AlphaBay users scammed out of more than $1 million USD

in #cryptocurrency7 years ago

More than $1 million USD worth of digital currencies were stolen by a darknet phisher. 

An anonymous user that went by the name of "Phishkingz" recently bragged how he stole over $1 million dollars worth of Bitcoin from accounts on AlphaBay within the last year. 

As you may recall, AlphaBay has been in the news a lot lately for being shut down recently by authorities and was reported as being the largest darknet market place at the time. 

It was ten times the size of Silk Road and had achieved a reputation for excellent service by it's users. 

How did he do it?

Phishkingz said that he decided to start phishing AlphaBay accounts following his discovery of a flaw on the site's forums that allowed him to monitor new members the moment they joined the site. 

He would then send them a verification process which would redirect them to his link. From there, he was able to get the new member's login details, PGP private keys, passwords, pin codes, mnemonic phrases etc. At that point, their money was as good as his.

He would then periodically check their accounts for new deposits from which to transfer to his own accounts. 

Increasing profitability?

As he was able to steal more and more funds, he decided it was in his best interest to expand his phishing empire. 

He went on to employ 27 people to help him steal from the newly registered accounts. According to Phishkingz, one of the major reasons for his success was the total lack of support given by the AlphaBay moderators.

Specifically he had this to say about them:

"The admins didn't really care about their customers, and it only took opening a support ticket with a problem to learn this. BM (Big Muscles, an AlphaBay moderator) especially is a stupid one. He would let me into accounts for 50 percent if I provided mnemonic phrases knowing I had phished the account in the first place."

If you are not familiar, a mnemonic is a tool to help you remember facts or a large amount of information. It can be a song, rhyme, acronym, image, or a phrase to help remember a list of facts in a certain order.

For example, in order to remember Kingdom, Phylum, Class, Order, Family, Genus, Species one might come up with:

"Kyle pees clear only from good spirits"

Or something along those lines...

It was frighteningly easy.

It is pretty scary to hear how easy it was to take advantage of new users and how little was done to protect them. 

My first thought was that most of the users using that market place were likely selling or buying some kind of illegal service or stolen good and that is what they get for dealing in those kinds of goods and services. 

However, the total lack of regard from the moderators and admins is something that I have seen quite often on many of the crypto exchanges as well. 

Hopefully that isn't something that can be exploited by bad actors like Phishkingz. If it is, hopefully as cryptos start to hit mainstream that all starts to change...

As more people come, hopefully a better infrastructure does as well. 

Stay safe friends!

Sources:

https://en.wikipedia.org/wiki/AlphaBay

https://cointelegraph.com/news/scammer-steals-1-mln-worth-of-bitcoin-in-14-months-from-alphabay-users

http://examples.yourdictionary.com/examples-of-mnemonics.html

Image Sources:

https://bestsecuritysearch.com/alphabay-dark-web-marketplace-exposes-private-messages/

https://www.hackread.com/dark-webs-largest-trading-platform-alphabay-hacked-200000-messages-leaked/

https://alphabaymarket.com/

Follow me: @jrcornel

Sort:  

Just crazy to read this and I'm really glad they got shut down. Some sites/ICOs are nothing more than money grabs and hurt the long term viability of cryptos. I hate to say this, but some form of regulation may indeed be needed and I think it's only inevitable at this point if crypto is to go mainstream.

Gotta keep my cryptos safe 🏃🏃🏃🏃 🏃🏃🏃🏃

Whats even scarier is how it happened on the TOR network which is suppose to be secure. But nothing is really secure! I wonder if other hackers will try to get retribution for the money they have lost. Like doxing and people some of the peoples info out there that ran some of the shops on Alpha. Thanks for sharing great post.

The problem is that it doesn't matter how safe a network is, if the human beings are the one, who make the mistake.

Exactly, human error (AKA stupidity) is the number one reason for darknet busts, Check my analysis of Alphabay and Hansa busts

Nothing is ever secure, that's why everyone should diversify investments and holding centers too.

I though the FBI seized Alpha bay on the 4th?

Authorities did shut it down, this guy scammed over the course of the previous year... you should try reading the post next time ;)

What are the current marketplaces to use right now?

Thanks for your sharing

wow.. a master mind.. luckily i do not have much digital currency.. but those how have must be careful..

thanks for the update..

Thanks for the lesson

Its not good for us..
Thats our money.

Its really scary how easy its done. Thank u for taking time to share information like this.
A great heads up.

Even if he access the info of the users how was he able to crack the 2FA authentication required by most wallets to transfer funds? Did he have their mobiles phones cloned as with the email addresses linked to the wallets?
I know cryptos aren't fool proof but this guys got me thinking..... .......

wauw this was one of the best articles ive ever read thnx for the information man and keep it up that way you deff get my upvote
greetings from belgium ;)

A fine read, upovted. Here's my fresh take on police busts of AB and Hansa.

Everyday in crypto...

Different day, different hack...

nice post good info

there should be a leniency for government people so they are protected from gangsters once everything falls apart. How can one sleep at night when doing a job where good people kill themselves and others go forecer to jail. Maybe they are aliens who control the planet

sir i have bitcoin i don't know how to cash out any one help me @farhannaqvi7

Sneaky weasel

great post thank you so much for sharing

Scammers gonna scam and losers gonna lose

Great post. Please read my biggest danger in crypto, would love your feedback -
https://steemit.com/cryptocurrency/@cryptocoinclub/blockfolio-addiction-help-group

They deserved it! If you signup @ an illegal website you should know that there are consequences. And besides no body signed to buy legal stuff that is available on Amazon.

Thats why SYS BM is going to shine ! Buy & Sell goods from your virtual store from your local wallet ! end of all dramas !

Seems like crazy stuff but I shouldn't be surprised. Still no surprise. The web, darknet especially, is like the Wild West. Only person who can keep you safe is yourself.

No its daily routen every day some one hacked