PIAdwzyZoeMmoDvkrlFfklLvHNGp2
FWFbAk9+EU27fPbNspP+QUnpLFnzRxA25qGkx3WUo0nvoUVqXmfVYC5j3eJsHXQ9
mjD0vbe4s41JMqrVLC1Ki2tf4wGE4XoTew7PA3cMYlwuCH9swfJMyCtYgQwMZUNR
Uv2g3RF9UlajtZE+pwf4w4QRi7Fbo/JV1ZPE2BxUffjK+CmMjQARAQABiQIlBBgB
CgAPBQJZQHEDAhsMBQkBQv+AAAoJEI6Gz4/YbLRHdPYQAKmsJMyunv39xEN8Bu6d
ZqIEvP03kszG0ul66q0MoHj7bf+OncZR/yMXjr10UNFze3ZIRNKDAV0qHZ7WV7Dv
ndk36+bPcjhiGbKclh7sFXcnewnueLlvm5LZYxc8WIrGqqhqaNK7tabYVchaZ5dN
lHBuEzXB90vzNHmyMTKN1MpuEf/j201M5cxx2D+3k1fvcFGSphFGG/R9eWzS4dt/
5mVWh2kAb/2v7EYV6P0SBzBPC6+Igw7dYDfXc9jfNj1bcBmUk2JcGYFZ2pqz7s4c
t/bGzH7Aq/1SGOARSbSmot3EGDnypKKpVR8BJkrRv5/Oxmck7oCUCOIa20ip1+RK
m5o0RtV5tRqFYl5JXgqs8W88XAG+QWr3DzzDLmFTlhd1fhOpgwzLpnOk3Lk28erq
m+6gg7+EecXA2qiJSaLNrjfqlH0tHCI+/Jzeva5SnN2MZ3pXPjrHOEf03E+C7Rp6
l0cTrozrs2TRCvQQuv4WVz6tylpdcxEX+clgVxDoAJHn8vx41oXQxiIFmNEGN2RT
qn/Zc+dWmu9+6IeM7loy2WQVme1XV1X6cprvQVVKzvv3c5iCK+oKvo2mBlIwyHHB
NYgFAFrhZht0B+36lQ3GXl6GDtbxHMz75W9VG+xPflRMxb0BNGaLNF2eSRrbkYXh
C5nv+NhLRSSGWFsKVzswHit9
=WTUE
- -----END PGP PUBLIC KEY BLOCK-----



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZcU5YAAoJEI6Gz4/YbLRH1LQP/A0mG21vAJyrME+gochW1X2j
sRcGvKPI1Iif66xw4OwGoaTMVJ5w8d+XaEIIkE+XEDblQnEdCr3ZlI46Evtoz/Bq
s16jo75tZx3/Pg6mYf49x6V9armgH84ynxH1VKXgPjg9NGsfUg4uZn1CvAIlGSyn
E2ACkPgVS/wxiJhyXt/qh/CVTkr3BE1heFc8vtlj7veUbU3viV+DB1lR1ACpBgYy
3NDttue0O5ukpqoh/65oMCay/7l61Sr2aSwiM7glatUwFm8sCjK2MaReYCGDfkdR
RLKRFLZmQ4IDMGoKp7VFWbhcSo0Dei4w0qSX1uaEzVTCgzTWU7bpA4Dr5TQ9C3VY
ych5yoxvIy3qxl1kO01KOLWP9YOnUQQ129gez1MiD/QJ+zAui/dWS1QK6xu5B0Mv
8hps8hoEPgD2Hd37KjU/w1tumf4Ib+bxmP+1/1PExOmTvBbc/wLCWW2KLaTuL2KO
7LiE/V8VBqcWhv3Jtv2Xcy9NLwTX4E4ZIZkoUy0Kb6LTkiMGMy/hpz5yOqSfmGEt
bLxBB9NWNr/Yw4HtYIj8lvh4C/eyLbj2+65SJIQKSy57wRiNePDZCSqhID2u3LaF
w/a8Tg04K6mluPULqJDNz3pEBRpyo0lawEwAPjXWCD9sUtT0RPvobI6ePSzns6Du
jqY1EBzIqSEwj4FMl6b8
=K9UD
-----END PGP SIGNATURE-----


[20 Points] None:

[deleted]


[17 Points] FullAddy:

If Dream isn't compromised mods should take it down now, should've done so as soon as the Hansa bust became public. It's just a bust waiting to happen. Bring it back when this is all blown over


[11 Points] None:

This is fucking depressing as hell. Not whining but boy is it a sad day for the dark net markets.


[9 Points] at69:

thanks for keeping an eye out. When you get done, are you going to code the ultimate market? or take it public on the legit side of things?


[7 Points] None:

Wondering when you would swing through. Keep it up homie


[5 Points] Ethereality_DNM:

/u/HugBunter do you have backups of Grams? If so, was Nucleus always "nucleaus" on the front page? Also, when searching a key not listed in InfoDesk, did it say "No results were found for the PGG key you submitted."?

They don't seem useful but I'd never noticed them before. Maybe I just never paid attention.


[5 Points] TradingRealGfForRsGf:

Any thoughts on vendor owned markets like gg and the sort? Are those compromised or has there been any word from them on their state of operation?


[4 Points] snugglelufugus:

Have you ever taken a good long look at the child porn sites on tor? Appaerntly theres still alot o fthem and they stay up for longer than markets, what the hell they are doing right seems like we need da pedos to run our markets lol


[3 Points] account0787:

Dream Market now has a clearnet IP address exposed in JavaScript code, this was NOT there earlier today, or an time before that either.

https://www.reddit.com/r/DarkNetMarkets/comments/5873oq/is_this_speedstepper_from_dream_market_possibly/


[4 Points] mejuwi1:

Can we at the minimum have each market admins post PGP signed message to confirm their authenticity? DHL and Dream...


[3 Points] sharpshooter789:

I would keep an eye out for markets that begin to require javascript. I saw on one reddit thread that Hansa began requiring JS to register at some point. Not sure how accurate it was because there are conflicting reports.


[2 Points] None:

[deleted]


[2 Points] For_supreme2:

Just curious /u/HugBunter have you looked at CGMC, its a cannabis only. One of the only ones i kinda trust


[2 Points] thebuttsofwar:

Since everyone keeps bringing up the possibility that LE's got a new Tor exploit in their toolkit, I'll just leave this here for the curious the paranoid the fuck of it...

https://nakedsecurity.sophos.com/2016/09/07/can-you-trust-tors-hidden-service-directories/

(Not actually sure if that research is still relevant. I don't Tor much these days)


[2 Points] speddyjz:

What about ggs own site?


[2 Points] Vendor_QuickLick:

To be on the safe side we are advising customers to use BitMessage and to encrypt all communications using our public key which we have recently confirmed here /r/DarkNetMarkets/comments/6onl7b/update_for_all_quicklick_hansa_customers/. This platform has been around for a while and is not going anywhere unlike these recent marketplaces. Our BitMessage address is BM-NC3bpRtXFr7pikkVsibJPps4oLY29upM - we are handling all questions and order related inquiries here (as well as on the markets which still stand).

QL.


[1 Points] seventhaccount7:

I believe Dream will be kept up longer to let some of this dust settle and accusations die down before it is exposed that they are compromised as well. Especially since I believe that it will be a more profitable endeavor for LE than Hansa would have been. There is a lot more money in market wallets and escrow at any time on Dream. Even if it's still up a month from now, don't assume that means it is safe to use. At this point all anyone should be doing is connecting with their trusted vendors outside of markets and communicating with them through the same pgp listed on their grams page.


[1 Points] AI-Bourne:

Where to report a Vuln found on Dream??? I found a bare IP address in one of their js front end??? whois lookup points a server in SWEDEN, at least that's where it gets re-directed to


[1 Points] funkdogg:

Silly question, but even as a personal buyer, you'd halt ordering from trusted vendors (assuming the use of old PGP keys)?


[1 Points] Flanflan513flan:

So news shows articles about le getting ip addresses off hansa, does this mean they installed malware that would track each ping and if so does this malware track through a.vpn


[1 Points] None:

Wonder how u/Pelican_Vendor is doing..


[0 Points] None:

[deleted]


[0 Points] throwahooawayyfoe:

u/HugBunter, Question - Have you had a chance to look at any of the dedicated vendor stores? I'm wondering if independent vendors may be at risk as well or if this is an issue strictly within the realm of the centralized markets at this point in time.


[0 Points] Aquagenie:

Wonder if anyone in this thread that's smarter than me is able to tell me how long order details are retained in dream before they are removed?

I know other markets used to get rid of order info after 30 or 60 days ( can't remember which) what was standard within dream?


[0 Points] None:

[deleted]