Less than two weeks after the Versus darknet market declared they were closing to new users the site has gone offline due to what is likely to be a hacking of their servers.
Initially thought to be another DDOS attack that had been plaguing the market, then assumed to be a server migration being performed by the Versus admins themselves, a largely-unseen message posted three days ago in the Versus subdread offered the first clues as to what had happened: a vulnerability had been found that potentially allowed anyone to gain full control over the market’s infrastructure.
In the post, /u/threesixty claims to have hacked the market, gaining critical information relating to its server setup in the process. In their message, which largely chided Versus admin ‘William Gibson’, /u/threesixty made references to having accessed the market using backup files, discovered “detailed server authentication logs,” and found what they believed to be a public IP address used by the market.
Amid a series of complaints by Versus users reporting they were unable to access the market, AlphaBay admin DeSnake chimed in with their own take on what had happened in a post titled “Versus hacked for 3rd time or why security must be a priority for DNM admins.” DeSnake claimed to have been contacted by /u/threesixty the day prior with information about the security issues on Versus which they then used to verify the presence of the vulnerability themselves.
“Testing the vulnerability was straightforward and as threesixty said a textbook one,” wrote DeSnake in a post in the AlphaBay subdread. “How no one has reported it or fixed in 3 years I or him do not understand,” he added. The impact, he stated in a non-subtle way, consisted of a “complete takeover. Database, files, cryptocurrency wallets (of course those that have used multisig are okay either way), real IP exposed etc. Complete pwn.”
Dread admin Paris also added their own thoughts on the matter in a PGP-signed message in the thread of DeSnake’s post, more-or-less confirming what /u/threesixty and DeSnake had said earlier. “IT IS REAL. The exploit is extremely simple but compromising,” he wrote, adding that it “allows for full access to the underlining file system on the server.”
“Until such time as this is fixed nobody should use Versus. I can’t say that enough. This entire server is probably compromised already by law enforcement and being monitored. It is a total compromise and is without a doubt one of the worse outcomes to a simple security exploit I have seen in a very long time.” – Paris, Dread admin, on the state of Versus market.
While conspiracy theories abound elsewhere on Dread, little other actual information is known about the reality of the situation, other than the market remains inaccessible. Versus admin ‘William Gibson’ has not posted on Dread since the market went offline a bit over three days ago.