• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2022
  • May
  • 24
  • That's All Folks: Versus Market is Retiring

That's All Folks: Versus Market is Retiring

May 24, 2022 Comments Off on That's All Folks: Versus Market is Retiring
That's All Folks: Versus Market is Retiring

After several days of consideration, the administrators of Versus Market decided to retire.

In a post on May 18, 2022, AlphaBay administrator DeSnake published an announcement on Dread about “security issues on Versus.” DeSnake then worked with the Dread user /u/threesixty to verify the existence of the vulnerability discovered by the hacker.

WilliamGibson, a Versus staffer, announced the market’s shutdown on Dread.

DeSnake’s explained the exploit in his Dread post:

“The exploit is extremely simple but compromising. It allows for full access to the underlining file system on the server. This include information within the /etc/ directory as well as wallet directories. It is a full information compromise of the system. Everything to the server’s IP address, to the backup of the database in the admin home folder, to the wallet files themselves. I am able to traverse nearly the entire file system with web server level access. There is no jail, WAF, and minimal care to limit the information disclosure in the event of a web server compromise. I am able to view the history of IP addresses which have previously accessed the server.”

Paris, the co-administrator of Dread, later verified the exploit’s existence.

The market has been unreachable since DeSnake published the disclosure on Dread, if not earlier (the market’s backend returned a “white screen of death” after some of DeSnake’s testing). On May 22, 2022, Versus Market staff member /u/WilliamGibson announced the market’s permanent retirement. In the announcement, WilliamGibson wrote that Versus Market’s staff spent several days analyzing the severity of the vulnerability.

“After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential ip leak of a single server we used for less than 30 days,” WilliamGibson wrote.

The market wanted to contest some of the claims made about the vulnerability. Specifically, WilliamGibson wrote, “there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption).” Members of the market’s team feel as if a “clear agenda” existed in the way people handled the discovery and disclosure of the vulnerability.

A picture of Versus Market is the most popular Western marketplace | Picture: @DarkDotFail

Versus Market is the most popular Western marketplace | Picture: @DarkDotFail

Others on Dread have questioned DeSnake’s involvement in the disclosure, pointing out that AlphaBay inevitably benefits from the demise of any competition. One Dread user asked, “all good intentions aside. Isn’t it an advantage to eliminate your competition and gain more users for your own marketplace?”

DeSnake answered the question, stating, “yes it is and we do not hide that. As I explained in several posts some minutes ago the effect of such a vulnerability is much, much bigger to all marketplaces and the scene as a whole and while we do benefit from it, it is a small if not insignificant compared to what could have actually happened.”

Paris provided a similar answer and suggested that law enforcement had already compromised the server unless they were “sitting on their hands.”

The sentiment of users commenting on posts about the vulnerability appears to be generally balanced. Although many are skeptical of the way the motivations for DeSnake’s disclosure, others thanked the parties involved for “not outright exposing the exploit and/or leaking the database.” (DeSnake claimed that he did “not leak the database or [steal] any coins.” The market recovered from a Bitcoin theft once before when hackers drained Versus’ escrow wallet).

A picture of DarkDotFail claims the market had “a troubled history.”

DarkDotFail claims the market had “a troubled history.”

WilliamGibson’s retirement post highlighted the market’s climb to the top.

“We built Versus from scratch and ran for 3 years. We built a community and even became the #1 DNM when we never intended for that to be the goal. At a certain point, there is no further way up to go, only down, and in this business it is best to not make decisions out of pride. While we are not ending on the note that we would have liked, we hope that the truth about the actual scope of the vulnerability, combined with the impact we have had on the community, leaves users remembering Versus fondly for years to come. Versus Market has officially retired and we thank you for your support and being part of something that hopefully defined the future of DNM’s.”

And he closed by thanking the community and telling Versus Market vendors that he will provide a link where they will be able to access their transactions without a locktime.

Signed Message from WilliamGibson
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



Dear Community,

There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability. After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential ip leak of a single server we used for less than 30 days. We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption)
In many ways, we are glad to see the community coming together to improve everyone's security, this was our dream from the beginning with Versus, though we will say that there was a clear agenda behind the way this was originally handled, but we leave you to draw your own conclusions
Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years. We built a community and even became the #1 DNM when we never intended for that to be the goal. At a certain point, there is no further way up to go, only down, and in this business it is best to not make decisions out of pride. While we are not ending on the note that we would have liked, we hope that the truth about the actual scope of the vulnerability, combined with the impact we have had on the community, leaves users remembering Versus fondly for years to come. Versus Market has officially retired and we thank you for your support and being part of something that hopefully defined the future of DNM's.

For all our vendor:
We will soon publish a link where you guys can get your transactions without the locktime. No need to wait 90 days.
It was a good run and I would like to thank you all.

All the best,
William Gibson

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEFAl5ki+ljOnGotMlXFDURnuuQqEFAmKKRLJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE0
MDk3OTkyMkZBNThDRTlDNkEyRDMyNTVDNTBENDQ2N0JBRTQyQTEACgkQXFDURnuu
QqHryQ/+IAUfX7anIWAESD5AIPz/gBt9ufFovPHWl13SCDghpgt9v0Zu6zv03WSK
1e/RlVUTXfAfMdyvlXCMy6ItdtEsQi4dBHzy/exgr9Obrg0NLu4ie1poyp7c3+Vk
h3Ok6PX2FcCSKMNTZUYa0z7ycHK+NOop+IfG/MErPVRx0eVMvjCQRw3+QMgVm75P
NqnCh1bdesOReMAbnMrdqTLWTfgIxAXJ4KMhxbawBx1SWg+34wBcHbTjGh/SIlHI
vTBN6ROt3bxc6M+8JPxAMb9+Ai1h1rcqgYy+T3wW3bkP97eEtbkOI4jKwsUhyiLQ
Zoq9PNkzRRIiyxzttdBB49tWGUewGKTgnWlmQc4LEcMGK13jAu0uJ2r+wsq24Kl3
YuQjzkN8bZCLqFyy+Zdu1uJszER1RGSFTk6QtMBtztlNHGX7XpDQXbz+4OXhwCzj
ag58VyosXNI51LPEuzNlNWszE6r+HuS0Jcjh6ImsMYL6NlhmZ+uz2zWVXO1xL90O
eTx4Zb3kCWHSppUZJivnEd6I3tvgE1pfkP9y2R9RmcWif9JPsnNwCsc3pzStrPAE
c26wWvrKeEU5Gr+5PYMY3YDciTSUnER/k8/s9bCUm7v+NkIyJAOb2fNOmL8gSl8e
pQ0kYSAedfNSiQptiK6lEK+0d5oDy99MTxWGbHNY2Y+akisl/v4=
=QV1O
-----END PGP SIGNATURE-----

dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/d492c9d27bceb87fed69

(via darknetlive.com at https://darknetlive.com/post/versus-market-is-retiring/)

Post navigation

Frelatage – The Python Fuzzer That The World Deserves
hakrawler v2.1 releases: Simple, fast web crawler

Related Articles

Elliptic: Illicit Use of Dogecoin Increasing

Elliptic: Illicit Use of Dogecoin Increasing

- Dark Web News
June 23, 2022
Fraudster Charged for Using Stolen Credit Card to Buy Jewelry

Fraudster Charged for Using Stolen Credit Card to Buy Jewelry

- Dark Web News
June 22, 2022
Seven Sentenced in South Wales Drug Trafficking Case

Seven Sentenced in South Wales Drug Trafficking Case

- Dark Web News
June 21, 2022
hacker gadgets
hacker phone covers

Recent Posts

ElfPack: ELF Binary Section Docking for Stageless Payload Delivery

ElfPack: ELF Binary Section Docking for Stageless Payload Delivery

June 24, 2022
Norimaci - Simple And Lightweight Malware Analysis Sandbox For macOS

Norimaci – Simple And Lightweight Malware Analysis Sandbox For macOS

June 24, 2022
CVE-2022-34305: Apache Tomcat Cross-Site Scripting Vulnerability

CVE-2022-34305: Apache Tomcat Cross-Site Scripting Vulnerability

June 24, 2022
TrelloC2 - Simple C2 Over The Trello API

TrelloC2 – Simple C2 Over The Trello API

June 24, 2022
Elliptic: Illicit Use of Dogecoin Increasing

Elliptic: Illicit Use of Dogecoin Increasing

June 23, 2022
bofhound: offline BloodHound ingestor and LDAP result parser

bofhound: offline BloodHound ingestor and LDAP result parser

June 23, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW