admin

About admin

Posts by :

Best wallets for Monero and Bitcoin

admin bitcoin, monero 0 Comments January 25, 2023

In Privacy We Trust: a Concise Handbook of Crypto Wallets to Choose

Cryptocurrency is the new black. Yet, despite its extensively growing popularity, many neophytes still consider dealing with it as hard as rocket science. Furthermore, plenty of users do it involuntarily because darknet market payments are ‘crypto-only’ due to security reasons. Whichever reason brought you here, you’ll, probably, appreciate some advice on how to handle your transactions from fellow crypto enthusiasts.

Rule #1. Refrain from Web Wallets & Exchanges

Do you really need a crypto wallet? No, actually, you don’t. You can turn to familiar web wallets and exchange platforms like Coinbase or Binance. However, following the herd isn’t always the best strategy – they might be headed to slaughter.

So, the bottom line is that even the most reputable of these services can get you in trouble. But how?

Storing your funds there isn’t the same as keeping money in your bank account. In case something goes wrong, you will be left empty-handed. After all, it is a new financial field, and, to a large extent, it is still unregulated. Hence, you never know if you’re getting into a Ponzi scheme or other scam.
KYC (Know Your Customer) policy also makes them inherently lacking in privacy. As a client, you will be obliged to submit a substantial amount of personal data. Plus, they can monitor your activity. As a result, if they spot potentially questionable transactions, they can freeze your account or even report you to the authorities. When you’re preoccupied with darknet market activity, this is not the risk you can afford to take.

Rule #2. Shoot for the Stars

If you’re engaged in illicit affairs (and if you’re a part of the dark web community, you probably are), you should protect your privacy at all costs. Moreover, why settle for something mediocre when you can have it all at once? Make a list of the wallet’s parameters that you consider vital, and see which option checks the boxes.

Of course, you have your individual preferences, but, generally, you have to answer these questions:

Can I use it? Essentially, this means that it should accept the cryptocurrency you need and allow you to do what you want with it (buy, sell, transfer, store, etc.).
Should I trust it? In other words, check if its functionality is enough to secure your funds and protect your anonymity.
Is it compatible with my devices? Not all wallets can be used on multiple platforms. Plus, you might also want to verify if it has a mobile version.
Is it reputable? Check websites like Dread, Reddit, and Trustpilot to see what others think about your choice. Of course, there will be complaints and bad reviews. This is the Internet, after all. Still, try to single out the feedback that seems real and reasonable.

Rule #3. Do Your Research

Naturally, you can’t answer all these questions without spending time on quick research. Thus, try to find as much information as possible, organize it, analyze it, and then make a carefully calculated decision. Here are some of the alternatives you might consider.

Electrum Wallet

Provided that Bitcoin (BTC) is the only cryptocurrency you plan to use, Electrum is your way to go.

Its functionality is top-notch. Besides traditional capabilities, such as send and receive, it offers many integrations and add-ons, including multisignature transactions and hardware wallets (Ledger, Trezor, Keepkey, etc.).
It treats security and anonymity with the gravity they deserve. It supports cold storage and keeps your private keys encrypted (by the way, you can export them). In addition, with the combined forces of Electrum and Trustedcoin, you can enable 2-factor authentication (2FA). Its software is free, decentralized, and published under the MIT license.
It values your time. They use redundant servers that index the blockchain. Therefore, your wallet is always accessible, and your transfers are as swift as possible. All your transactions are examined via the Simplified Payment Verification (SPV).
You can use it anywhere. It has an interface for everything: mobile, desktop, or even command line. Plus, you can install it on Windows, Linux, Android, and macOS.

Monero GUI Wallet

Indeed, Bitcoin is the most recognizable cryptocurrency. However, if you seek a payment option with enhanced privacy capabilities, you should go with Monero (XMR). To carry out your transactions, you can turn to an open-source graphical user interface (GUI) wallet developed by the community of Monero enthusiasts.

It is decentralized. It takes care of your security and anonymity. Also, it is compatible with hardware wallets (Trezor & Ledger). Still, its main advantage is that it presents the users with a wide selection of versions designed for different customer needs and provides a variety of resources to educate themselves on the topic. You can download:

Graphical user interface (GUI) wallet. You can opt for a simple or an advanced mode, depending on your intentions and level of expertise. If you are a business owner, check out its Merchant page.
Command line interface (CLI) wallet. This one will satisfy the sophisticated demands of advanced users, developers, or intermediates.

Unfortunately, there is no mobile version of the interface. Yet, you can use local (Cake Wallet, Feather, and Monerujo) or remote synchronization (MyMonero & Edge) for mobile & lightweight access.

Fair Warning

Monero as a currency is not suitable for multisignature transactions. Hence, don’t waste your time trying to find a Multisig option.

Trust Wallet

In case you search for a wider spectrum of accepted cryptocurrencies, you should take a look at Trust Wallet. With its extensive functionality and integrations, you can buy, earn, send, receive, or exchange 14 cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Binance Coin (BNB), Litecoin (LTC), Ripple (XRP), and Dogecoin (DOGE).

If you thought that advanced privacy and security always call for a sophisticated interface, you have to experience this wallet’s ease of use:

Decentralization is its modus operandi. It doesn’t collect or store any of your data. Plus, it combines built-in private key encryption with password protection.
You can handle your finances anywhere, anytime because it offers the users the access to mobile app (iOS & Android versions), decentralized application (DApp) browser, and browser extension (Google Chrome, Brave, Opera, and Edge).

Exodus Wallet

Exodus is one of the champions when it comes to the number of accepted cryptocurrencies: it enables you to manage more than 260 cryptos, such as Bitcoin (BTC), Monero (XMR), Ethereum (ETH), Tether (USDT), Litecoin (LTC), XRP (XRP), Solana (SOL), EOS (EOS), Dogecoin (DOGE), and Shiba Inu (SHIB).

This wallet is also helpful if you’re looking for a tool that empowers you to administer your funds in a simple and easily accessible way:

You can use your credit/debit card, bank account, or Apple Pay to obtain cryptocurrency (USD, EUR, and GBP only), and this is incredibly cool.
You can select the version that suits your needs best: desktop, mobile, or multichain browser extension.
It also offers many integrations with other apps and Trezor Hardware Wallet.

As for privacy concerns, you don’t even have to leave any trace of your real-life persona.

Cake Wallet

Let’s be honest, cake is always hard to resist (word pun intended). This particular Cake is a nice treat for those who are on a quest for something simple, open-sourced, and mobile. Yes, a desktop version isn’t available (at least, not yet). But the App Store and Google Play can provide you with the mobile one.

Its functionality is unsophisticated, yet efficient:

It equips you with instruments to send, receive, exchange, and store Bitcoin (BTC), Monero (XMR), Litecoin (LTC), and Haven (XHV) cryptocurrencies.
In addition, it is designed to accommodate the needs of an individual user. For instance, it enables you to create several accounts and wallets. You can also back up your wallet locally or to the cloud. Plus, you can select the remote nods you wish to connect to.

It also incorporates a unique Cake Pay feature that allows you to acquire gift cards from a variety of merchants.

Feather Wallet

Do you strive to make your Monero (XMR) experience even more anonymous? Then you should give Feather a shot. It is a free and open-source solution for not only Windows, Linux, and macOS but also for Tails, an operating system known for its enhanced privacy properties that you can use to separate your darknet business from casual browsing.

It is also perfectly compatible with virtual machines and live operating systems. Ledger and Trezor hardware wallets are supported.

Its interface is developed to be fast, simple, and user-friendly. Yet, its set of functions will leave both beginners and experts happy.

Atomic Wallet

Atomic Wallet is the best solution for those who seek to juggle multiple cryptocurrencies. It accepts Bitcoin (BTC), Ethereum (ETH), XRP, Litecoin (LTC), Stellar Lumens (XLM), and more than 300 other coins or tokens.

Here you can freely control your assets without fear of retribution or privacy violation: Decentralization as the basic principle together with encrypted private keys and no need for an account makes it a safe space for darknet market regulars.

It also provides certain services that will bring joy to any casual user:

ability to purchase cryptocurrency with your credit/debit card (yes, your local currency is accepted too);
24/7 customer support;
cross-platform compatibility (Linux, macOS, Windows, Android, and App Store);
cashback for exchange.

News

Tornado Cash Busted

admin crypto, mixer 0 Comments September 10, 2022

Tornado Cash Was Sanctioned: Why? Short story short:

Tornado Cash, a cryptocurrency mixer, has been sanctioned. The US government has sanctioned Tornado Cash, specifically on August 8 for money laundering. No US citizen or firm formally registered in the nation can now connect in any manner with the sanctioned organization. The group’s assets will be confiscated, and the organization itself will be dissolved. Furthermore, the Tornado Cash-based open-source code for smart contracts that operate on the Ethereum blockchain has been pulled. This situation might end up being quite awful for all of us.

Tornado Cash, a cryptocurrency mixer, has been sanctioned. The US government has sanctioned Tornado Cash, specifically on August 8 for money laundering. No US citizen or firm formally registered in the nation can now connect in any manner with the sanctioned organization. The group’s assets will be confiscated, and the organization itself will be dissolved. Furthermore, the Tornado Cash-based open source code for smart contracts that operate on the Ethereum blockchain has been pulled. This situation might be quite awful for all of us.

Mixing Cryptocurrencies

A well-known service called Tornado Cash has been used to mix cryptocurrencies. All cryptocurrency wallet owners’ privacy was protected thanks to this procedure. There are ways to follow transactions and link individuals with their assets, despite the fact that transactions on bitcoin blockchains are pseudonymous and participants can only be recognized by their public keys. Initially, everyone was drawn to Bitcoin because of its anonymity, but it later became clear that it was completely unanonymous. One method for entirely anonymous system transactions is to use cryptocurrency mixers.

Mixers (also known as tumblers) take many deposits and then blend them into one huge sum over a random time period. After a period, portions of this sum become accessible. Because this is the mixer’s sole source of revenue, he receives the proportion of deposits (typically one to three percent). Because money deposits and withdrawals are not coordinated in time, consumers may lose the link between a portion of the bitcoin and their assets. To further conceal any ties, privacy-conscious individuals are allegedly modifying their withdrawal practices by utilizing sums other than deposit amounts.

Mixers are also useful when you need to make an anonymous donation in a country where it is unpopular. For example, donating money to help Ukraine – if you do it through a mixer, it is unlikely that anyone will know about it. However, sometimes such anonymity is required for really objective reasons—for criminal and fraudulent actions. And then the mixer is a kind of way to launder money. However, keep in mind that such a tool can be used for both good and evil. As a result, it is the people who abuse the tools who must be sanctioned, not the tools themselves.

One of the reasons thieves use mixers is their anonymity. The reality is that because of current anti-money laundering measures, any kind of anonymity or pseudonymity is typically forbidden. For instance, when converting bitcoin into fiat money, a person must do so through a financial institution that abides by the “know your customer” standards and regulations (KYC). A financial institution is required to get identifying information from its clients in order to link this location to a specific individual. At the same time, anonymity does not exist. Because of this, one of the key motives for a criminal wanting to mix his stolen money before the withdrawal is that it is absent. There are nonetheless good reasons for this.

Let’s think. We usually don’t show our bank balances and bank card purchase history to anyone. All transactions are based on a specific address or key and a person. All this information is stored in the blockchain. Therefore, the data in the organization monitoring KYC can “output” all its customers, their assets, and their transactions. You don’t have to be a criminal to want to avoid this kind of disclosure.

Many will ask, what is the legal status of the ten units of the cryptocurrency obtained legally, which are mixed with one unit, say, from some criminal source? We deposit our money in banks that also accept some deposits from questionable sources. But the whole difference is that the presence of “bad” money usually does not spoil the withdrawal of funds from them. It is quite possible that the goal is to make these mixers work according to the KYC principle. However, the whole point of Tornado Cash transactions means that there is no trustee to do this.

Tornado Cash’s smart contracts are designed in such a way that participants and smart contract code share custodial obligations to some extent. Contracts are programs that run on the blockchain to ensure (assuming no faults) that all parties complete the tasks that are asked of them. The code required for work was formerly available on the Tornado Cash GitHub repository, however, the repository was simply removed from public access on August 8 owing to fines.

In addition, these smart contracts are still hovering around the Ethereum blockchain, and nothing but concern that they are tainted by association with Tornado Cash arises. However, this does not prevent people from using them. This is a way to troll the authorities: you can simply send small amounts from banned Tornado Cash addresses to famous people. The fact is that such transactions cannot be rejected by the recipient. And this means a violation of sanctions if you look from a technical point of view.

What Is The Reaction To The Sanctions?

Given that the code was protected by freedom of speech, at least in the United States, its removal from GitHub seems to be a clear violation of the constitution. Cryptographer Matthew Green emphasized this. Moreover, the expert also pointed out the irony of removing code from a distributed, decentralized version control system such as Git. It is suspected that thousands of copies of the Git repository are available in different places and that any attempt to remove the code from free access will cause it to spread even more.

The Electronic Frontier Foundation is likewise worried about this action, noting that the list of sanctioned organizations includes an open source initiative. It is important to note that there are no people on this list, which is just a long list of bitcoin addresses.

However, the service did not stop at merely destroying the mixer repository. Furthermore, the service revoked the validity of all accounts associated with the project’s creators and participants. One of the founders, by the way, was arrested in the Netherlands. It occurred on August 12. Other organizations, including cryptocurrency corporations, have also distanced themselves from Tornado Cash, freezing mixer-related assets. Meanwhile, anyone who is subject to US law and whose cryptocurrency is included in Tornado Cash contracts will be unable to use it legally. Due to the nature of smart contracts and the US government’s persistence, anybody in this situation should definitely intend to just walk away from these assets. And it doesn’t matter whether they are obtained through fraud or not.

But let’s not blame GitHub. Perhaps the service had no alternative solution other than to delete the Tornado Cash repository, although the uselessness of this is quite obvious. The code is actually just collateral damage. But it would be strange to find out that repositories with the full history of the project, although with different hash values, already exist elsewhere on GitHub itself. Creating a mirror repository from scratch, which is only one byte different from the original, will create a completely new Git “blockchain”. Avoiding checks of identical object hashes is also trivial.

But the only thing we really can’t figure out is account blocking. As we said above, no one is on the sanctions list, so there is no reason to deactivate accounts. GitHub didn’t even think about the fact that they could have other projects on the service. However, it doesn’t matter now – they are no longer available anyway. Of course, this can have a ripple effect throughout our community. Those people who use GitHub for their projects may want to think carefully about what the company can do with its repositories-without any real evidence and without any accusations-in the future. But such actions affect the reputation of GitHub, and then the developers will think next time whether it is worth using this service.

A news statement from the United States, as usual, exaggerates the mixer’s deeds. Yes, there have been some high-profile cryptocurrency thefts, including one in North Korea in which all earnings were laundered using Tornado Cash. According to the statement, a cryptocurrency worth around seven billion dollars was laundered in this manner, however, this number appears to blend any legitimate usage with criminals since it is often used for the entire value of all service transactions.

No one doubts that fraudsters should be punished to the fullest extent of the law and convicted. But it’s very easy to downplay the collateral damage from this kind of action by trying to portray it as mainly affecting criminals. In a word, this shows Torando Cash as a terrible tool that does not carry good goals. All of this is part of the same scenario that attacks strong encryption and tools like Tor because they can also be used by terrorists, child sex offenders, and other bad people. But let’s think logically — the tools are not to blame; it is the people who use them who are to blame. And if Torando Cash is used for money laundering, it does not mean that it is the only functionality. It was created primarily to perform harmless transactions, and the fact that it was used illegally is the fault of criminals.

As you are aware, we do not pay much attention to the machinations of the cryptocurrency world – all of this, in general, is way above our capabilities. There are several stories and examples of fraud related to this region. However, it is impossible to link the blockage of Torando Cash with them because it already involves fundamental freedoms and human rights. Governments take things away without due process of law, as with the much-maligned asset forfeiture program, and compel people affected to justify how they have been wronged—often at significant expense.

Such situations can also serve as a litmus test for the code’s “freedoms” and “rights.” The Tornado Cash code still remains; it operates on indestructible infrastructure and may be utilized for both good and evil. What will people do to prevent horrible things from happening? We believe HAL 9000 will be keeping a close eye on this.

News

DeepDotWeb Admin Will Spend 97 Months in Prison for Money Laundering

admin 0 Comments February 25, 2022

Quick facts (long story short):

Deepdotweb was founded in October 2013 by Tal Prihar and Michael Phan
Operators were managed to earn $8.4 million by kickbacks.
DeepDotWeb was seized on May 7, 2019

The DeepDotWeb.com admin will spend 97 months in prison, a federal judge states. The name of this criminal is Tal Prihar, he is 37 years old. Donetta W. Ambrose, a United States District Court Judge, sent him to federal prison for laundering approximately $8.5 million in crypto. Read this article till the end to get to know the details!

The Essence of the Crime

In March 2021, Prihar pleaded guilty to money laundering. He revealed that in 2013, he launched the DeepDotWeb.com website to share the news of the dark web. The legal papers that feature this confession are now sealed. Between mid-Autumn 2013 and mid-Spring 2019, DeepDotWeb (DDW) used to be the largest site with the general information and the latest news from the darknet. It didn’t limit itself to publishing news about dark web markets. It also shared working links that people could click to access darknet marketplaces.

According to the Department of Justice, Prihar was sentenced to prison “for operating DeepDotWeb.” The attorney of the DDW owner emphasized the following fact in a sentencing memorandum: the operation of the site was not entirely criminal. Prihar violated the law when he began to create referral links to marketplaces to launder crypto. This is how his scheme worked:

Prihar added customized referral links to his site
Users who clicked these links found themselves on certain marketplaces
When they spent money on those marketplaces, people behind the marketplaces shared a part of their profits with Prihar

The DoJ had to invest a lot of time and effort into explaining the importance of these referral links to people who understand little in darkweb.

The Main Information from the Sentencing Memorandum

Prihar’s attorney tried to summarize the criminal element succinctly in the sentencing memorandum. Prihar didn’t owe a dark web marketplace. He only shared links to third-party darknet sites that he mentioned in his pieces of news. He never forced anyone to click these links. He didn’t track the subsequent behavior of any user. He never knew which link a certain person clicked, what they ordered at a marketplace and how much money they spent there. But he knew that potentially, some DDW visitors could purchase illicit products on the marketplaces that DeepDotWeb mentioned. That was the only reason why Prihar pleaded guilty.

When launching DeepDotWeb, Prihar had no intentions of making money on marketplaces. His original plan was to create a reliable source of information for dark web users. The “kickback” scheme was introduced much later. Today, when people read about DDW, they might forget these details. They might think that Prihar used pieces of news as a pretext for generating profit on referral links. The attorney accentuated that the representatives of the justice system shouldn’t misinterpret Prihar’s intentions to pass a fair and accurate sentence for him.

How Much Money Did Prihar Earn?

The “kickback” scheme that was described above turned out to be incredibly profitable. It enabled DDW to earn over $15 million in crypto. However, Prihar didn’t put all this sum in his pocket. He acted together with Michael Phan, 34, born in Israel. The duo split the earnings so that each conspirator received around $8 million.

DDW could boast a huge audience. Nearly any popular dark web marketplace of the previous decade had affiliate links on this site. When Hansa and Alphabay servers were seized by investigators, these links were scrutinized. They revealed detailed information about all the transactions that took place in terms of the scheme. The numbers were impressive: Prihar made income on more or less 50% of transactions on Hansa Market. Accounts registered by users who relied on DDW referral links were responsible for 47% of all orders completed on Hansa and 23% on AlphaBay.

After being proven guilty, Prihar had to forfeit the following assets:

The Deepdotweb.com domain
Around 8,155 BTC
Bank accounts
A Binance account
A Kraken account
An iPhone

Phan will most likely have to forfeit his earnings too in the nearest future.

How Prihar Was Arrested

Slightly over a year prior to his arrest, Prihar relocated to Brasil together with his family. He realized the US government might have wanted to seize his activities. Prihar used to frequently fly to Israel from Brasil and back. He kept on doing so even after the feds executed arrest warrants and raided properties associated with him and his co-conspirator. On April 24, 2019, Phan and Prihar were charged via indictment. On May 6, the latter was arrested in France. He had a layover at the Charles de Gaulle Airport in France. A seizure banner came up on DeepDotWeb.com the same day. It looked like one of the banners that warn darknet users about marketplace seizures. In a while, Prihar convinced the French authorities to extradite him to the United States.

Some people might think that 97 months is not a long sentence — and when the DDW owner goes out of prison, he’ll be enjoying a premium lifestyle. In fact, he had to spend nearly all his savings on lawyers. He made a profit not only on referral links. His other sources of income were 100% legit: BTC exchanges and gambling sites as well as anonymous VPN software. All the funds that Prihar earned through these channels went straight to the bank. And he honestly paid taxes.

Before entering a guilty plea, Prihar gave an interview. He blamed the French police for antisemitism. One of the officers who arrested the DDW owner said “We caught another Jew who took the money”. Various supporters signed letters calling for Prihar’s release. One of these supporters was Rabbi Shlomo Goldfarb, a highly respectable person.

What About Michael Phan?

Even though Phan and Prihar were making money together, the former has not been sent to prison yet. The latter pleaded guilty in March 2021. On May 6, 2019, the Tel Aviv Police arrested two people in connection with this case. One half of this duo was Phan. He was charged with conducting illegal activities together with Prihar (while the second arrested person was not). Phan is still “fighting extradition” in Israel.

What Does the FBI Think About the Case?

The official opinion of the FBI might sound a bit extravagant to some people. For instance, the officials state that sites like DeepDotWeb allegedly pose global threats. They promise to arrest the operators of such websites in the nearest future.

Robert Jones, FBI Special Agent in Charge, believes that the fight requires global partnerships. Federal and international law enforcement should join forces to stop these crimes. DDW served as a gateway to the dark web where people from all over the world exchange and purchase illicit substances and other illegal items. Users who organized this type of business managed to make a huge profit on their nefarious transactions. Now, the operators of darknet sites should wait for the moment when the FBI knocks at their doors.

Darknet Markets/ News

Monopoly Market and Cartel Market Disappeared

admin 0 Comments January 30, 2022

The Curious Case of Cartel & Monopoly

Due to their illicit nature and necessity to constantly exist in the gray area of e-commerce, the fate of darknet markets is highly volatile and unpredictable. The dark web community’s strong suit is its ability to regroup and promptly replace the fallen marketplaces with other platforms.

However, it looks like something’s been testing its resilience heavily for the past few months. The year 2021 did take its toll on darknet trading. Plenty of markets ceased their existence.

Darknet Markets Against the Sea of Troubles

Some did it gracefully by announcing their retirement in advance and allowing the users to withdraw their money, like White House Market, ToRReZ, and Cannazon. Now, that is an example of working ethics. This certainly proves that there is a place for dignity and respect even when your main source of income is providing a place for a multitude of dealers to sell illegal stuff.

Still, it wouldn’t be a truly captivating darknet story if it didn’t involve mysterious disappearances and exit-scam alerts on Christmas Eve. The premise of the plot is that at the end of December, the admins of both Monopoly and Cartel markets reported technical issues and then completely dropped off the radar.

Naturally, it sparked a vast number of speculations, rumors, and amateur investigations. Surely, some “detectives” resemble inspector Lestrade more than they do Sherlock Holmes, but the dark web community is known as the sanctuary for those who value freedom of speech for a reason. So, let’s see what the Internet has to say, and, hopefully, get a better understanding of the situation.

Fair Warning

The discussions, mentioned in this article, took place on Dread forum, which is a renowned darknet equivalent of clearnet’s Reddit. Hence, if you want to browse the post and comments for more information, you have to make sure that you know how to stay safe and protect your privacy. Don’t forget to open links via Tor browser with switched off JavaScript and turned on VPN, or adjust your DNS settings & configuration to achieve maximum security.

Monopoly Market is Gone With the Wind

If you’re reading this, you’re probably well aware of what a Monopoly Market is. Yet, let’s do a quick recap of the platform’s history and main features:

It was launched in November 2019 and sold only drugs.
It implemented an “invitation only” policy for vendors.
Due to a strict selection process, it managed to recruit less than 200 vendors by the time it stopped functioning.
It was wallet-free (no built-in wallet required to transfer a payment), userless (no need to create an account), and only accepted Monero (XMR) as a payment currency.
As many contemporary marketplaces do, it intended to find inspiration in users’ feedback and implement the most interesting ideas on the website.

This logo is not official, but it might suit Monopoly better now.

It all sounded promising until one day the platform became inaccessible. After studying what the /u/MonopolyOfficial account had to say about the situation and reviewing the comments on Dread’s /d/monopoly subdread, it’s possible to assume with a fair amount of certainty that everything went wrong on December 28, 2021.

If you attempt to visit Monopoly, you’ll see the "X'F0' Onion Service Descriptor Can Not be Found." error code. Plus, one of the users added that the site showed a 500 error before it went offline on December 28.

This is the ultimate indicator that the website is gone.

The market’s administrator kept responding to the comments from rightfully concerned users, reassuring them that these access issues are just temporary. Of course, the reactions varied significantly.

Some users and vendors expressed their support and appreciation for the admin’s acknowledgment of the existing problem. Others were skeptical. Obviously, there were comments from users with freshly created accounts, trying to spread panic and suspicion with their “insider information”.

The variety of opinions here is astonishing.

But the things continued to get worse. First, one of the users asked /u/MonopolyOfficial when they plan to recover from their malfunctioning, and the admin refused to provide an ETA. Shortly after, the official account simply stopped answering. For now, it remains unreachable and displays no signs of coming back soon.

If you want to feel the atmosphere, just take a look at this.

Essentially, Dread forum users went insane. You might expect 2022 to be the time to outsmart stereotypes, not to use them as the basis to draw conclusions from. Yet, a whole plethora of people decided to blame the origin and background, claiming the site was German, British, etc. Whether it was an attempt to initiate a feud or demonstrate their “extensive knowledge” of the subject, it wasn’t as fruitful, as the authors expected.

Perhaps, it would be more informative to discuss why those people chose to register on December 28, 2021.

Some comments on the posts contained reasonable assumptions and arguments, some were complete nonsense. Unsurprisingly, conspiracy theories had to be brought to the table at some point.

Maybe that’s how hacking-themed and superhero movies producers get their ideas about coding.

An uncountable number of speculations, allegations, and accusations were expressed during multiple discussions, dedicated to this topic. Eventually, ShakyBeats, a reputed Dread moderator, was forced to close the Monopoly’s subdread to prevent panic and fake info from spreading. As the closure was announced, ShakyBeats stated:

scam? busted? Overdosed? We may never know what happened to /u/MonopolyOfficial

Frankly, this statement is hard to disagree with.

There are several major reasons why darknet markets go offline:

exit-scam;
DDoS or other cyberattack;
law enforcement operation.

Although the number of possible motivations behind admin’s behavior is going through the roof (even falling victim to coronavirus has been mentioned), arrest and exit-scam are the most popular explanations among Dread users. There is also a theory that the admin decided to quit out of rage and frustration, but it’s really hard to prove or dismiss this because no one can read other people’s minds.

Jail is one of the most frequently mentioned whereabouts of Monopoly’s admin. Of course, it’s impossible to determine the admin’s current location with 100% certainty, but these presumptions gave rise to disputes about whether the amount of escrow money was even worth being prosecuted or exit-scamming.

After all, Monopoly was a wallet-free and userless market. Thus, was it even viable to perform an exit scam? Turns out, indeed it was. The user named /u/lolwhatsecurity elaborated on this topic quite profoundly.

Not all vendors had FE privileges.

It was walletless sort of how WHM was walletless. You pay the amount required when placing an order but it could be in escrow for up to 30 days. The difference was if there was a refund or the order wasn’t accepted the coins would go back into the wallet you specified when placing the order and not a wallet controlled by the market. An exit scam would be possible. However, the admin always spoke as if a direct deal was the goal for all vendors and it wasn’t a big market. It had around 180 vendors.

On top of that vendors had a fairly low number of orders that could be open at any one time. A new, non-FE vendor could have 50 (I think) orders open.

Lastly, they’d closed applications for new vendors a couple of months ago. It wasn’t an ideal setup for an exit scam.

So, let’s try to sum up the arguments in favor and against exit scam:

In favor	Against
Only a small number of vendors on the market are entitled to Finalize Early (FE) status.	Due to the cautious selection policy, the number approximately had 180.
When you transfer the payment, it doesn’t go directly to the seller, it can stay in Escrow for 30 days and goes back to your wallet only in case of a refund.	Vendors, who weren’t eligible for FE status, couldn’t have more than 50 orders at a time.
Hence, the market still controls the escrow funds.	The call for applications to become a vendor closed just a few months ago. Plus, it was about time to receive a commission from FE-sellers, but, according to one of the vendors on Dread, the admin disappeared before the due date.

There is so little factual information on the current events, that it’s absolutely impossible to claim anything with certainty, besides the fact that Monopoly doesn’t intend to come back soon. Yet, some people, like this user, might refuse to accept even the most inarguable evidence:

HE AINT EXIT HE JUST CLOSE DOWN WITHOUT TELLIN NOBODY
– /u/donkeysquadreborn

But if you admit that looks like a duck, swims like a duck, and quacks like a duck, then it’s probably not a chicken, right? That’s why it seems reasonable to agree with Dread’s opinion on the situation, expressed by its administrator, Paris, who wrote that the perspectives of this situation’s unfolding don’t look reassuring.

Cartel Market Followed into Monopoly’s Footsteps

Cartel Market’s tale has pretty much the same refrain as Monopoly’s story. For those, who don’t know what Cartel Market is, let’s describe it briefly:

It was established in June 2020.
Its product range was very diverse (they even had “self-defense” sections).
They accepted both Monero and Bitcoin.
They supported Escrow with Multisig and provided the FE option.
One of their goals was to make the platform more like a surface web e-commerce store in terms of advertising and promotion capabilities.

Cartel Market’s advertisement.

Let’s start with recreating the chain of events that took place as the situation with Cartel Market became more suspicious:

1. December 23, 2021. The market’s representative Ryuu posted a message that the website is currently under a severe DDoS attack. However, the information about this alleged incident referred to December 24, 2021. So, the beginning of this downfall is unclear. Since that moment, the Cartel’s administration has not resurfaced online and access to the marketplace became limited.

2. December 27, 2021. Ryuu promised that the site would be back by this time, but, of course, the expectations didn’t match the reality. Between December 23 and December 27 users frequently mentioned encountering a 502 error, but since December 27 it became a SOCKS5 error, repeating the Monopoly pattern.

3. December 29. 2021. Ryuu issued the last update on the situation, and it’s been radio silence ever since.

So everyone knows that we got hit by DDOS on past Friday, /u/6ix said that only on Monday things will probably be back to normal, and that was the last time we spoke, he is offline for 6 days now. I don’t have access to the backend and I don’t know if something happened with him. But I really believe that some serious shit is going on with him, I hope it’s not the case. I talked with dread staff and we are going to wait a couple more days because of the holidays to see if something change.

Cartel subdread was also closed due to the overwhelming number of speculations. Naturally, it’s hard to believe that since June 2020 the market’s administration managed to collect a fortune to compensate for the hustle of exit scam. Still, it’s a very plausible assumption, considering the surrounding circumstances.

Paris, Dread administrator, was asked if the market should be expected back, and the response was that it would be a very unlikely scenario. ShakyBeats, Dread moderator, also wasn’t optimistic in the comment about closing the subdread, warning people to stay cautious.

Conclusion

Overall, the darknet community might be used to marketplaces come and go, but with the growing number of sudden retirements and mysterious disappearances, it becomes evident that the “stranger things” no longer happen only on a Netflix show. Onion services started to act weird, which leads to more suspicion if we take all the circumstances into account.

It might be a regular case of an exit scam or a law enforcement operation. It might even be an alien abduction, we cannot know for sure. Anyway, for the Monopoly and Cartel users, it’s clearly time to move on.

News

In 2022, v2 domains in the Tor network are supposed to become extinct

admin 0 Comments December 4, 2021

v2 domains in the Tor network are becoming obsolete. The number of v3 domains is growing steadily and users appreciate their enhanced security.

In the last two years, the anonymity standards of the Tor network have changed dramatically. The goal of the updates was to improve the looks and functionality of .onion domains.

The Updates Calendar

Years ago, the Tor team announced that they were planning to enhance the network’s privacy, security and the potential to withstand deanonymization attacks. When they began the works, it took them around 14 months to finalize the process:

September 2020 – v0.4.4 of the Tor anonymity software saw light. It informed server operators of the fact that v2 addresses would become obsolete.
July 2020 – Tor v0.4.6 was released. New v2 onion domains could not be registered anymore.
October 2021 – Stable versions were released for all Tor branches. None of them supported v2 sites.
November 2021 – Tor Browser 11 was released. It failed to support v2 domains.

v2 addresses offered 16-character-long .onion domains. Their v3 counterparts feature 56-character-long domains. And that’s the main essence of the updates.

How Many v2 Sites Remain Accessible?

Tor’s team announced their plans well in advance, so both website owners and users had enough time to prepare. However, the network still largely relies on v2 addresses.

DarkOwl, a darknet monitoring organization, has shared the following insightful figures:

In total, there were approximately 104,100 active .onion services
38% of them belonged to the v3 segment
62% remain in the v2 category

These statistics were obtained through the DarkOwl’s Vision platform.

In July 2021, DarkOwl reported a dramatic increase in the number of new v3 domains. In the last 14 days of that month, almost 3,000 v3 domains appeared in the network. The most obvious reason for that trend was the fullscreen warning, created in preparation for the Tor browser’s v11 update in the fall. Anyone who tried to access a v2 domain would see it.

Since then, the number of v3 addresses in the network keeps growing and the number of their v2 counterparts keeps decreasing.

The Current Situation

Now, website owners can’t register new v2 domains. Users fail to visit v2 domains through the newest version of the Tor browser. But those who keep an older version of the browser should still be able to load a v2 domain.

At the moment of this text being written, v3 sites account for less than one-half of all the domains of the Tor network. But in 2022, v2 domains are expected to become extinct. In a few months, most Tor node operators will be required to update their servers to versions that fail to support v2 domains.

Darknet Markets/ News

dark.fail hacked [UPDATED]

admin 1 Comment November 16, 2021

UPDATE. Is dark.fail down? No, but after the hack and seizing dark.fail domain – dark.fail moved to DARK.PE

Hackers seized control of a dark web market directory to steal Bitcoin from customers who attempted to buy drugs as usual. The attackers used a rather common phishing technique and managed to succeed thanks to an exceptionally high level of professionalism. The Vice online magazine was the first to report this news.

The name of that ill-fated web resource is dark.fail. For four whole days, hackers were using the opportunity to steal crypto and confidential information of people who visited any of the markets linked by the directory.

What Exactly Happened?

On April 28, someone acquired dark.fail. This person never revealed their name. To transfer the site’s ownership to a new administrator, the perpetrators relied on fake court orders.

Dark.fail is managed by privacy-centric Njalla, co-founded by Pirate Bay’s Peter Sunde in 2017. This service acts as middleware for individuals who would like to purchase domains anonymously. It bought dark.fail from Tucows, via Tucows’ Hover.

Sunde took to Twitter to explain how the story unfolded. The district court of Cologne, Germany allegedly sent an order to Tucows to demand ownership of three domains. One of them was registered through Hover and the others with Njalla.

Hover promptly transferred dark.fail to the hacker’s Namecheap registration. Sunde emphasized that the forged order also featured a gag order, which means the registrant didn’t know what was going on.

This story might sound a bit weird — but we should take into account that Tucows might need to deal with a whole avalanche of court orders. Maybe, they were just too busy to scrutinize one particular paper. Meanwhile, it was a classic phishing trick. The document looked highly plausible and the domain was almost correct. Anyone who had tried browsing it would have ended up on the right site.

How Did the Attack Manage to Last for the Whole Four Days?

In his Twitter thread, Sunde specified the following information about the attack. The hacker swiftly altered all links dark.fail to phish passwords, logins and other confidential details. Third-party sites were posing as dark web markets to steal people’s money.

Dark web markets normally accept BTC. Customers transferred their funds to addresses under hackers’ control, believing they were purchasing substances from markets.

Neither Hover nor Njalla could not do anything to stop the crime simply because they were not aware! As soon as they realized what a disaster was going on, they quickly responded to the attack. Yet it took four days to coax Namecheap to transfer the admin rights back.

The Results of the Attack

Now, you can access the fully operational onion version of dark.fail through the Tor browser. Plus, you can find archived versions of dark.fail displaying its dark web market status reports.

The organizers of the attack remain unknown. There is no clear evidence on how many people fell prey to hackers.

And the Trickiest Thing Is That…

Namecheap fails to admit that the court order was forged! The paper looked like it was 100% real. The company even issued a statement to support its point of view. The domain mentioned in the court order is registered through them. The web redirect is hosted with them and the incoming email is hosted by them. It hardly makes sense to deny the facts…

In his Twitter, Sunde repeats how well-versed the hacker is — and his words can serve as a warning for everyone else.

Dark.fail alternative

After the hack, dark.fail owner decided to move all content to https://dark.pe

News/ Darknet Markets

Is DNStats.net legit or phising site?

admin 0 Comments August 26, 2021

DNStats.net went down in history as the first uptime monitor for onion services that was accessible to the general public. Darknet users knew that this resource was one of the few credible providers of dark web market mirrors. It used to be a firm favorite among market buyers, researchers and even police officers. Yet in 2018, things suddenly went wrong. The good old DNStats unexpectedly started shilling and redirecting users to fake markets. From this review, you’ll get to know how the story unfolded.

Please mind that this article was written about DNStats.net. You might come across some other resources whose names sound similar — but they won’t be discussed in this text.

DNStats Reddit Announcement

In mid-Spring 2014, a Reddit user /u/select1on announced the launch of DNStats.net on the /r/darknetmarkets subreddit. Follow this link to check an archived version of that piece of news.

Back then, this information didn’t cause a sensation at all. Nevertheless, it took DNStats very little time to become one of the most reputable resources with marketplace mirrors and uptime information. Today, there are too many look-alike uptime monitors and news resources of this type. Instead of generating unique content, their copy it from elsewhere and paste with little or no editing.

It would be fair to say that in this sphere, supply exceeds demand. When you want to find a working mirror of a certain darknet marketplace, it should take you less than one minute. And you can be sure that you’ll discover numerous phishing sites on your way too.

Yet in the mid-2010s, there was a completely different situation. The number of sites for finding mirrors or checking the news on the clearnet was limited. In 2014, DNStats came as a revelation and we shouldn’t underestimate its importance for the Internet environment of that decade.

pic 1 (2).png

This screenshot shows the looks of the original DNStats.net after a redesign

In late 2011, the Silk Road subreddit was launched. Next year, Eileen Ormsby covered this marketplace in “All Things Vice“. By the end of 2013, DeepDotWeb and /r/darknetmarkets were launched. In a few months, DNStats and Grams saw light — and both were rather innovative for their time. The former, as was already said above in this article, provided marketplace mirrors and historical uptime data. The latter had search, Flow, Helix, Helix Light and Infodesk, to name a few.

To explain the significance of DNStats to its audience, we should probably use a comparison. For the audience of Agora Market, it was just as important as Dark.Fail was to people who used Empire Market. The /r/darknetmarkets subreddit referred users to DNStats to check market uptime and Grams to check vendor profiles and data.

pic 2 (2).png

DNStats used to list the lifetime availability of multiple marketplaces

There were times when you would see the Dark.Fail link in the /r/onions subreddit’s sidebar. Then, it was replaced by the link to DNStats.net.

pic 3 (2).png

/r/darknetmarkets and DNstats left, /r/onions and Dark.fail right

DNStats Phishing Scandal

The previous admin of DNStats was a person with an impeccable reputation who had hardly any nefarious motives. Unfortunately, the individual who is supervising DNStats now pursues other goals. In late 2018, the design and functionality of the once-reliable project changed dramatically.

pic 4 (2).png

This is a screenshot of the new DNStats

If you try to dig a bit deeper, you’ll be unlikely to discover any valuable facts or reminiscence about the service. The good thing is that the current version of DNStats indeed features a few listings that display uptime information. But you’ll be able to see it only if the last hour is available. So the service is not as useful as it could have been. And alas, it’s not the only problem with it.

The most blatant issue is that the new DNStats displays phishing links that lead to fraudulent marketplaces and other overt scams. One of the most vivid examples is the listing for Escobay. The team behind it copied the CannaHome interface, so this platform might look like a market at the first sight. Moreover, Escobay tries to load some assets from a defunct CannaHome onion address. But in fact, it’s not a marketplace at all.

These days, you might come across weird links on DNStats. They lead to web resources that seem to have been launched yesterday. The lack of history is not a tell-tale sign of a scam but it creates a dubious situation. If only dicey sites refer to any onion service, users might start to ask rightful questions about the credibility of all parties involved.

BlackPass Market as well as a few other listings are mirrored by only other resources with a bad reputation. These resources got notorious for misinforming their audience and promoting scam projects.

pic 5 (2).png

DNStats left, another scam project of this type on the right

As for the legitimate darknet marketplaces, DNStats lists them too. But it is much more focused on their fraudulent counterparts. Basically, the situation is the same as on Dark.fail.

Besides, you shouldn’t 100% trust the descriptions for the listed markets. DNStats often shares wrong facts and value judgments. It might say that a certain platform is large and versatile — while in fact, it might be rather small and dedicated to one or several particular types of products.

pic 6 (2).png

DNStats characterizes Big Blue Market inaccurately, thus misinforming its users

Is DNStats Legit at all in Its Current Version?

Based on the Archive.org data, we can see that it took DNStats around one year to transform to a newer version. The conversion began in mid-Autumn 2018.

The new administrator of the platform got rid of all remainders of the DNStats that we liked so much. He or she placed referral links to Wall Street and Dream markets on the main page. A search of these links gave no results.

WallStreet: wallstyizjhkrvmj\onion/signup?ref=696125

Dream: lchudifyeqm4ldjj\.onion/?ai=3055844889

And that was just the first step on the long way to degradation. The loyal audience of DNStats quickly guessed that the previous admin was no longer in charge of the site. Some people were smart enough to pay attention to meaningful detail.

The last update of Whois records took place in 2017. That was months before DNStats began to deteriorate. This fact might prove that the initial administration never sold or transferred the domain to a third party. Consequently, the new admin seems to have legitimate access to the platform. Alternatively, they might have stolen the credentials and used them to modify the DNS settings.

On October 28, 2018, the new admin switched from Njalla to Cloudflare.

This was the initial state of things:

1-you.njalla.no
2-can.njalla.in
3-get.njalla.fo

And these are the new nameservers:

peyton.ns.cloudflare.com
gail.ns.cloudflare.com

Some day after September 27, 2018, the old admin deleted his or her Reddit account. The last post on Twitter was published in July 2018. People who wrote emails to the publicly listed DNStats address never got any response. In August 2018, the DNStats donation wallet (1DNstATs59JANuXjbpS5ngWHqvApAhYHBS) sent BTC to an unknown recipient for the last time.

On October 28, 2018, the DNStats mx servers switched to Yandex — previously, they relied on Google Mail. As you remember, that was the day when the transition from Njalla to Cloudflare took place. Before that, DNStats hadn’t relied on the services of a webmaster. It hadn’t used the search console to verify TXT records. But suddenly, it got both.

This is the Google Search console TXT record from February 15, which was the latest update:

google-site-verification=llUZYZIo8TikibwXwiDTe_KeK95ypw1kOeBDCIIOx4

Here is what we see in the Yandex TXT:

yandex-verification: 2ee10da105953c18

What we know for sure is that DNStats is alive and kicking. Its DNS records were tweaked. Someone keeps sharing Department of Justice press releases on the news page. Some time ago, the site warned its visitors about the Apollon Market exit scam.

There is a referral link to Empire Market on DNStats — and it might give hints on the new administrator of the site. The description of the market features this link twice. The curious thing is that DNStats seems to be the only indexed site that offers this link — and it’s a phishing one.

empiremktw5g6njb\.onion/ref/760948

However, you can find that link if you type “/ref/760948” in the DuckDuckGo search bar.

pic 7 (2).png

This is what you’ll see when you try to search for the Empire referral through DuckDuckGo

If we analyze the uniqueness of texts on DNStats, we’ll see that all the marketplace descriptions were purposefully created for this site. They often contain mistakes and misprints, which means that they might be written by the same person each time. Such misprints are not typical of any other site. But when the administrator writes news pieces, he or she copies them from the USAO press releases.

The overall impression is that the person who is in charge of DNStats now has certain expertise in frauds. Most likely, he or she has gained experience on some other sites of this type before. DNStats doesn’t closely resemble any other resource from its sphere, which is a bit weird.

We can suspect that the new admin of the site used to work for the old one for some time. At the beginning of 2015, /u/select1on shared a job offer for a person who could carry out some research on dark web sites. That offer was very concise and lacked any details. It’s hard to say whether the employer managed to hire anyone then. But even if they did, they might have refused to share admin credentials with them.

In summer 2015, the old admin openly confessed that he or she had hired a developer to handle the database. Maybe, not one person but several professionals got access to the DNStats infrastructure. The administrator didn’t specify whether this helper or helpers worked with all the infrastructure of the site or just a part of it. Today, we might assume that a hired person became the new owner of the site. Yet we shouldn’t completely exclude another possibility: what if it’s the same old admin?

Just Sharing Some Guesswork

This is just one of the numerous theories whose authors try to explain what happened to DNStats. Maybe, the old administrator of this resource decided to disappear from the public eye for some reason. He (or she) posted his (or her) last tweet in July 2018. Three months later, they deleted their Reddit account. In August 2018, they transferred BTC to someone for the last time. By that moment, people had sent a total of 28.30143634 BTC to the DNStats donation address. At the current exchange rate, that’s a colossal sum.

Could the police arrest this person for any illegal activity on the darknet? In theory, yes. But if we think realistically, such an assumption would seem unlikely because DNStats keeps operating.

Back then, DeepDotWeb was still free. For many people, marketplace referral links from this site served as a source of income. After DeepDotWeb was shut down, quite a few sites that had made money on such links had to stop their operations as well.

According to one of the most popular versions, the DNStats administrator might have known or guessed what would happen to DeepDotWeb. He or she realized that DNStats would face the same fate. It was rather obvious that the DNStats administrator relied on affiliate links. Data from the blockchain can easily prove that.

pic 8 (2).png

— WalletExplorer

In October 2018, the site announced the launch of Masterlist. During that troublesome transition period, no other relevant pieces of news went live. Some suspicious individuals might think that DNStats and Masterlist were somehow connected — but there is no evidence for this conjecture.

Others might even link DNStats to Olympus Market that exit scammed in Autumn 2018 as well. Yet again, no one can offer any evidence to back up this speculation.

So we can just take it for granted that the initial administrator left DNStats. He or she might have sold the domain deliberately. Otherwise, a third party might have seized the domain. No one seems to know for sure what happened exactly.

The last solid fact we know is that the original DNStats admin kept on tweeting systematically until July 2018. Then, the only thing we can do is to ask questions.

What happened between that last tweet and the day when they used their BTC wallet for the last time?
Why didn’t the admin delete their Reddit account immediately but waited for months to do it? That account contained his or her private data.

Can some of our readers shed light on these mysterious events? If yes, feel free to get in touch with us! We’ll be glad to listen to your version.

News

Shiny Flakes: Netflix Movie

admin netflix 1 Comment August 17, 2021

Shiny_Flakes the Teenage Drug Lord” is the name of the new documentary by Eva Müller. This freshly released movie is bound to become a massive hit. It is based on the true story of a German teen whose real name is Maximilian Schmidt. However, he is better known on a global scale thanks to his Shiny Flakes alias. Previously, Netflix has already launched a drama series called “How to Sell Drugs Online Fast” — but that was a fictionalized version of Shiny Flakes the teenage drug lord. Now, it’s time to watch a film about real-life events.

Who Is Shiny Flakes?

This guy was doing shady business from his childhood bedroom. He packed up the drugs right from the home that he shared with his mother. His ShinyFlakes.com website existed for 14 months and enabled the young entrepreneur to make serious money — 4.1 million euros, to be precise. In February 2015, the German police arrested the juvenile drug lord. He was just 19 years old.

How Did Shiny Flakes Sell Drugs Online?

The Shiny Flakes drug empire operated very differently from an average online store on the dark web. In his own words, Schmidt wanted the process of purchasing drugs to be just as quick and simple as buying shoes online.

Using his online connections, he established a collaboration with a reliable supplier. The shop’s assortment included cocaine, meth, LSD, marijuana, prescription drugs and many other items. Consumers would add the desired items to their carts in a couple of clicks, just as in a regular online store. They paid upfront with Bitcoin and received their orders through the traditional postal service. The drugs would arrive at your doorstep faster than Amazon Prime orders.

It took this business only a couple of months to properly take off.

Two Mistakes That the Drug Lord Made

When developing his business, Schmid hit a few bumps. For instance, he kept visiting the same postage station for his deliveries, located not far from his house and in view of CCTV cameras.

Plus, once he put an incorrect address on one of the packages. When the parcel was returned, it was opened and drugs were found inside.

These occasional blunders made it easier for the police to identify the offender.

The Fateful Interview to Vice

In 2014, Shiny Flakes the teenage drug lord gave an interview to Vice magazine. He was reckless enough to confirm that he lived in Germany. He boasted he was selling an “exclusive selection of pills” from his childhood bedroom. Also, he confessed that he relied on the statistical analysis of consumers and their purchasing habits to maximize sales.

This interview gave clear hints to law enforcement agencies on where to look for the young criminal.

What Happened After the Police Arrested Maximilian Schmidt?

Law enforcement officers logged into Schmidt’s computer that he used to sell drugs online. They got hold of a database with thousands of customers and opened more than 4,000 criminal proceedings. Maximilian underwent hundreds of trials as a witness for those who had allegedly bought drugs from his site.

The court treated Schmidt as a minor because of his “emotional immaturity”. He got a seven year sentence and was sent to a juvenile prison. However, he was released from prison in June 2019 after serving just over half of these seven years.

What Happened to His Drug Empire After His Arrest?

Maximilian Schmidt claims he doesn’t have a single cent of the $4.1-million-euro fortune. No one knows whether it’s true or not. Reportedly, the police have not been able to access two Bitcoin wallets that belonged to the offender.

The Netflix Series

The first installment of the “How to Sell Drugs Online Fast” Netflix series saw light in 2019. It consists of three episodes, the last of which was released in summer 2021. Two best teenage friends, Moritz Zimmermann (Maximilian Mundt) and Lenny Sander (Danilo Kamperidis), try their hand at selling drugs to impress Moritz’s ex-girlfriend. That’s not a documentary but a fictionalized version of Schmidt’s story.

The Documentary

Director Eva Müller thought it might be interesting to show a bigger picture and created the “Shiny_Flakes the Teenage Drug Lord” documentary. The 96-minutes-long film was first streamed on Netflix in the United States on August 3, 2021. This version is based on real facts. You can see and listen to Maximilian Schmidt himself speaking about his business.

Feel free to start the video play in a modal window! If you wish, you can do it with default values. To see dialog captions, you can open the modal dialog. You’ll be able to close modal dialog end at any moment (to close modal dialog, you should push the escape key). Also, you’ll be able to check the full audio track fullscreen or the selected audio track fullscreen.

The Appeal of the Main Protagonist

The baby faced drug lord used to be unpopular at school — but he found a way to improve his social status. The young man has no remorse for what he did. At first, he might seem like a romantic figure, a teen idol. The beginning of his success story might impress thousands of lonely, antisocial teenagers. But in the end, who would like to find themselves behind the bars?

What’s Going On with the Teenage Drug Lord Right Now?

The final moments of the documentary show the arrest of several individuals in August 2020 in relation to a drugs bust in Leipzig. Maximilian Schmidt aka Shiny Flakes was one of them. By 2021, he was placed under a fresh investigation for a new alleged offense. Soon, he might face another prison sentence — yet until the end of the trial, he is presumed innocent.

Final Thoughts

“Shiny_Flakes the Teenage Drug Lord” is an informative and exciting movie. It brilliantly showcases the potential of digital technologies and the risks connected with running illegal businesses. Hopefully, the true story of a teenage drug lord won’t inspire other young people to follow his suit.

News

Attention! The v2 onion services in Tor browser will become inactive soon.

admin onion, tor 0 Comments July 28, 2021

Attention, Tor users! On October 15th, 2021, this browser will deactivate its onion service v2. After this deadline, all v2 onion addresses will become invalid. The new v3 standard will be introduced to ensure better security. Read this article till the end to get to know about the reasons and the potential consequences of the changes.

A Brief Background

In July 2020, the Tor Project shared a timeline for the deprecation of Tor V2 Onion support and services (The Onion Router Version 3 services). The team behind the browser did so in order to integrate the more secure Version 3 or V3 of the onion services. Back then, the developers announced that the V2 services (that is, Tor’s brief encrypted services), will no longer be functional by the 16th of October 2021.

The subscribers of the Tor mailing list received a statement from David Goulet, one of the developers. David reminded them of the fact that the onion service v2 used RSA1024 and 80 bit SHA1 (truncated) addresses. Plus, it relied on the TAP handshake which had been entirely removed from the browser for many years — except v2 services. The outdated TAP handshake made Tor prone to enumeration and location-prediction attacks due to its simplistic directory system. HSDir relays could get enough power to enumerate or even block v2 services. As David said, v2 services will not be developed nor maintained anymore to address the most severe Tor security issues.

What to Do and What to Beware of

The essence of the innovation consists in the following: the v3 standard will replace SHA1/DH/RSA1024 with SHA3/ed25519/curve25519, providing better cryptographic algorithms.

Tor users will need to make sure that they use v3 onion addresses for all the sites that they visit. You’ll effortlessly spot the difference even if you lack profound technical knowledge. The new v3 onion domains will have 56 characters while their outdated v2 counterparts consist of only 16.

Most likely, hackers will try to fool users by creating phishing links for new domains. For this reason, you should get the new v3 addresses for the sites that you use only from trusted sources – preferably, directly from the administrations of these sites.

To stay up to date with the news, keep checking the official blog of the Tor project and their mailing list. Don’t wait until the deadline! Feel free to start using the v3 addresses right now!

An-overview-of-how-Tor-works-Client-establishes-a-path-of-onion-routers-and-sends

Crypto/ Tutorials

What is v3 onion?

admin onion, tech 0 Comments July 26, 2021

tl;dr – v3 = stronger crypto. harder to generate look-a-like urls to stop phishing. no one will ever find or sniff/snoop out your v3 address unless you tell them or post it somewhere.

v2 onion services

They will always be 16 characters long. Each character has 32 possible values. Therefore, there are 32¹⁶ == 1,208,925,819,614,629,174,706,176 unique v2 onion addresses.

Example = facebookcorewwwi.onion

the address is “the first 80 bits of the SHA-1 of the 1024-bit RSA key”

v3 onion services

They will always be 56 characters long. A v3 address will always end in a d due to the way v3 onion service names are encoded.

Example = vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion

Some reasons for the update to move from v2 onions:

The cryptographic building blocks use updated or more secure signature algorithms and hashing methods. For instance, the older SHA1/DH/RSA1024 was swapped with SHA3/ed25519/curve25519.
Directory protocol has been improved and now leaks less metadata to directory servers. This is, in part, to avoid attacks where a hidden service can be censored easily based on the descriptor. To prevent predictability Tor uses, different, pseudo random variables. Time period, public keys, shared random values, etc.
“Better onion address security against impersonation; more extensible introduction/rendezvous protocol; and a cleaner and more modular codebase.”

1 2 3