2 min read

Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak

Vlad CONSTANTINESCU
Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak

Versus, a notorious English-language cybercrime darknet market, shut down after a hacker disclosed a high-severity Proof-of-Concept (PoC) exploit last week. The vulnerability could’ve been used to access the market’s database and expose its servers’ IP addresses.

The hacker leaked a PoC showing how an attacker could access the website server’s file system on Dread, a social media platform on the darknet. Versus administrators then took the website offline and conducted a security audit to assess damage to the service, which offered a combination of hacking services, drugs, stolen payment cards, coin mixing and leaked databases.

This isn’t the first security audit of the three-year-old darknet marketplace. Versus’ operators announced at least two more security audits in the past after suspicions of hacks or critical flaws arose.

After discovering the vulnerabilities described in the PoC, the market’s administrators decided to take the website offline for good. The decision sparked confusion and worries among the market’s community members. Some of them theorized that owners were carrying out an exit scam, while others believed it was an FBI takeover, and a few of them felt the service was on the verge of becoming a liability.

After the website was shut down, a leading operator of the Versus marketplace posted a PGP-encrypted message to shed light on the situation. The message can be found in its entirety below:

"There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability.
After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential IP leak of a single server we used for less than 30 days.
We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption)
Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years.”

The staff member also promised to give Versus customers a link to perform transactions unhampered by time limits, letting them retrieve escrow balances.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cyberattack Disrupts 7-Eleven Stores in Denmark Cyberattack Disrupts 7-Eleven Stores in Denmark
Alina BÎZGĂ

August 10, 2022

1 min read
Leaky platform at Chinese adult platform exposed sensitive info of 14 million users Leaky platform at Chinese adult platform exposed sensitive info of 14 million users
Alina BÎZGĂ

August 08, 2022

1 min read
America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read