Today, Agora admins have posted one of their “blue box” warnings on the front page of their marketplace regarding the incident:
At least one established vendor was affected by the attackers, with users noticing (and Darknetmarkets.org confirming) that his entire profile page was replaced with the same malware link from the messages. Today his account seems to have been restored, although we have not yet been able to confirm that his account has been restored to its original owner. The profile includes a message about being on vacation mode from June 8th to June 15th, but it is unclear if this notice had been there before the incident. I would still be extremely cautious if dealing with this vendor, and until it is proven otherwise, I would strongly consider the possibility that his account could still be compromised.
The darknet is a fascinating, revolutionary thing that can be almost unbelievable to some first time users. Unfortunately many rush in to using hidden services before learning how to do so properly. This attack is another reminder to be smart, and focus on staying safe before rushing in. Experienced users are able to navigate the deep web in relative safety and anonymity, which is what makes it so unique and useful. However, newer or less technically inclined people have often run into trouble by not following good OpSec and general darknet security measures, which are fairly simple if you take the time to learn them. Most importantly, they will potentially save you major headaches, time, money, and even your freedom.
I have not been able to access Agora’s forums (the only other place official AGO representatives have been known to communicate publicly) today to see if they have posted any more details and/or PGP signed this message. However these blue box warnings have become their primary means of communication, and in the past we have not seen any indication that similarly posted warnings have proven to be valid and official. They occasionally post related updates on the forum, but have rarely provided much more information there.
UPDATE: The Agora forum has return online, but does not contain any further official announcements from the staff.
DarknetMarkets.org will continue to post updates if there are further developments.
Short link to this page: https://drk.li/885