Black Bank’s Admin is MIA, and Users are Fearing the Worst.

Black Bank, which rose to become the second largest marketplace on the darknet after the Evolution exit scam, has been offline for almost ten days. Yesterday, a Reddit account that represents the market posted a message that did not instil confidence that users with Bitcoins stuck in the market have much hope of ever getting them back.

I know, you’re afraid and i’m afraid too that mdparity will never ever come back

But to answer all of your questions

My messages here aren’t usually pgp signed, but there are only 2 persons who have credentials for this profile

I can’t believe mdparity has decided to exit scam now, if he has done it i’m astonished, but i believe he hasn’t done it, some might have happened to him, since he’s not answering my messages

I will give him until the first day of june before declaring BlackBank dead, so let’s wait toghether

MrDoe

The darknet community seems to be divided over whether this is an exit scam, some sort of hacking incident, law enforcement infiltration, or something else all together. The one thing most seem to agree on is that there is very little chance that users will get their money back.

The following was posted to r/darknetmarkets:

The exit scam is pretty self-explnatory and is a real possibility. However, I would like to explain why I think the mdparity may have been compromised.

Those of you who have been around awhile can skip or skim this paragraph because they are probably familiar with this episode. When BB first opened, there was a troll/script kiddie [whyusheep] (very similar to hacks4crack) who was wreaking havoc on darknet markets trying to show off his l337 skills. Coincidentally, two of the markets he may have “hacked” were seized by LE or were robbed1. Anyway, he discovered and irresponsibly disclosed a misconfiguration on BB’s server (more information on that in the paragraph after the next one). This started a battle between mdparity and whyusheep. Whyusheep was trolling mdparity pretty hard and had a “mental” break down. I don’t remember exactly what was said or if he exposed anything, but this does call into question his judgment.

Indeed, I remember whyusheep posting hints about finding linkedin (maybe other social media too) profiles related to mdparity. Mdparity said they were red herrings. In my opinion I think mdparity was honest because the profiles and tracks were a little too obvious.

Now back to that misconfiguration whyusheep exposed. I don’t think many people recognized this as a serious issue, but it was. For those who don’t remember, whyusheep found a way to list the server’s directories content them ( this is what I mean ) In addition, the scripts were world readable. This may seem trivial to non-technical people, but I’m sure the tech savvy people realize the problem this posses. This allowed anyone to download the scripts themselves, which can be examined for vulnerabilities [easier to find vulnerabilities with the source], sensitive information leak, and coding style. Remember, Ross’s SR code had an hardcoded IP, which lead to a VPN and was eventually used to identify him

It’s also highly possible that BB had other misconfigurations based on the one exposed by whyusheep. An experienced webadmin would have disabled directory listing which suggests mdparity had little experience as a web server admin. This does not bode well for mpdarity or BB because there are a ton of ways of misconfiguring a web server and some of these misconfigurations could have leaked more specific details.

1 I don’t believe whyusheep reported anyone to LE or steal from SR2. I think that hackers or LE were monitoring this sub and saw the vulnerabilities who exposed and then abused them. He exposed a very bad XSS vulnerability for Utopia. It was found in message titles so no interaction was necessary to carry out the attack.

—-begin theory——

This could have been abused by LE to obtain the admins session cookie then upload and execute some malicious script to get shell and ping home; I doubt the admins configured their stack correctly and disabled IMCP all together.

——–end theory——————-

For SR2, I believe he dosed them. He also exposed the fact that the script (and possibly the DB) was using floats to represent balances. A float lacks the precision to handle bitcoins.

—–begin theory—–

A hacker saw this noob mistake and decided to pentest and possibly found a race condition another good nontechnical explanation exploited it to empty SR2’s wallet.

DarknetMarkets.org is following this situation and will provide updates as new information becomes available.



Short link to this page: drk.li/