This year’s first “Friday the 13th.” proved unfortunate for some in the dark web ecosystem. Solaris – one of the leading drug markets on the dark web – has been taken over by a rival market called Kraken (not affiliated with the legitimate crypto exchange of the same name).
The $150 million dark market dark web site is estimated to have held between 20 and 25% of the illegal market share and remains unavailable as of January 17th.
Following the April 2022 seizure and sanctioning of the $5 billion dark web marketplace Hydra, a number of competing marketplaces in the Russian-speaking world have been competing for buyers and suppliers. Solaris – which has emerged as one of Hydra’s biggest successors – has handled about $150 million in drug sales and other illicit goods and services in its short life.
Solaris Dark Web Market
The war in Ukraine
During Russia’s war with Ukraine, Solaris became associated with the pro-Kremlin cyber hacking group Killnet. Led by the anonymous hacker “KillMilk”, Killnet attracted the attention of the Five Eyes Intelligence Network for its distributed denial of service (DDOS) attacks against NATO and Ukrainian cyber infrastructure.
KillMilk has made no secret of the group’s affiliation with Solaris, which is the source of more than $44,000 in bitcoins for Killnet’s donation wallets. Both Solaris and Killnet were credited with hacking the rival dark web forum Rutor in 2022, which has long been seen as a political rival due to its perception as a pro-Ukrainian media outlet.
Elliptic Investigator Shows Killnet Bitcoin Donations From Solaris.
December 2022: Security breach begins
Solaris’ security problems originally began in December 2022, when Ukrainian cyberhacker Alex Holden revealed to Forbes that he had breached Solaris and its central Bitcoin wallet. By submitting evidence verified by Forbes, Holden was able to withdraw 1.6 bitcoins ($25,000) and donate them to the Ukrainian charity Enjoying Life. The charity has confirmed that it has received the donation.
On the same day, Solaris issued a statement disputing the claims and criticizing the lack of evidence. The market also suggested that he never keeps less than 3 Bitcoins in his administrative wallet at all times. Still, it’s likely that talk of this security breach has led to increased attempts by Solaris’ other rivals to identify vulnerabilities in its systems. The breach that took down the site happened just 22 days later, on Friday 13 January.
January 2023: Kraken takes down Solaris
Kraken – a recently launched Russian-speaking dark web marketplace unrelated to the legitimate exchange of the same name – is also seen as pro-Kremlin. However, it maintains rivalry with other pro-Russian markets vying for market share in the void left by Hydra. Complaints with Solaris and Killnet have been widely shared on the Kraken-affiliated dark forum WayAway.
Solaris users who attempted to access the marketplace on January 13 were redirected to Kraken, with a notice announcing that it had successfully downloaded Solaris’ cyber infrastructure, the GitLab repository, and the project’s sources. The download was confirmed by a recently launched Telegram group associated with Kraken.
Kraken attributed its successful takeover to lax operational security by Solaris administrators, which allowed the hack to take place over three days without warning. Logs apparently confirming the Kraken’s complete control of Solaris were also shared.
Kraken also announced that Solaris’ Bitcoin wallets have been disabled. Elliptic’s internal data confirms that no activity has been monitored on Bitcoin addresses associated with Solaris since January 13th.
Killnet and Infinity – a dark forum recently launched by Killnet – have remained largely silent on the takeover, instead focusing on the apparent Killnet hacking attack by the US Internal Revenue Service (IRS). Meanwhile, many groups of Kraken-affiliated sellers on the WayAway Forum are competing to recruit ex-Solaris sellers of illicit goods and services.
Elliptic’s Crypto Intelligence functions routinely monitor the dark web ecosystem, ensuring our clients have access to the latest data and are able to review the latest risks arising from illicit dark web markets and sellers of stolen data. Contact us for a demo of our blockchain analytics solutions.
EMEA Crypto Crime Crypto Businesses