Reminder to Verify Empire Market .Onion Links
Darknetlive recently mitigated the phishing clones of this that sent users to fake marketplaces. Dark.fail recently dealt with a number of the phishing clones of dark.fail (and spoke with the entity responsible for many of the sites) as well. This is a cat-and-mouse game. Our fixes will work for the time being but the phishers will find a way to get around our fixes. For now though, the measures put in place seem to have helped prevent people from finding phishing links through phishing clones of darknetlive. This unfortunately is far from a solution to phishing in general.
Use Dark.fail for Empire Links
Dread users, as well as the users of several subreddits geared towards users of darkweb markets, have likely received messages with a semi-convincing message about new market mirrors. Unsurprisingly the message also contains those mirrors. In no world are those links worth clicking. Most of the time this is obvious. But as a prolific phisher and scammer once wrote about Empire Market’s anti-phishing measures, “the end user is always the weakest link to a system.” In other words, some people are idiots.
Here is a message darknetlive recently received on Dread from a user named “EmpireModerator.” The seemingly official username would convince some users, unlike many of the various accounts used by the growing number of phishers.
Due to the recent DDOS attacks, our technical team has been working hard to provide some alternative ways to deal with it. Right now we mainly control it but we want to explore new ways to avoid any downtime in the future; for that we are creating some new onion links with higher uptime rotating our onion links internally in a proper way with a custom onion balancer that will distribute our traffic better between remote servers. Also we recommend special caution with dark.fail as some users reported that they got phishing links from that source.
You can use any of the following links to access Empire Market, please bookmark them to avoid any phishing attack:
Empire won’t ask for your pin or mnemonic, bitcoin deposit address
always starts with 3 and please check the login phrase on the homepage to ensure that you are using a legit site
Empire Market directly tells users to use dark.fail exclusively for valid mirrors. The first step is to get mirrors from dark.fail. Not darkfail.com, darkfail.org, not some stranger’s message on Reddit. Dark.fail.
Use Dark.fail for Empire Links
If, for example, you visited one of the links from the message above, you would see a very convincing Empire Market frontpage. Unless you have memorized the extensive list of Empire Market mirrors, appearance alone would not be enough to verify the legitimacy of most phishing sites (those serving the real market through a reverse proxy at a minimum).
Empire Market Real vs Fake
Verifying the Mirror
In the menu bar there is a link titled “Verify Mirror.” That link presents you with another captcha. Once past the captcha, users will find a message signed with the market’s private key that validates the mirror. The phishing page will have a similarly signed message and appear valid as well.
Empire Market Signed Mirror
Copy that entire message and create a text file containing only the contents of your clipboard. Run gpg --verify /path/to/file
The valid link will check out:
The invalid one will not:
The market’s PGP key is available here and at the bottom of this post.
The obvious solution is to get mirrors provided only by dark.fail, the Empire Market login screen, the Empire Market subdread sidebar/ sticky message from /u/Se7en or another Empire Market staff member.
Below is a message from /u/Se7en on the topic of Empire Market phishing links:
Empire Market will never ask for your PIN or mnemonic to log in
If you are asked for your PIN or mnemonic to log in you are on a phishing site.
We will never PM you asking you to verify your account. Watch out for staff impersonators.
There are phishing sites that act just like Empire, to make sure you’re not using a phishing proxy always verify mirrors at /safe and only get links from dark.fail
How to obtain a legitimate link
Mirrors are available on DarkFail
dark.fail or darkfailllnkf4vf.onion
How to verify if a link is legit
How do i secure my account?
Empire Market PGP Key