Empire Market users, like the users of every darkweb marketplace targeted by phishers, continue to make the same mistakes when logging into Empire Market. These mistakes could be mitigated if the market’s users followed some of the appropriate steps outlined by the market itself.
Darknetlive recently mitigated the phishing clones of this that sent users to fake marketplaces. Dark.fail recently dealt with a number of the phishing clones of dark.fail (and spoke with the entity responsible for many of the sites) as well. This is a cat-and-mouse game. Our fixes will work for the time being but the phishers will find a way to get around our fixes. For now though, the measures put in place seem to have helped prevent people from finding phishing links through phishing clones of darknetlive. This unfortunately is far from a solution to phishing in general.
Dread users, as well as the users of several subreddits geared towards users of darkweb markets, have likely received messages with a semi-convincing message about new market mirrors. Unsurprisingly the message also contains those mirrors. In no world are those links worth clicking. Most of the time this is obvious. But as a prolific phisher and scammer once wrote about Empire Market’s anti-phishing measures, “the end user is always the weakest link to a system.” In other words, some people are idiots.
Here is a message darknetlive recently received on Dread from a user named “EmpireModerator.” The seemingly official username would convince some users, unlike many of the various accounts used by the growing number of phishers.
Due to the recent DDOS attacks, our technical team has been working hard to provide some alternative ways to deal with it. Right now we mainly control it but we want to explore new ways to avoid any downtime in the future; for that we are creating some new onion links with higher uptime rotating our onion links internally in a proper way with a custom onion balancer that will distribute our traffic better between remote servers. Also we recommend special caution with dark.fail as some users reported that they got phishing links from that source.
You can use any of the following links to access Empire Market, please bookmark them to avoid any phishing attack:
Empire won’t ask for your pin or mnemonic, bitcoin deposit address
always starts with 3 and please check the login phrase on the homepage to ensure that you are using a legit site
Empire Market directly tells users to use dark.fail exclusively for valid mirrors. The first step is to get mirrors from dark.fail. Not darkfail.com, darkfail.org, not some stranger’s message on Reddit. Dark.fail.
If, for example, you visited one of the links from the message above, you would see a very convincing Empire Market frontpage. Unless you have memorized the extensive list of Empire Market mirrors, appearance alone would not be enough to verify the legitimacy of most phishing sites (those serving the real market through a reverse proxy at a minimum).
In the menu bar there is a link titled “Verify Mirror.” That link presents you with another captcha. Once past the captcha, users will find a message signed with the market’s private key that validates the mirror. The phishing page will have a similarly signed message and appear valid as well.
Copy that entire message and create a text file containing only the contents of your clipboard. Run
gpg --verify /path/to/file
The valid link will check out:
The invalid one will not:
The market’s PGP key is available here and at the bottom of this post.
The obvious solution is to get mirrors provided only by dark.fail, the Empire Market login screen, the Empire Market subdread sidebar/ sticky message from /u/Se7en or another Empire Market staff member.
Below is a message from /u/Se7en on the topic of Empire Market phishing links:
Empire Market will never ask for your PIN or mnemonic to log in
If you are asked for your PIN or mnemonic to log in you are on a phishing site.
We will never PM you asking you to verify your account. Watch out for staff impersonators.
There are phishing sites that act just like Empire, to make sure you’re not using a phishing proxy always verify mirrors at /safe and only get links from dark.fail
How to obtain a legitimate link
Mirrors are available on DarkFail
dark.fail or darkfailllnkf4vf.onion
How to verify if a link is legit
- Make sure the onion link included in the login captcha matches the domain you are using, if they don’t match or the login captcha has no link included in it then you’re using a phishing proxy
- Verify the signature at /safe
How do i secure my account?
- Enable 2FA
- Don’t use the same password for everything and keep your passwords strong using a password manager like KeePassX
- Use common sense
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFoTKj4BEADF8SRTYfFg17I5cYMbIGYBg2nLb8kCOL47vE6k38yUme0Lp42f FKyoaSCaERFAjFwRKFpS1pRFZRDCFzC4dNGhSGusHpUcdw2WOE2wt+cKcuMjW1JU asB6jOBw5UsKuHCMcPe6zur/rWvW80ZoijXHABsoiLjagmDRqNxLCGf06vrEfViD uJchyusaM5WBzcDASBUPc65m0MecaB479kinxYjQWf0btadnuJVhHsv8hRosuC3z FsHfDEsCB1A6nr0ivHa8gECEI/5mAYdB7fVWin6sig1aganAJmmqqbaveT/s7LvQ JqQ2HAHLvUkqndQSPtuDboB+8FY2XDLPy+V7zP7McQJVHeUyiycVhsrZJnclZh/Y /NAF9IcfiOcDYYoHntrU0inWjw6u+72UTtxMLZ4zIYxYVFiijyR855XmEfLz007E Sk0h4FHojoJCl7wQVuSmxHXB/gLsGb+znDd/z4NMWFUJOVdKtdW76fINvkq4c5lE 7ql8Cq1HkhYaUBvqovBrKvIII+cyFlu87WLGpCm0nQFNi+M5nuZ8U3sH2NJ4Nr9h Bt4TdW/Qou9FmLFoWiqCXiUvlFMqhxBckaJtxqRV0KV/X7jVfaQpJCcWgJf2jhCy 6HR+8lB8uj9hCykpfLOTlZ61ETSjVJC5t6vHyEQDO/+r4LXhF9Io/ybqrQARAQAB tCRFbXBpcmVNYXJrZXQgPGVtcGlyZW1hcmtldEBub25lLmNvbT6JAjkEEwECACMF AloTKj4CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRYCb1bquDHnba EADDNlgnN1wSBgXXiD4Ju8z9ddab9lBdkspWSxdTUbqnN+uGNZhTgaIMosv6d11X osqPBiDmaa9+afigf8KsqmqC6f3JzqaLkRug2JaEcHCH/hGBes36skxCF7zxk/Ju Mmnu/I1mwt4fP/4ebdG2ygWU+MEVFhiy8GYGUQ7X2KOJcDQGP+8Sp4Zl6U/TL/9f wg+ThXisiHEpOTDAbPDmf6ZJQO0Dl5tQMogpn156+xwlCon3Fhr0ycwkix2EJCzz sHJaugCdVP8ssUobwsPB4QpEkubsOcfOKig2bxnM4CMYzMfSn7eXVvOM4qg3CGR5 kxha8LVC1ib/O7XJbvKbwxwjrO0/+PWeoLNwgYV40SJeI4jm/xi6hWqPGMObn/xx +M13WUQA5LwfhUpmbLbplm8rt38BAld++tFTdNneQIPM74LXNUUuEWiKJPcAnx0L GjWCMwsOOe/2D9178L5BXsLh0Ext9xNU3krp7VeHRtOFlRDOdg6YZbZ3nonLswLG V9xrcMAYmEKwWNaLZAr/tPq6k8glo9rCfCCN50kG9h77kZi5zdUgHtxZFHUKs/Vs 0HhrdqXK6qGjQ/AijhA0IgPuWbCy9bUtU5iaUeA6z51+vxbda0bMmQwO1dv0JUXI TeTDcleRszfXwsuiCwviiUloKKa27JuBChQ3vy6iVwBUB7kCDQRaEyo+ARAAsyNM mlYo8a1qI8qOF2LEq8NoGTHBe8u1N4Q1rlOfIw6mEUgDD9G+QAUPPVcpwjTDdTC0 zzoRkpUbqOMpNJqpCA1xTUJBnuBdyRtq/vEyuVSxc8niji9sbkxj2psn5tu//dfy 2MxNbFP1JnBRQ5dEIj6d5kcZt0+EhwXqmKvKPPhMeVEz4E4fDOZeMqrbmcY4iiTT qFdN8aJ3E+tJ6pS6HUWwgMOwcQhCzah5q6eMaqtZA7PnuIpeudeVok0i5pvyfDmJ sB4nqeeJFyzgNsGy5GkN4vI2zX7luYrxzrDIkmTIwCFmPk9PQHiAY0I+OqeUoPiL HUizvschbKV3TqSYNwlyi5GTymysCKbHvyqGdNgRJxAzV6htDymEBkB5egj98DhM UxCP9P1lhjEkf6GSJK0Y6cppL1NkjD2VG/BT++SqznQCbey1kuZ1UGFaDOpN1vQv F5zSG2t7WLmoZU3k7X3ljpZpSBD2EFcac/wQ+6uE9UMiFU1y9AImC/AqC3oIWE8S gPmG7FULN2pjfQ7wPNqovChtxB3lAqzzzFTX+7UDMiGf8oakxkvwIjQkUL5zEOXn rTvKLaSy4ehxpcyLvU5GXgMyWMaugp04ff3UeJ680eM+P/zJAt81hggOJNqqMVm5 aiEuY1yBV9TcZF8qRNwX53UtjGg6YQ0wRgqAp2kAEQEAAYkCHwQYAQIACQUCWhMq PgIbDAAKCRCRYCb1bquDHrKOEACtjY0GUx3wkoDXqLKErhsIwou1MBtQgSZnkrU0 2MLrRgOa2zABIsFSSLRVJez4oNEYpq6s3dt7zZTBR4Xuc1MGQHbfW5LRnwi+oD+X MqKLYwLPVUlxLdFvF5sl6I+LKRhQTm3CZ56RC2XEyhsBBDSFG6eJGkiV1WHqBBDW OI6M/hCs05bpyCpMixXzagGv97j7JITNZdS8NbiYU44jbqdTSa6sDvQ/gnPAB9p0 JAZCDmN0uLZ6zr2S7ovDl7O+1YUj8oKNkcnynlzl4CmQ539Js5SzdGaQ98fPIDgU zDfP6m77+MlmgzDkOxsWfzK87Rw2AsWQTZILc7pZvLoTFHsMsp4nKUOTWj5Aj2PA zngdH5wkYBTAb3aaVxfdw3HoJ6eKmAnK7fdmP9XBVCZFlJCppw9lc6Jh6/SPcNbr 33rkvO88YTCq5nCwYEGlZ90PwHGGJqzNBW/v+MJf89eithynE74QRReVNuJDwmdd qg0/+/nuFsfglbRHCAMGpFnYART42aHILnJAd86+9t6m9q3f3fUqR7e93Zl7R8I9 Ol3Mtrgn8/IyiqUvFxHM91BdWMkWRv4jirytBe8+JC49GNEf0hMuBw3IqukiQpC9 2J0mCuRoJwqtH10lk226lRN7RVwTJFnZHXotewzMmmkEc+M8EHofjLLAw9p2VA8C Y+2Rlg== =eO6H -----END PGP PUBLIC KEY BLOCK-----