A popular Dark Net market site called Nightmare has suffered a hack and is currently “under maintenance”- a common sign that a crypto-friendly underground site’s admins may be pulling exit scam, DarkNetStats reports.
Nightmare administrators are insisting that users will have full access to their balances once the period of maintenance is complete:
“Every single person will get their money and be able to happily buy and sell!”
“We are not planning to have the same issues as other market such as Dream had at the time where your XMR is just gone. We will NOT allow this to happen!”
“So, please support us, we are here for you and hopefully this makes you realise we are not out to take anyone’s money. No, we are here to build the largest and safest marketplace on the Darkweb!”
Unfortunately, DarkNetStats is claiming that Nightmare has continued to accept customer deposits but is not allowing withdrawals:
“After this announcement the staff disabled bitcoin deposits and withdrawals but in reality they just disabled withdrawals only and the deposits were still working and unsuspecting users were deprived of their bitcoins in this week long saga.”
Allowing deposits but not withdrawals is something certain crypto exchanges have done in the past in an attempt to ‘balance the books’ and keep operating following the loss of funds in a hack.
DarkNetStats provides a testimonial from Dread forum user and “known drug vendor ‘StrongWeed'” in which StrongWeed claims to have not received 1 Bitcoin withdrawn (worth $11000 at time of attempted withdrawal):
“I’ve withdrawn 1 BTC from Nightmare at July 7 and Bitcoin never arrived to my wallet. When I ask to support they give me a txid but that is not my BTC address. I’ve never seen that money. On blockchain it’s all good with their txid. Money reached to an address. I’ve heard for deposit problems but this is so weird. What’s going on!?”
Dread bills itself as “the Reddit of the Dark Net” and hosts pseudonymous communicating regarding Dark Net affairs.
In the article “7 Darknet Markets Where Your Cryptocurrency Is Welcome,” crypto news site Bitcoin.com describes Nightmare as follows:
“Nightmare earns the award for multicoin friendliness; no less than six cryptos can be spent here. In addition to BTC and BCH, shoppers can use DASH, LTC, XMR, and ZEC. Nightmare is stocked to the gunnels with products too, including 46,000 entries for drugs alone. It’s also got a busy erotica section. The site’s vendor rating system is particularly user friendly, making it easy to discern who’s reputable and who’s not.”
Nightmare’s assurances seem to have worked to a degree, but according to DarkNetStats, not long after Nightmare’s first public communiques were issued, a “hacker” on the Dread forum began boasting that he or she had hacked Nightmare and also began to broadcast private password information to substantiate the claim.
According to DarkNetStats:
“The person claiming to have hacked vendor accounts…posted lists of the first and last words of a vendor’s mnemonic. Some vendors confirmed a match between the words posted by the alleged hacker and the 14 words they had saved during creation of their account.”
“The hacker seemed to have full access of the market because without full access he wouldn’t be able to provide something so important as mnemonic.”
DarkNetStats says it attempted to confirm the validity of hack claims:
“Darknet markets are rife with disinformation campaigns targeted by rival competitors. We wanted to confirm the hack by ourselves so we contacted the hacker using a secure chat server. In our conversation the hacker gave us some screenshots of the market backend which showed confidential information about the market and its users.”
The “hacker” also furnished DarkNetStats with a screenshot of internal messaging at Nightmare regarding the “hack”:
Nightmare is claiming that the hack was in fact an inside job executed by a rogue admin called “Creative,” who was ejected from the project:
“Here is the real story, that we do not like to share but in the light of everything, you deserve to know: The admin; Creative, tried to steal from us…period. He was not part of the team anymore because of private reasons. But for the safety and continuation of the market we had to move on without him.”
“This resulted in him trying to steal money from the market through fake vendor accounts and eventually gaining access to a support member account (with partial info he saved from that account when he was still admin).He then followed to lock vendors and take over their account, which an admin can do and subsequently empty their wallets. This has resulted in him literally stealing funds.”
“As if this was not enough he then made screenshots of market specific data to post it under the motto! I HACKED THEM.”
“‘They were planning an exit strategy’”
Nightmare is once again promising to remunerate users:
“Now, let me make something very clear. We are NOT and NEVER HAVE planned an exit. And we WILL pay every cent that the affected accounts have lost from our own pockets.”
DarkNetStats says the “maintenance” notice is still up on Nightmare’s landing page, and recommends that shadowy shoppers should probably shop elsewhere in the meantime.