Grey Market exit scammed. According to one of the market’s administrators, a second administrator had emptied the cold storage wallets and vanished with the funds users had in escrow. The exit scam likely surprised only the market’s most loyal fans.
If you want to skip the introduction, head to the message from the Grey Market admin.
Clarification: A previous version of this article failed to properly explain that Gustav had stopped attacking White House Market, Monopoly Market, and Darkmarket.
After more than a week of intermittent uptime, the market went completely offline between four and six days ago. Different users have provided Darknetlive with different dates and it looks as if vendor mirrors worked for longer than the public mirrors. On December 27, one vendor wrote that they had lost access to the market (via vendor mirrors) “two days ago.” A number of buyers complained about 502 errors since before December 25. Nevertheless, vendor mirrors completely stopped working at some point after Christmas.
As a result, incoming and outgoing payments also stopped. Customers could not finalize the orders they had received and vendors could not withdraw any Bitcoin. Some stood up for the market on the market’s subdread. In an official announcement thread, one vendor wrote, “yea you are right, they have been great and i don’t think is an exit scammed [sic].” The vendor also wrote that Grey Market had blocked new transactions since “2-3 days before the ddos” and that a market planning on exit scamming would have allowed transactions until the very end.
Grey Market was one of several small markets struggling under the weight of an especially powerful DDOS attack. According to a market administrator familiar with the ongoing attacks, the actor responsible is essentially able to take any onion service offline. Facebook’s onion service is one of very few exceptions acknowledged by the attacker.
One market administrator told Darknetlive that Grey Market had used the ongoing DDOS attack as an excuse for the rogue administrators actions. The actor responsible for the DDOS has also attacked markets such as White House, Monopoly, and Darkmarket. The attacker eventually stopped hitting those three markets. All three are still here. Several smaller markets, such as Yellow Brick and BitBazaar, are allegedly struggling under the same DDOS attack.
But an exit scam is an exit scam. The Grey Market administrator responsible for the message on Dread claimed the theiving administrator had used the chaos caused by the DDOS attack to “take a chance” at emptying the market’s cold storage. The DDOS attack could have inspired the theft of the funds in cold storage but marketplaces with their own wallets can steal funds at any given time.
Below is the message posted on Dread by u/DrkMrkRIP. The user created a new account to post the message instead of using one of the existing Grey Market accounts. However, the signature checks out. If some random person has access to their primary PGP key, the market has more serious concerns than a DDOS attack.
Show PGP Signed Message
-----BEGIN PGP SIGNED MESSAGE-----
i am grey market admin and we had another admin lets call him billy. billy was in charge on promotion and only he has access to all our official accounts here.
as you know last few weeks we had bad ddos attack so while we were very busy to fight billy took his chance and stole all money from cold storage. few days later we had to stop market because we cant pay back. billy’s searching is already on the way we will try to return as much as possible we need time. if everything is good we will back in few months with new ddos and scam proof market we will try to make multisig escrow as simple as possible other ways are not safe for vendors and customers.
we apologise for spoiled xmas and new year we feel the same, peace bros
ps admins you can mark Grey Market as scam exited and ban all our official accounts
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Here is the marketplace’s PGP key as saved on the market’s subdread wiki
Show Grey Market
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF0bUTsBEADYG5rJbQzB8oWSy75NHOqjATeIiUdGqTJatnbzJJMtmulNQtf2 0DBPvwdVSIBK8fXXpGrsHPqfgo4zDx11F21lENnAeBWKxVdegtZpfCiUtLEsy9pD a1du1H1VXJc54O9DGsEPnfVFTFbbChn8FojG3+Vk60CYAv/Y3yw82yoWlOY+L8Xk WhTrwbU6pDtJJQjHe4nLo4knck6diNsrTX79GJ4ADB4dxj5b9WQRS9tXvRGsLOqS 0xWEkAtVTY0NgcGZ+Z6980LSRgqOiM/MmZnc01ggK51ill3QZ2XQhkQTu0mRvIqo TCNrq+CUExMnC41wmDWNdF4bisqejdZMU3TjMMUyRigPKRRqNprve/JxuK5NtdoB 63P9Pt8IR7DD+4Y2OzzkL614w2r3wY+JFxVjUnk1IXDEh1qsK5ZvYGKg9drxlaol kbfUJKlzUmKn+GVKevxLzyDdjm3zRhai4UOliOZ8J0WptE1gjhJvigmFLLIc3j/e if6hypyIApkzDpzGxNjT/7vOBMbxghHxCL0nGlSKMgl6lj/relsFWKDGtHbK/6jO G5zhfBAf36MkkNIBRI+UK5tY8z1DCXd7sdCe6M54QLqQu2h/Y46RAM5ggK6w6Mgr Drnom11JoDE42Ppzq6Fbutum02bnOIq/ZFEjSBF2H/tfA5yi3tysS8/bcwARAQAB tAtncmV5IG1hcmtldIkCTgQTAQoAOBYhBMeI9lfzuIwk8h7rl6LzMOWNwwTtBQJd G1E7AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEKLzMOWNwwTt+hUQAIsI 44DtssqBpP4pwHZkoisUxZ8Wg18Rrw/0AGzkojPVgpHvchtsv7u3AeyoyQ9PCHQK KbiZboWDEGsmKT75Nv+r8aBr8B0/Fm+xxrnzRjGoN1qsjpjonp/Fu4oUEXJeVqO6 rVA7zJdOXvo5CXrK27c5xRL9y2L7wHwDaXKPPezElvZLCNCa7MP2BVcc6Yghv851 oEK4xySWFlY1VUTjbhVhEDMdSemWqwB94GyvV24/clvn4kay1bCuSaGnI7a8YFzG TFtX0i/bdrTUmaJ/K4IGmtdfGQwS3l6mJRL7vRTOQLsXhnTHJMpCXop15Kta6pF7 twIRdtlkHGYa8BjjLPzSkfMHJH1dx3yKyaMxkE7c9rIbdYpedUwOuZaIjJcQJX9A +1x6qLlLkVOLONCWqeqpq/hKspldvm88cbpl3JYLEm8Np9IYInHC8Yovor4zBXBC ADBPRf70SwiUoUsqGVuwpmWLwGc3jNpa5aLf73mLFid+guwDCPwdpj7mpnGm9+3a BGqKFCnv5Yod2oSPG08nwPjxRFNOP1diLVTs/mFoZDrkKF9zyG1QpwJNBlSkrTOC 1a6AqkLisesuptThuylVpYfVtw0kLWpFAfy0QMC10g6gBpTGQijyR3VdFZnsfHnT hlGdEKSZtiUlI38echH7k+U05xM8b5p7ZyUdJeyhuQINBF0bUTsBEADpzvHV0cGV hdS1vsp3u0Ja+6afWSlvqQh4xDdB9mNEug7BwYiLzIZSwUnpwtSLKfJXQBbtoXLr MWxSDek/ZqAWCPl4mtplbbSkKJ8NQdGAxAJWmLiY+x0LMahv92TlNibSz0aXwiKH r8wFpRSdPo/sEBt0AQq4m046P57CqHFzbMfHjQeJr6xCiG2xUXQORhMl6FzmLJwB RzGArRM2YYu/CmWjCoWb4+/C2rbmTXgNZ1yum0Fog7+UeHNsQY92XguNrk96gyTI Y7dN48GLjdsAPsmrmNnOFqBDPf0w56PYgyvrJ6jvs82LIOoAV558MF2/QjnqKnE7 0XD+0Rqy4OM3Qsw8/SadAp/PtSDQkN/jgyT9OlSu/ktHsZA6NL3Ja9UpQRZhTtUB GceM8nEbT9KRBXBUaoEl+2ff8XM8UHbg8Ax0Wr037FWEEQdVzoK3C9RbzRubMXuL pELtpo9OXblocqQcOcrzMtQVEUG5cwaPLj9l//nH/A1sIgZRgDAUVXpq6oA8dbJq cX/Rcd0KojxOcijJWjslHHT0dXVFoFLyt5iGcokpogidrgI1ziHLSmIM7jV4kqIe 4VvUcVcnYFFVTBKpnROLp7oIBKeN9M+eJ/u3MCmaDnEQMC67kCLBK9bP0CunXZoU RBgfesCLXEf4okOmrjVj7NkL57ki/pcpZwARAQABiQI2BBgBCgAgFiEEx4j2V/O4 jCTyHuuXovMw5Y3DBO0FAl0bUTsCGwwACgkQovMw5Y3DBO1XUQ//T/atqpwekuNG chQUevkmFrtOsHyJeWxzchIzei+op6AShzSFlsZRfDjgWgRaNcXxTM2swhmdIS9x lFluq9ooYslPDMFIpZAwZ/pKeqdzPDS3upQm7tFgzlo19SDrZS/VjGKXg3/Hnmz0 PYmCMhK3/HOtGFSu6uIvArKG1S3q0gihLAgp2aItiLZeUobFZa/yQSVfy9BiH7AJ 29uVnFRM0WEpxls/kxN7L4nzBiunmIZjN5VXfOqafDtJSN/+zNs3+r8lF28xgAhV 0rWP2LUA4Fe1mpFTGceBtX+38RPTyIPKALEDZQK6d9AtB6kq0ITSkth5YygfQIQC 16evow2zOpTbkmIcDnO/sYDpO4p6Rb4od7fL1p9g4lqIis1BrSWoCRIq7Izr7TsC ttG2NiifFLQTcIESmVhkfcbqTJRligiHAdaw7dScKlPDiZCo34ks12cQkJkakMp1 41zs0HXrIBZoTqaK0TKA4a49smMiKqHb4Qr+plt2LS7G+Zmr1KqNTCrkctSJIElW xw9cfujlP03orbWp8d32r4dTL4RXe4qIrqY/XrwcDQKbBqXmFT9eFyAG1WTIo28c L7z4Xyxs7+zLh5PU9i4zhDnwFUhwD6R1BCZFhdlU81WSrAyjhg0FQkJrQB66RGbg cCMmSEMxx+U3B1XGUZ8duWC+2iHvSLU= =dV+g -----END PGP PUBLIC KEY BLOCK-----
P.S. This is the same marketplace that Dark.Fail Tweeted about several weeks ago when one of their (now former) staff members went rogue.