Paris: Versus Market Exploit is Real
A user on Dread (/u/threesixty) hacked Versus Market “in a time span of about 2 hours,” according to a post on the Versus subdread. “Please remove security driven from your website title. You are not security driven.”

threesixty generated little traction with his brand new account
The user who had discovered the vulnerability, /u/threesixty, contacted DeSnake, the administrator of AlphaBay, about “the security issues on Versus.” According to DeSnake’s posts on Dread about the incident, he initially assumed threesixty’s post contained FUD. DeSnake and threesixty then worked together “to get even more proof on top of what he had recovered initially.”
A “meaningless excerpt from the file,” posted by threesixty as a form of proof for Versus staff. It is not a form of proof for those of us without access to Versus:<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-mysql" data-lang="mysql"><span class="line"><span class="cl"><span class="c1">--</span></span></span><span class="line"><span class="cl"><span class="c1">-- Table structure for table `crons`</span></span></span><span class="line"><span class="cl"><span class="c1">--</span></span></span><span class="line"><span class="cl"><span class="c1"></span></span></span><span class="line"><span class="cl"><span class="c1">DROP TABLE IF EXISTS `crons`;</span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="cm">/*!40101 SET @saved_cs_client = @@character_set_client */</span><span class="p">;</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="cm">/*!40101 SET character_set_client = utf8 */</span><span class="p">;</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="o">`</span><span class="n">crons</span><span class="o">`</span><span class="w"> </span><span class="p">(</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">id</span><span class="o">`</span><span class="w"> </span><span class="kt">int</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span><span class="w"> </span><span class="k">unsigned</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="kp">AUTO_INCREMENT</span><span class="p">,</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">created</span><span class="o">`</span><span class="w"> </span><span class="kt">timestamp</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">current_timestamp</span><span class="p">(),</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">last_edit</span><span class="o">`</span><span class="w"> </span><span class="kt">timestamp</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">current_timestamp</span><span class="p">()</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">UPDATE</span><span class="w"> </span><span class="k">current_timestamp</span><span class="p">(),</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">next_run</span><span class="o">`</span><span class="w"> </span><span class="kt">timestamp</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="s1">'0000-00-00 00:00:00'</span><span class="p">,</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="k">interval</span><span class="o">`</span><span class="w"> </span><span class="kt">int</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span><span class="w"> </span><span class="k">unsigned</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="p">,</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">cron</span><span class="o">`</span><span class="w"> </span><span class="kt">text</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="p">,</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">`</span><span class="n">took</span><span class="o">`</span><span class="w"> </span><span class="kt">bigint</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="p">,</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">PRIMARY</span><span class="w"> </span><span class="k">KEY</span><span class="w"> </span><span class="p">(</span><span class="o">`</span><span class="n">id</span><span class="o">`</span><span class="p">)</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span><span class="kp">ENGINE</span><span class="o">=</span><span class="n">InnoDB</span><span class="w"> </span><span class="kp">AUTO_INCREMENT</span><span class="o">=</span><span class="mi">14</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="kp">CHARSET</span><span class="o">=</span><span class="n">utf8mb4</span><span class="p">;</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="cm">/*!40101 SET character_set_client = @saved_cs_client */</span><span class="p">;</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">--</span></span></span><span class="line"><span class="cl"><span class="c1">-- Dumping data for table `crons`</span></span></span><span class="line"><span class="cl"><span class="c1">--</span></span></span><span class="line"><span class="cl"><span class="c1"></span></span></span><span class="line"><span class="cl"><span class="c1">LOCK TABLES `crons` WRITE;</span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="cm">/*!40000 ALTER TABLE `crons` DISABLE KEYS */</span><span class="p">;</span><span class="w"></span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="o">`</span><span class="n">crons</span><span class="o">`</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="s1">'2019-12-03 09:56:24'</span><span class="p">,</span><span class="s1">'2021-10-16 17:24:18'</span><span class="p">,</span><span class="s1">'2021-10-16 17:25:18'</span><span class="p">,</span><span class="mi">60</span><span class="p">,</span><span class="s1">'check_invoices'</span><span class="p">,</span><span class="mi">7238</span><span class="p">),(</span><span class="mi">2</span><span class="p">,</span><span class="s1">'2019-12-03 09:56:14'</span><span class="p">,</span><span class="s1">'2021-10-16 17:24:03'</span><span class="p">,</span><span class="s1">'2021-10-16 17:25:03'</span><span class="p">,</span><span class="mi">60</span><span class="p">,</span><span class="s1">'get_rates'</span><span class="p">,</span><span class="mi">219</span><span class="p">)...</span><span class="w"></span></span></span></code>
DeSnake described the impact of their work as a “complete takeover. Database, files, cryptocurrency wallets (of course those that have used multisig are okay either way), real IP exposed etc. Complete pwn.”
<h2 id="versus-hacked-for-3rd-time-or-why-security-must-be-a-priority-for-dnm-admins">Versus hacked for 3rd time or why security must be a priority for DNM admins </h2>
The hyperlinks have been removed to prevent you know, the thing.
DeSnake:
Disclaimer: Before I begin with the post I would like to point out that I do not have anything against /u/WilliamGibson himself. Yes I do not think security (getting hacked 3 times) and stability (offline almost all the time during DDoS) is on point for their status as a marketplace even more so 3 years down the line. Yes their inability to get their Staff issues/communication spills over the business and the posts from customers speaks for that. However at the very least they kept going and were providing a platform for people to trade.
I was contacted around a day ago by the hacker /u/threesixty about the security issues on Versus. As with everything I take it with a cup full of salt before I do my own verification. I took a look at his profile and of course it was a new one which led me even further to believe this to be FUD. He had created a post on Versus subdread (dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/e408c16ab482106c4eea)/ which got suprisingly little attention for the details that it was outlining and claiming.
I decided to ask him for further details and in an encrypted PGP message he provided an interesting amount of information. Now anyone could have created that information so the only way to verify it was to test myself. I was almost certain it had been patched by Versus… but even after the post threesixty had done the vulnerability was still sitting there plain as day allowing anyone to browse through the system and potentially escalate to full control over the server.
Together with the good-willed hacker 360, we were able to get even more proof on top what he had recovered initially that indeed it is the real server of Versus. All proof was provided to Paris right before putting this post up.
The Vulnerability
Testing the vulnerability was straightforward and as threesixty said a textbook one. There was no complexity in it or discovering it. How no one has reported it or fixed in 3 years I or him do not understand. Complete props go to him for finding it.
The Impact
Complete takeover. Database, files, cryptocurrency wallets (of course those that have used multisig are okay either way), real IP exposed etc. Complete pwn.
From threesixties (and mine) side nothing has been taken or modified in any shape or form. Only information was downloaded such as databases and files (including system ones to prove the existence) which would allow us to prove the vulnerability exists to other high ranking people like /u/Paris . Cryptocurrency wallets were never touched.
Given the issues with security that are now happening for the 3rd time in the markets history, Staff problems also affect Versus. I have no doubt that affects the security and maintenance of the marketplace. Staff are a core part of the marketplace without Staff administrators are nothing and vice versa. So for all of you marketplace admins make sure your Staff are well, financially and in other ways. When you are an employer it is your duty to ensure you create a good environment for individual employees to thrive and grow both professionally and personally.
Witchman05 himself said in this thread about Versus vendor issues, quote dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/e83da76a7c5f41e2f844)/#c-f13009c91041cbb306
I do know that Huxley, Poe, Gibson and Rowling have had some differences in opinion that came to a head about two weeks ago, and they’re probably still kind of simmering about that. I won’t go into detail, because that’s their business, but just saying, you’re probably not going to get an instant reply on this thread. There were a lot of factors, a lot of… underlying issues, a lot of kind of hurtful things were said, and it was honestly kind of ugly. I’ve been talking with all of them, seeing it from all sides, and while I’m honestly kind of hesitant to pick sides on that whole mess, considering I don’t have any sort of actual bond to the market itself anymore, I will say some things definitely could stand to have a bit of a shake-up in the process it’s been handled with.
Of course, I could be wrong. These guys that I’ve known for almost a decade could have decided to go completely irrational at the drop of a hat, burning not only these names but also their entire reputation for the rest of their careers on the Darknet.
My point is, be careful, all.
What I am trying to get to here is it all starts within. Bad Staff management leads to poor handling of tickets, lack of care for either customers or vendors, lack of any upkeep on servers and network and so on. As a marketplace putting up a patch is not enough e.g. restarting your services because they went down due to DDoS. Ask yourself why did they go down what is the core issue, it is all in the logs. That is how you solve the core of the problems not treat the aftermath with painkillers figuretively speaking. Not everyone has this way of thinking and that is fine but as a marketplace, a reputable one, it is your duty to have your shit in order.
I would also not be surprised that some of the ‘phishing’ of high ranking vendors that has happened had actually been hacked accounts from the database. Lots of reputable vendors got ‘phished’ with no clear explanation in sight. I am assuming another hacker has the Versus database as well and knows about this or other vulnerabilities and has abused their access.
In spirit of full disclosure currently Versus markets backend seem to be giving a white screen of death which may or not be related to the thinkering myself and /u/threesixty had been doing. That white screen has happened before which would mean we have not caused it or… someone else has had access to files and databases like we did and has abused it to DoS the backend into submission. If it had been a result of our testing we apologize.
We hope to have a fruitful conversation about security on marketplaces especially on established ones. Since day one my goal with AlphaBay was security followed by stability and usability and in the era of takedowns, DDoS (which further exposes your infrastructure as a marketplace) and rinse and repeat scams like those of groups like lovelace, administrators can not allow themselves not to test every single user input and sanitize it.
Further how an active Web Application Firewall (WAF) is not present on Versus is also beyond me. A lot of features of ‘security’ seem to be missing by a ‘security-driven marketplace’ like Versus claims to be. Admins should not be slacking when it comes to the security of their customers who are both buyers and vendors. The results are known what happens when you let go and do not follow the security guideliness. Security is not a product, it is a never-ending process.
Both threesixty and myself have the best intentions. That is why we did not leak the database or stole any coins. For me personally, 3 times is too much of anything but as with everything we should at least be grateful for what we have first and then work on improving it second.
Thank you.
Dread: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/81fac8c141c9fc519b9f
<h2 id="paris">Paris </h2>
Paris, the co-administrator of Dread, responded in the comment section of DeSnake’s post, claiming that he had verified the exploit.
Paris:
/u/DeSnake has provided me the exploit and rational. I have personally verified it.
IT IS REAL.
The exploit is extremely simple but compromising. It allows for full access to the underlining file system on the server. This include information within the /etc/ directory as well as wallet directories. It is a full information compromise of the system. Everything to the server’s IP address, to the backup of the database in the admin home folder, to the wallet files themselves. I am able to traverse nearly the entire file system with web server level access. There is no jail, WAF, and minimal care to limit the information disclosure in the event of a web server compromise. I am able to view the history of IP addresses which have previously accessed the server.
This is a major compromise and it is very easy to find and pull off. Even a simple scriptkitty that is running a web server tester will find this exploit. /u/WilliamGibson I will be passing this information over to you. This shouldn’t be a problem with even the most basic jailing practices on the web server layer.
Until such time as this is fixed nobody should use Versus. I can’t say that enough. This entire server is probably compromised already by law enforcement and being monitored. It is a total compromise and is without a doubt one of the worse outcomes to a simple security exploit I have seen in a very long time.
<details id="signed-copy"><summary class="u__s a2w">Signed Copy</summary><div class="a2x"><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">-----BEGIN PGP SIGNED MESSAGE-----</span></span><span class="line"><span class="cl">Hash: SHA256</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">/u/DeSnake has provided me the exploit and rational. I have personally verified it.</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">IT IS REAL.</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">The exploit is extremely simple but compromising. It allows for full access to the underlining file system on the server. This include information within the /etc/ directory as well as wallet directories. It is a full information compromise of the system. Everything to the server's IP address, to the backup of the database in the admin home folder, to the wallet files themselves. I am able to traverse nearly the entire file system with web server level access. There is no jail, WAF, and minimal care to limit the information disclosure in the event of a web server compromise. I am able to view the history of IP addresses which have previously accessed the server.</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">This is a major compromise and it is very easy to find and pull off. Even a simple scriptkitty that is running a web server tester will find this exploit. /u/WilliamGibson I will be passing this information over to you. This shouldn't be a problem with even the most basic jailing practices on the web server layer.</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">Until such time as this is fixed nobody should use Versus. I can't say that enough. This entire server is probably compromised already by law enforcement and being monitored. It is a total compromise and is without a doubt one of the worse outcomes to a simple security exploit I have seen in a very long time.</span></span><span class="line"><span class="cl">-----BEGIN PGP SIGNATURE-----</span></span><span class="line"><span class="cl"></span></span><span class="line"><span class="cl">iQIzBAEBCAAdFiEEbfleES3oPdbct1q5DE1JcU+sN9gFAmKETTgACgkQDE1JcU+s</span></span><span class="line"><span class="cl">N9jjpQ//avXy8kS1tMhVK4botRjGhXit+k88pwKwWnizwg+GQTaFCu+XCd3SrDa9</span></span><span class="line"><span class="cl">tjZrcgmaVYJYjr+lprKE/aSw9ak1go8D90631N59mTR6DRlBr4Q8c1O0uMKC8cX8</span></span><span class="line"><span class="cl">+ONi+JSN5QBiigtp1MC/mVIhQJeLdgx5bDl+MtJe0jXFK+t26WwvKpscbydr22kQ</span></span><span class="line"><span class="cl">0enYyhliHDp+ikH12gXVLGn2yLBMCi12UD3xxlCJDBB/nbzH10dY3L8qQmsyf0JV</span></span><span class="line"><span class="cl">dRV4YPpxKabui0yYxqrUy2uLGDxuyKx7thBG0zJyOg/Oewss2iRexGkxyomuw9be</span></span><span class="line"><span class="cl">82ijGWMHNKorNXwwgj41485cOknSsuPo3JaibQJr5BNESvjxCos2gbhnfJ10xXR+</span></span><span class="line"><span class="cl">SkM7hFQAJt28W1dV3/qXl+wV/iL1+VsxNBpjckDK+m+D4UsDwpS8eZkx1+Vq0jOI</span></span><span class="line"><span class="cl">qAQBubC/d9vLpQvgSqRUFdyiK+FTY/u6P3eXdTXJCB+AZ5wWfaUAiEKhstSK1Zba</span></span><span class="line"><span class="cl">W4Gh2TQSxgTZtmyh2NdahkRFTSe0NaGFx9FsDBA5gzL8PcVg8CqWuZwo4LH3/f8S</span></span><span class="line"><span class="cl">F2whSD9AUnPZ4mUpi4JzSVOOWyEL1cGiVni7Y5aKVdwWFEb6vWhEia178EOAjOjK</span></span><span class="line"><span class="cl">KlqkptcI1LMuy2DLPBK/c/vCW/NpbADUXj21X4DxRsxRwblyxHY=</span></span><span class="line"><span class="cl">=zt91</span></span><span class="line"><span class="cl">-----END PGP SIGNATURE-----</span></span></code></details>
dread: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/81fac8c141c9fc519b9f/#c-fa7cd8851e945ec830
<h2 id="immediately-compromised">“immediately compromised” </h2>
A user in the comments asked Paris why “you and your best friend desnake (the only market operator here that has actually has a market busted by LE) blow it wide open and you even make it an announcement?”
Paris responded:
You need to understand that the server with a simple exploit like this is immediately compromised. As in it has already been compromised for a long time. Unless law enforcement is sitting on their hands they have already pwned this entire server.
Priority for me is community safety. Which means immediate disclosure and warning. You may think that is fucking the community over but it’s not. The exploit is ALREADY there and probably has been there for a long time. Easily findable and a simple request crafted in a specific way exploits the file system access to basically whatever.
Limiting the damage caused is disclosing this and not having it behind closed doors to be fixed when the admins decide to fix it. They must move servers immediately and patch before bringing it up to the public. Right fucking now. Because right now it’s a free season and all the information to be had about versus’s server is up for grabs.
dread: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/81fac8c141c9fc519b9f/#c-d447d6525bd3caefd6
<h2 id="previous-incidents">Previous Incidents </h2>I.P. Leak
In March 2020, Versus paused operations to conduct a security audit after a “a potential IP leak from one of our middleware server[s].” Versus staff posted an explanation:<h4 id="what-happened">What happened? </h4>
A few days ago a DDOS against Versus started.
The application layer of Versus is very strong, so it was tor failing sometimes.
The attacker found an application layer vulnerability by requesting non existing captcha images. This lead to a lot of useless file IO and exhausted the main server resources.
Changing the captcha system isn’t a quick fix, so we deployed a custom middle-ware on the tor fronted servers to deliver the captchas and filter bad traffic before it even gets to the main server.
To further improve the resistance of Versus we did a V3 load balancing test.
To not have to apply the middle-ware to all servers for this test, it was moved to a single server in the same DC the tor front-end servers.
The plan was to use one middle-ware server for every balanced mirror, not every tor instance.
A bad decision lead to an IP leak of the middle-ware server.
Versus was down for about 14 hours to move our complete infrastructure to other hosts. From every DC, not just the compromised one.
Some additional errors then popped up because bitcoin-core, monero-core and our database got updated to the most recent version.
<h4 id="how-we-fucked-up">How we fucked up. </h4>
A trace route showed a perfect loop-back on the middle-ware server IP so the request was routed there via IP as nothing would go beyond the first router.
THIS WAS A BAD DECISION MADE AFTER NEARLY 3 DAYS WITH NEXT TO NO SLEEP.
The middle-ware gets the onion and adds it to a custom header so that we see from which mirror the request is coming from, but instead of extracting the onion, it extracted the IP from the request (it’s own) and added it to the header.
The main server used this header to generate the 2FA message where the IP was shown.
<h4 id="what-we-did-to-avoid-such-stupid-mistakes-in-the-future">What we did to avoid such stupid mistakes in the future. </h4>
The middle-ware was fixed to extract to correct onion under any circumstances.
The display of the hostname gets validated via regex.
There is no more routing via IP. The middle-ware will run on every single tor instance. The routing to the back-end server is also over Tor.
Additionally we checked the source to look for any other instance where the hostname/custom header might show up. Nothing was found.
This multiple layers of security will make sure, that even a bad decisions under sleep deprivation will not lead to such an event again.
Bitcoin Theft
In July 2020, Versus staff announced that someone had hacked the market and had stolen the majority of the Bitcoin held in escrow.
This is a post i hoped to never make but the foundation of Versus is honesty and transparency to our members. As of today, July 10th, we were hacked and a majority of bitcoin held in escrow was stolen.
We immediately took down the market and confirmed that no sensitive has been compromised. We are committed to identifying the vulnerability that was exploited and will not go back online until this is solved.
We know many of you are reading this and worried about your funds. We are going to do our best to make up for it just like we did with the lost XMR, either through refunds , reduced fees, free ads and more.
We also want to remind everyone that this is an unfortunate example of why MS is so important , your funds simply cannot be stolen.
Multisig payments are NOT affected and can be received with the presigned and timelocked raw transactions we provided vendors with.
To be perfectly clear: When we get back we will enforce multisig payments.
We know some of you may scream exit scam and we expect that. We aren’t going anywhere and will be back stronger and more secure than ever. We live, we learn.
The Versus Project is a lot more than just a market and we won’t abandon our vision.
To our community , thank you for sticking with us.
<h2 id="going-forward">Going Forward </h2>
Markets rarely return after something like this becomes public. However, Versus has experienced this at least twice. The market is more popular now than in 2020 after both incidents described above.
Comments (64)
Very Snakey2022-05-1921a8f7e0
So let me get this straight, we have no definitive proof of the “obvious” vulnerability? I would like to take a moment to ask DeSnake and Paris a question, “why is Versus still online and do you all think you are the only hackers on the internet?” DNMs are wonderful targets for hackers because they are loaded with cash and often times less than secure. I’m really supposed to buy that not 1, not 2 but 3 known hackers (not to mention countless other hackers and government organizations) found a big pile of money and just left it sitting there to help out a fellow competitor because they are just great people like that? Bullshit, how about DeSnake is 666y and DeSnake paid Pairs a bunch of coins to say that to promote his new little website. Drug users like Versus because it’s not loaded down with so much unnecessary OPSEC to the point where an average drug user can’t even make a profile, unless they have been scared shitless into doing it 1,000 times until they final get through. DeSnakey
Nigga is Peace2022-05-19e3ebd0d0
Did DNL independently verify the vulnerability? I mean nobody is trying to catch RICO here haha but come on DNL… could you help a Nigga out here or officially decline to comment… the article is sooo objective 🤣✌🏿
ronjeremy2022-05-19c9f82e20
Why anyone would would trust or allow DeSnake to come back into this scene is beyond me... 2nd in charge of a market that was bent over and pumped hard by the FEDs and he gets the red carpet laid out for him. Its one thing to pop back up after all the heat but he started AB2.0 claiming he wants to keep the legacy of AB going... from what I saw he was nothing but a generic admin/mod and is running off the fame and design instead of creating his own. That seems to go with all the little things that pop up with his name. He probably milked a TON of coin during the takedown and is now using that to pay off all the powerful ppl to build his rep back.
wellno2022-05-19292d9bf0
Lots of hate for the man for no reason he's came back but he's proven himself in every domain in my eyes... other admins talk the talk desnake walks the walk too
astolfo2022-05-19b97c9c10
its likely that LE have taken advantage of this exploit if it is as simple and bad as its being described. i highly advise everyone pull their funds out of the market while you still can, its very likely they will exit soon and they do not give a single fuck about customers or vendors and are willing to screw them over
🐍2022-05-19d8807350
Congratulations De🐍, this is either your team commenting or you’ve got this person totally fooled, and many many more will also be fooled, you will see a tremendous increase in registrations on “The big Number 2.” as Versus remains online for many more months to come. You’ll have those payments to Paris finished up in no time and see a great return on your investment. In a world of dummies, you are DeSnake. DNL remained almost perfectly objective with their reporting of your little heist, the only thing subjective about DNL’s article on this incident is that DNL posted the article in the first place… 🥜
whoami2022-05-19d4c21de0
Hats off to DeSnake since he came back he removed all competition and Alphabay is number 1 now! People might not like but at least man is about his business!! He also didn't post any details of the hack or took any coins he's the definition of a GOAT
SLOAT2022-05-19ba4b1ac0
Right, because the vulnerability is like Santa clause and the supposed “coins” are like Santa’s presents, how gracious of DeSnake to not take something that does not exist, he is the SLOAT of DNMs
king2022-05-19eec09500
alphabay for the win always knew they were going to be top market the king is officialy back time to tell my vendors to register on it
bigup2022-05-1905ffda30
Good on alphabay seriously they earned their spot.As a vendor I'm happy someone experienced like them run the market i get majority of my orders on big up
Rick2022-05-192f328460
DeSnake is actually the biggest retard going lol, who the fuck would actually buy this dog shit claim of a security vulnerability
observer2022-05-19794f0a40
I'm not a fan of alphabay because no option for bitcoin and I love my bitcoin but they've done the correct to alert everyone what if police got ahold of that data... Vulnerability claim checked by paris bro check dread why versus offline now hmm??
Fuckthisshit2022-05-190d1755d0
Where is the actual information of the hack? Who the hell made Paris the head of everything on DN activities? Seriously this is lacking and you really needed a trusted 3rd party to review this information. Paris and DeSnake lack credibility. Don't fucking suggest Hug Bunter either!
paris supporter2022-05-19637faaf0
hey buddy !! keep Paris name out of your fucking mouth OK!!???? hes the KING he runs THE GAME
hf462102022-05-19f2062240
Publicity stunt to promote alpha bay which is a shit overpriced market Versus will be back
lolz2022-05-190ca47fb0
Last I and all of dread checked the vulnerability is real..... versus was hacked! Why the FUCK ARE THEY OFFLINE? Contradicting yourself bro versus will be back.... from WHAT? A HACK IS WHAT. Alphabay has best pricing on entire DNM their vendor bond is 1.5xmr and their vendor levels are in steps I'm level 3 vendor and commission is 3.5\% pretty sweat if you ask me. On ASAP like 8 percent fees other markets are 5\% horrible
ass2022-05-194bbe0270
ayo all im sayin is dats a lot of spicy food for all these wite boys some 1 gon get laid the fuck out lmao all these people talking bout moving to assbay or bitchemia and im over here all like vice city is the shit
Meatballs2022-05-19a9023980
Why does desnakes name always crop up when shit goes down about other markets? You'd go to hugbunter or Paris first about a market exploit not a sketchy rival market owner. Its like 1 by 1 the competition is being hacked down until alphabays the only one left standing.
9877652022-05-19fff628a0
Versus should come back again, at the very least to allow to finalize orders and pull out funds. Otherwise it's just another exit scam, which the community doesn't need or benefit from. If it doesn't come back, admins should make a Dread post announcing what they'll do, give up, try fix it, go back online, give refunds to not scam people and say goodbye...just don't leave us vendors and customers hanging there brother.
whatstruth2022-05-19954e3490
just sum thougts what if 360s a fed trying to butter up to desnake if desnakes trusts him he will infiltrate if desnakes doesnt 360 will publish sql files or probs it will be "handed"" to le even tho they probly have it now and desnak will be in shit storm from dn comminity fr shit fuckig stinks but with no response from versus its could be true ngl but no surprises if versus been seized fr by now
lala2022-05-2086dd6960
You sound gay. everyone knows desnake is a CI so no reason for 360 to butta up his butthole when the whole thing is an act put on for impressionable tools like u.
Wp2022-05-199def4d80
Honestly dont trust snakes but i was on dread when someone posted logins for a pretty large vendor with the 2fa message i jumped on and tried it. It worked i was in that vendors account. It got banned from everyone trying it. I think its legit. Dude claimed to have phished the vendor. But how with 2fa enforced like it is. Versus is done and i actually liked it. I bet LE has known this for a long time. RIP versus and anyone that didnt encrypt or some other opsec mistake. Dark days for markets. This could be a way for leo to herd us to another site to watch the traffic again. Be careful everyone.
Oops2022-05-20b6bad2d0
Shit, this is real? Wow, this is making LE look really bad, they don’t give a fuck about DNMs apparently. Shame on me for writing all that shit. Cheers DeSnake, king in the North! 👑
baba132022-05-20c8925f80
and so ? is the market still working because I'm trying to log in and there's no way to get in
exeptionel2022-05-206c1a7f80
and so ? is the market still working because I'm trying to log in and there's no way to get in
lulz2022-05-208a46cd60
the lulz in these comments are just so damn satisfying It's like dropping a 1950s hand grenade into a poorly armored 1960s APC from an off the shelf retail drone.
joe2022-05-20db16d8c0
and so ? is the market still working because I’m trying to log in and there’s no way to get appently not
Sursex2022-05-200b181840
Hopefully these niggers dont exit scam like our beloved Empire Market from years ago
kalaph2022-05-20355ed740
exit scam? market gets hacked and guess what, a (tracked) package marked as "shipped" is extremely late for the first time in years
CaptBlackBeard2022-05-202d07c300
I am sure law enforcement had already taken several images of the website. I read somewhere that people were allowed to write in plain text. Not the safest market, def not the best market as Captain BlackBeard would say.
wizz2022-05-2080af7b10
last week when i tried to connect late at night i received a LE seizure page then DDOS again and they came back. so i assume LE was here for some times.
fucktrumptards2022-05-212848e720
As long as you used PGP to encrypt your orders I don't understand why you're all pissing your pants about LE doing controlled deliveries. You geniuses understand the marked was the just the middleman in this beautiful illegal drug enterprise? As long as you're only ordering small quantities and used PGP, you can sleep tight tonight. If you're dumb as fuck and used clear text, names, addresses and ordered 1k of coke - no sympathy for you and your ass that's about to be brutally raped in prison.
Tyrone2022-05-214eb91920
PGP does not protect you from vendors who decrypt your message and store it unencrypted. Every now and then they catch a vendor and get a hold of a ledger with all the above mentioned information for as many contacts as the vendor chose to store. Also, encryption has been proven highly ineffective against the “rubber hose method,” so even if that vendor stayed encrypted, LE has their ways depending on which country all of this goes down in. DNMs have their risks and a person would be foolish to assume otherwise, however, no matter how dreadful your OPSEC may be on the DN, you still don’t have to go see Tyrone on the street corner with his pants hanging so far off his ass he can hardly keep his gun concealed and of course transporting your purchase home.
titm2022-05-21e9d5a720
partially true, PGP can save your bacon if you're a small time dealer or big time user. In order for versus buyers to be fucked, this would have to be real, and not another BS exit scheme or ransom job. Say LE gets a hold of the entire site, with usernames, password hashes, etc. 1st step is to go after who ran the market, followed by identifiable sellers. Buyers are mostly safe. Been on DN for a long ass time, and bought lots of goodies from markets seized by LE; i'm still 100\% ok (no knock at my door ever), and trust me, my OPSEC used to be shit back in those good ol' days
TheKingisDread2022-05-219c972390
I think that right now the best option is Bohemia. they are on the SuperList and have all the reputable and established vendors. They also kind of Low Key type which makes them less of a target for hackers and/or Law Enforcement. [url=http://bohemiaobko4cecexkj5xmlaove6yn726dstp5wfw4pojjwp6762paqd.onion/member.php?action=register&ref=B9QXY4G0Cq]Verified link from Bohemia[/url] http://bohemiaobko4cecexkj5xmlaove6yn726dstp5wfw4pojjwp6762paqd.onion/member.php?action=register&ref=B9QXY4G0Cq Also the staff is real active and efficient in resolving disputes if ever there is one. Something with this guys just makes me feel safer for some
FSGD2022-05-21e7d94a70
Who wants to bet it is DeSnake that is DDOSing all their competitors like ASAP and Versus (RIP)?
lala2022-05-214ac6ec00
All market owners do that while pretending like they dont. Especially desnake.
VENDOR2022-05-21bbc1fe70
who the fuck likes alphabay? This market has already exit scammed once with the same goddamn name.
Correction662022-05-2188b11050
Correction they were seized due to opsec failure of other admin not desnake and they never exit scammed looks like desnake is the more competent admin out of the duo props to him+
dand2022-05-21280ab5f0
Not sure how this will play out. After WHM went down, buying drugs on DN has never been the same. I really fucking liked Versus, spend lots of $$$ there. Let's all hope the pesky no good pigs, aka LE, did not grab stuff that will make us all sweat. I'm not a dealer and always PGPed under a former tenant's name, so unless LE squeezes the vendors, we should be ok. On the other hand, like the guy above said, if you went clear text, real name and whatnot, bought enough snow to make Texas white, you're probably fucked. LE (if they actually got VERSUS data) will go after the vendors first, so keep an eye on the arrests. I also suggest stop buying your refreshments on DN for a while - free rehab bitches.
Mten2trappy2022-05-219b9f9500
Fucking retards hacking versus to promote a market thar is literally dogsbit and no one wants to use alphabay. Desnake, Paris and 360 are a bunch of greedy envious faggots that want to be the top market but it is NEVER going to happen Alphabay doesn't allow bitcoin and everything on there is overpriced as fuck. Versus is far superior, its easy to use, the vendors are very nice in my experience and I've never had trouble with my over 40 orders I've made as a customer I hope the people who "hacked" versus do the DNM community a favour and hang themselves. Versus will inevitably come back and will remain one of the top markets like it always has - M10
weiner2022-05-216b9f7b70
Get rekt fags AB #1 now like it or not. Better get used to buying XMR it’s the better option anyways.
weiner2022-05-216ccd9b30
Get rekt fags AB #1 now like it or not. Better get used to buying XMR it’s the better option anyways.
hdj28w8os2022-05-22d9392050
Still find it funny you sodomites are still rimming desnake and 360s arseholes. Alphabet is such a shit market it isn't even listed on dark . fail The prices are extortionate, most customers prefer btc over monero or XMR so just fuck off with your pathetic little market Versus will prevail -M10
m10isacop2022-05-2239c10950
who got up your ass? Versus is dead even if they come back not lots of people will use them they are dead beheaded finished!! Left the vendors without release codes and fucked off no announce no response nothing even if they come back super unprofesional lack of comment... Best prices are on alphabay compare at will openline other uk vendors and use btc? HELLOOO M10 COP!
jahsjsk28w902022-05-2233778640
You're a fucking stupid retard still that's promoting alphabay. This is so clearly a publicity stunt it is embarrassing. As soon as versus is back up people will still use it as its one of the most favoured markets. I've checked alphabay and in comparison the prices are actually considerably higher than what I would buy on versus so no thanks fuck off. Do me a favour and swallow a revolver you stupid cunt -M10
Fuck Versus anyw2022-05-2225e4c6d0
Fuck that shit market, giving tickets to vendors for bullshit and asking them to pay if they don't want to get banned after they lost their money to a hack before. Cash strapped losers that don't have a clue what they doing, only reason they made some coin was thanks to WHM and dark0de disappearing. 0 Customer service, promoted sponsored vendors send you half your order and scam you, they don't respond to tickets and do anything.
myass2022-05-22b4ba6f90
empire market is back go shop there FYI fuck desnakes market hes a bitch ass punk bitch...
hail2022-05-23fc73ca90
bitch ass punk bitch fucked lame markets with no security archetyp versus :-) empire? LOL no one use market exit scam before!! ALL HAIL ALPHABAY
hajdskkhjadskjha2022-05-195d18e250
no shit i've hit over a dozen in the last 24 hours u jelly, north cali? US ARMY INTELLIGENCE in bumfuck ARizona FTW paid off my hellcat and everything just in time for Brandon's gas prices, Ivan.