Law enforcement seizes dark web market after moderator leaks backend credentials
German police, together with Europol and law enforcement agencies from the US, the Netherlands, and France, have seized the servers of a dark web marketplace known as the Wall Street Market, on which users sold illegal products such as drugs, weapons, user credentials, and hacking tools, ZDNet has learned.
The site's seizure comes after a tumultuous two weeks for the Wall Street Market (WSM) and its users, during which the site's administrators have exit-scammed --ran away with over $14.2 million worth of cryptocurrency from users and vendors' accounts.
In this midst of all of this, one of the site's moderators --named Med3l1n-- began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.
It is unclear if these extortion attempts succeeded, but days later, Med3l1n published the IP address (located in the Netherlands) and login credentials for the WSM backend on Dread, a Reddit-like community for dark web users. The IP address is in the same network range of another IP address that leaked from the Wall Street Market backend two years ago.
This, effectively exposed the market's real-world server location, but also allowed anyone to access the marketplace's administrative section and gather information on all of the site's users, orders, and other details that could deanonymize WSM vendors and buyers.
While ZDNet was unable to confirm at this hour that this backend credentials leak led directly or played a major role in the site's takedown, the Wall Street Market backend started showing an error six days later, on April 30 before the website was taken down two days later, today, on May 2.
The main Wall Street Market, located at wallstyizjhkrvmj.onion, now lists the BKA seizure note, also shown on all of WSM's mirrors.
We were told that both German police and Europol are scheduled to make an official announcement tomorrow morning, with additional information about the takedown.
The Attorney General's Office in Frankfurt, the BKA division mentioned in the Wall Street Market site seizure note, did not return a request for comment.
The other big dark web marketplace --the Dream Market-- previously announced it was shutting down on April 30. At the time of writing, the Dream Market is still up and running, despite announcing it was shutting down, and does not show a seizure note.
Updated on May 3: German police and Europol formally announced the Wall Street Market's takedown, while Finnish Customs and Europol also announced the takedown of a second dark web market named Valhalla. According to Europol, German authorities arrested three suspects. Based on official data gathered from the market, Wall Street had over 1.15 million registered users, of which 5,400 were vendors of various illicit products. Finnish authorities said they seized the Valhalla's market servers and a significant amount of Bitcoin, but made no arrests.
A basic guide to diving in to the dark web
Related malware and cybercrime coverage:
- Dark web crime markets targeted by recurring DDoS attacks
- Why credit card data stealing point-of-sale malware is still such a big problem
- Windows Server hosting provider still down a week after ransomware attack
- Mysterious hacker has been selling Windows 0-days to APT groups for three years
- Recent Oracle WebLogic zero-day used to infect servers with ransomware
- Cartoon Network websites hacked to show Arabic memes and Brazilian male strippers
- How to avoid document-based malware attacks TechRepublic
- Game of Thrones has the most malware of any pirated TV show CNET