Just days after a hacker hit Versus Market, one the platform’s admins has announced that it’s going to retire through an announcement that delivered the 4-word punchy title “Well… That’s All Folks!”Figure 1: A screenshot of the Versus Market announcement on Dread
The announcement partly read:
“Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years. We built a community and even became the #1 DNM when we never intended for that to be the goal. While we are not ending on the note that we would have liked, we hope that the truth about the actual scope of the vulnerability, combined with the impact we have had on the community, leaves users remembering Versus fondly for years to come. Versus Market has officially retired and we thank you for your support and being part of something that hopefully defined the future of DNM’s.”How it Got Here To place some context, Alphabay admin, DeSnake, posted this thread on the Dread forum six days ago to intimate that a hacker who goes by the name /u/threesixty had contected him about a number of security issues happening at Versus Market. Figure 2: DeSnake confirms allegations of Versus Market’s vulnerabilities.
On finding out further, DeSnake noted that the threat actor had made a post on Versus subdread that got surprisingly little attention for the details that it had claimed. Here’s what the hacker had written:“Please remove security driven from your website title. You are not security driven. Yes, I could probably just extort you or become a payoff for keeping quite about this, but no thank you. You can still pay me though. This happened in a time span of about 2 hours. Think about what LE and advanced hackers might have done in the meantime.
To name a few reasons why:A security driven market wouldn’t suffer from a vulnerability so trivial. My initial thought was that this is not a real response. I was proven otherwise. A security driven market wouldn’t let the user running the market system access /home/admin with backup files such as /home/admin/backup/versus.sql. A security driven market probably wouldn’t keep detailed server authentication logs, that give insights into your operational security such as VPN usage and timings. There was at least one IP that appeared to be a normal consumer ISP IP. If that was not some residential proxy, well. Well. Well. A security driven market also probably would run in an isolated container or network and the system running the code is not assigned a public IP address directly.
This list goes on and on.”DeSnake took the initiative to quiz the hacker further and encountered interesting information that would culminate in the latest announcement that the platform has decided to hang its boots. The AlphaBay admin also engaged another hacker and together, they were able to gain proof about the market’s vulnerability and pull out a “complete takeover”. This, according to the admin, added to the longstanding history of security problems that the market has been grappling with since its founding.
Looking back, a post had been made 1 month ago about Versus vendors having their wallets changed and coins being lost from finalized orders. Although the post acknowledged that phishing scammers, and not Versus Market, were to blame for the issue, it goes without saying that that may have some of the loose nuts that would compound Versus problems.