Wednesday, December 11, 2024
banner


This year’s first “Friday the 13th.” proved unfortunate for some in the dark web ecosystem. Solaris – one of the leading drug markets on the dark web – has been taken over by a rival market called Kraken (not affiliated with the legitimate crypto exchange of the same name).

The $150 million dark market dark web site is estimated to have held between 20 and 25% of the illegal market share and remains unavailable as of January 17th.

Following the April 2022 seizure and sanctioning of the $5 billion dark web marketplace Hydra, a number of competing marketplaces in the Russian-speaking world have been competing for buyers and suppliers. Solaris – which has emerged as one of Hydra’s biggest successors – has handled about $150 million in drug sales and other illicit goods and services in its short life.

Solaris market

Solaris Dark Web Market

The war in Ukraine

During Russia’s war with Ukraine, Solaris became associated with the pro-Kremlin cyber hacking group Killnet. Led by the anonymous hacker “KillMilk”, Killnet attracted the attention of the Five Eyes Intelligence Network for its distributed denial of service (DDOS) attacks against NATO and Ukrainian cyber infrastructure.

KillMilk has made no secret of the group’s affiliation with Solaris, which is the source of more than $44,000 in bitcoins for Killnet’s donation wallets. Both Solaris and Killnet were credited with hacking the rival dark web forum Rutor in 2022, which has long been seen as a political rival due to its perception as a pro-Ukrainian media outlet.

killnet bitcoin donations to solaris

Elliptic Investigator Shows Killnet Bitcoin Donations From Solaris.

December 2022: Security breach begins

Solaris’ security problems originally began in December 2022, when Ukrainian cyberhacker Alex Holden revealed to Forbes that he had breached Solaris and its central Bitcoin wallet. By submitting evidence verified by Forbes, Holden was able to withdraw 1.6 bitcoins ($25,000) and donate them to the Ukrainian charity Enjoying Life. The charity has confirmed that it has received the donation.

On the same day, Solaris issued a statement disputing the claims and criticizing the lack of evidence. The market also suggested that he never keeps less than 3 Bitcoins in his administrative wallet at all times. Still, it’s likely that talk of this security breach has led to increased attempts by Solaris’ other rivals to identify vulnerabilities in its systems. The breach that took down the site happened just 22 days later, on Friday 13 January.

Forbes article on Solaris

January 2023: Kraken takes down Solaris

Kraken – a recently launched Russian-speaking dark web marketplace unrelated to the legitimate exchange of the same name – is also seen as pro-Kremlin. However, it maintains rivalry with other pro-Russian markets vying for market share in the void left by Hydra. Complaints with Solaris and Killnet have been widely shared on the Kraken-affiliated dark forum WayAway.

Solaris users who attempted to access the marketplace on January 13 were redirected to Kraken, with a notice announcing that it had successfully downloaded Solaris’ cyber infrastructure, the GitLab repository, and the project’s sources. The download was confirmed by a recently launched Telegram group associated with Kraken.

Kraken claims to have taken over Solaris' cyber infrastructure

Kraken attributed its successful takeover to lax operational security by Solaris administrators, which allowed the hack to take place over three days without warning. Logs apparently confirming the Kraken’s complete control of Solaris were also shared.

The logs apparently confirm the Kraken's complete control over Solaris

Kraken also announced that Solaris’ Bitcoin wallets have been disabled. Elliptic’s internal data confirms that no activity has been monitored on Bitcoin addresses associated with Solaris since January 13th.

Killnet and Infinity – a dark forum recently launched by Killnet – have remained largely silent on the takeover, instead focusing on the apparent Killnet hacking attack by the US Internal Revenue Service (IRS). Meanwhile, many groups of Kraken-affiliated sellers on the WayAway Forum are competing to recruit ex-Solaris sellers of illicit goods and services.

Kraken-affiliated seller groups on the WayAway Forum compete to recruit ex-Solaris sellers

Elliptic’s Crypto Intelligence functions routinely monitor the dark web ecosystem, ensuring our clients have access to the latest data and are able to review the latest risks arising from illicit dark web markets and sellers of stolen data. Contact us for a demo of our blockchain analytics solutions.

Do you find this interesting? Share on your network.



banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com