To ex-hansa vendors and dream market users

New here?

Read and follow the sidebar of /r/DarkNetMarketsNoobs


Hansa

I got contacted by an ex-hansa staff member telling me that the operation is apparently bigger than we currently assume, that 'there will be a bloodbath, a purge' and that 'any vendor on HANSA should immediately seize his operation, lawyer up and hide his trails.'

So you know, I guess hansa vendors should follow that advice and prepare for the worst. Do not panic, just stay rational and act accordingly. Preparation is key, use your time and do not give law enforcement any advantage.

Since law enforcement probably already know this too: he sent the message I am referring to from an older reddit account that is known to belong to hansa. He also posted a signed message with it some time ago, though I do not have the PGP keys of the support members to verify it. Does anybody have them stored?

Here the link to the previous 'What to do now' thread https://www.reddit.com/r/DarkNetMarkets/comments/6ohder/what_to_do_now_and_future_tips/


Dream

Since I had to remove the previous stick about dream, here the link to it https://www.reddit.com/r/DarkNetMarkets/comments/6ojwht/dreammarket_important_opsec_issue_leave_market/

Apparently the currently served JS code is nothing new, but ALWAYS USE A DNM WITH THE SECURITY SLIDER SET TO HIGH. It is explained how to do it at the top of this page.


Comments


[57 Points] xanax_xombie:

God damn it I hate that this just keeps sounding fucking worse by the hour, there is going to be a refugee crisis in weed friendly states here pretty soon.

Fucking ridiculous feds don't have better shit to do with their resources, god damn it pisses me off.


[53 Points] b_ba_basshead554:

I never used hansa, maybe had an account from some time ago. But you know what feds? Pull the trigger on me. I buy mmj in a state that legalized medical but no flower. I have a seizure disorder. I don't sell. I'd rather die from a seizure in jail then live in fear and be a zombie on my pharma meds. Pull the trigger.

I just have one favor to ask friends. If you see a guy die from seizure in jail who got arrested for weed post it everywhere. Maybe I can be useful if I die.


[26 Points] BrianEno_BBMC:

pats self on the back for being too lazy to bother with multi-sig


[20 Points] cantdodgethedutch:

How does a HANSA mod still have the balls to contact anyone related to DNMs? I thought they would've all moved to Belize by now


[17 Points] Those_Good_Vibes:

...God damn I'm glad I haven't ordered in forever.

Hope all you vendors stay safe.


[12 Points] AgoraMarket:

though I do not have the PGP keys of the support members to verify it. Does anybody have them stored?

/u/wombat2combat, I stored the HANSA PGP key that was used on the market, I believe it was listed somewhere on their support page... always good to import market keys for precisely these situations:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFWoC24BEADEMGrQbn7KQu52tfrm45w5ZdD3rn/svSN2iO/oddFxXG5a1LGK
aMVIrySTA4dbq73ZjRyUdMy3grxfFqQ/VnoqKvhBaMnwQGgGXrdaxqxARII5IH9L
Uikm6g+CpNeROH0Q5EAuzfkbux/uuOG/Q/PgSLh4XT2QikYPueJseSwmu40FFmsn
OZdg3c4tie9o7EaZHMHI2ghvEC4ZhlLlWc4YOWO2WSAZCSgzqLvu/jE/mc02YSpB
gF/1TgHNhGmIQVjjV6RdPGvzsUKYy8biVp3MvM/wAnOJ3kCsyAMxz5X5Fzow1DAA
Gd1DJEAY4YewvcLGzOepcwq8+ApvOD4FtatQeFRZaNNaiiT6DwqaLuWM5GpTu0io
lOxZRnFf59ys77nK6CjQlECs0w6p9rqUdrGRzXsOOg91YuVEru2sarMnl9hiynFr
RPcZLqzqM30bQ9KL+BzjxNsKSjLgK3CSE05R8U1yJwRANkEldn6CLyiegtFw4aUr
G+jgP6UKc9RrwpGi+pNTGjtQ0d7tx3W7S6Xx9hCTr/Y65AKm5IIVmBOpWWzLYXiY
x5eBH43WRZTDEfG7fnx8NKId37QEtGfoNFpHg1D8kg180D2HXc7Yg/OYwMxMl3kG
4Hr37F+AGfLyb/zt37H/Q4Q0FKK6eEXDcp9207VQco5NsRrVxdF0u9bHGwARAQAB
tC5IYW5zYSBLZXkgKEhhbnNhIE1haW4gS2V5KSA8aGFuc2FAc2lnYWludC5vcmc+
iQI2BBMBCgAgBQJVqAtuAhsDBQsJCAcDBRUKCQgLBBYCAQACHgECF4AACgkQpLsC
p15q9EgcuBAAiI9qFNibnuVuJwe3e3JyICGiStlSWVy6cvjggH7zt+p+0C0BQ2gK
wi3h8/ILJo7ZXhuksFF6ALAjrG1O0a8yH8yVPuTjc+Z2hfuZpLsxnMZs/VPFsYS5
QcEn8ek9Bi7yG9y8z6hGI7gpY/yJV4s979JBY5+SRYawXJkfp/dg9vEeKbNNM8qX
GKDWG7mtwI/rSjdf1RSqkXDF9mGeFyJ2cFeTeFQrDG8tjgH7LRM2OmUMDNeg6IUk
TCwzEDYVRnlzFCYl3pxk4k9bGxHQptSnH3b0ZOxqjM+1Lfe9wDFMzZSVldxgFIYR
qvidFOz1BSPdf8b/gVVCmWgIYjG0EoQBR6mIqR4ecoMfuyJibTZSDA+AZm6SvcC8
sOQxEaZ9bx8qLK2qXbCbf4YqYS6gFtw6/JEvB4cwG4U3qNjYnSVyQ+7lEjgfTM4p
wV4fDYhH0/2qyjWURMQRkZF+I7vufMZVzuwATZVq/BB51V+xM5tQPeAmdABzCxyw
gLlheWILm8NJN3SKLlR5gi6g7QpNKzF5te5P8KDy5AeWIufk8YGrif38zZwxU31I
G/ujtMduiE2eS78rWQ/x7rSBrgN8R9ADgywWHk8wE//7QzCOZomTbXUFXugqBwre
2MuRiQ6tXLqtMv/5XCkvgISoWGNmAa3vfG2lRIPq+tyQtCXe7+MKbUa5Ag0EVagL
bgEQAOz4G4Q7KFU/TXzmn3bgnmE4jZt9p48o7o64PVPi+UO4kX5i4nG9DGkr+ycx
/XaC9rxYUT/gvomDdfROH56CPPcY3AcDjW0fhTyZ74+EwzbBsOaHf+hbDlXz5CLm
R0znyFsGjDPQcL+yqgzlxJWNRKMOuMESNOfyrMVRjRBF12FEm0BfAc3wH/mHbPGC
jW/nTfiH643ZGLtjCy4lm0G04BxszI1YHHiIqxUl61hht505ZaTlJsuHy2c61FGc
mggA5F+tN9T3B6BlmojOG2gP79+DSXq8wP6ooy4KgrxuxCpwetseSPTZczMTC3Y7
1gEsps+A/tVGUxqKg7utInmgJZEWA0OmRt2GkxHNOYqXHtLtgbPUe6wZCtgP56Hi
ZP2wuUAUKMKsXcpjJk3fSjwI8Pu8PntPtAkGfnrDx8i6LYJm7654tmY6ZLp25d5z
rB1SHZeJoSKFX13K/Fd9IFI54WGSOSA86SxbpIYZxkzGwzqWSKTwce9niWCWpgoq
OBHeWzScj15wPRqtm1ZkwTBmIK6ub5meupxiUXPxaotRT2ViR71zPi+mB67EnHhE
lu+6qy5AHZcOf33qHHcUk+YmsCZs13z3DZT494GXjf5yZxTKpXbOhPIMIEk/VhSt
mTa9l/IQTLw0zXpHXyJmafhyO46iihg6mFkur6bGnp3wu503ABEBAAGJAh8EGAEK
AAkFAlWoC24CGwwACgkQpLsCp15q9EhhuhAAk4Vd+Z+gYO/4QrH+ZiziecN6+dar
BSo8eilkYHDbyPbo03W0/ao4Q0L6/xpkwciSph8/seCV/P4dWhMYRAtbqaqCxkXK
uEvmyKMAw8qkVB3OgN7GORcZ7/e4oPlf//U+XDgTudlt2+F/p8OW47lI0S9VJ07/
VLn/a1WjjlgLVk9IutZPU4USJ8HuRjodaRjatxmBmM1lmfDf6Dfke2znOjMmZMZx
7heopqCXsWw1VZjPqWgjK78C/nuQhltdFMDDPv7yqCygKXGAbLD5aYjB9j1uGOAJ
hMmxYZSEI3FX8f3X+U3HKgA5RqzqnBhYn+yeIdWSHqkJe0IU4lMBh2RLWYLEYsmi
k/RlfEwi978E+/kg4D3tyXPpzlugs4pNxZaqzDviZcmcJgbEgkNlluf01Uedh51C
Vr1923UvB4337aROERa2S3sota+a8mbYBJQQ0XliRFm+McHtdnnWy2AoIMGlumeC
C54fnw8Y+YNEJgtyXzYGlLp4WQDjpYFIMpeEFDWAqhKJ/+Geow9ZJzPiENv7eUU9
CwrvsRQuVkG1wxguWu1BUNpBooWM3n1M16DubFxbpvMnZdYj83AkYbE7z/ioqjb0
xz/DePpdwdIqqTCj7UfDEyOzbZN8PP323XV8K4WQ7DdFDJnF5KPO0zmmlPeJGc+1
uYkyDBxoZ5SlWzk=
=Ktu4
-----END PGP PUBLIC KEY BLOCK-----


[7 Points] NoFreedomWoAnonymity:

Maybe it has to do with operation TITANIUM? Same agencies and countries involved in the HANSA take down are part of TITANIUM. They now have a whole database of Bitcoin transactions. Why go look anywhere else if you have such a mountain of information? Sounds mildly plausible.


[6 Points] qpquestion:

How would an ex staff member have insider LE info though? Lucky he's ex staff I'd say. But doesn't that mean he wasn't staff when any of the shit went down?


[6 Points] DaRealDonaldTrump:

ex-hansa staff

there will be a bloodbath, a purge

speculation/no proof

where is the tag?


[3 Points] JelloCreationist:

I wonder when AK will come back and provide proof of knowing this shit was going down


[2 Points] wogapogasz:

Has PGP itself been compromised? I placed an order over on Hansa, and the PGP key matched with the one on Dream. I've since noticed a couple things, the first is that the on Dream - it started with

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - https://gpgtools.org

vs on Hansa it started with

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2

On Grams, I searched the Public PGP Key block that I had gotten from both Hansa and Dream and it correctly identified the vendor, and also included links to several of his other previous vendor accounts on now defunct markets - agora, abraxxas, Alpha and ValHalla as well. I noticed that the Public PGP Key block I got from Hansa, and Dream matched the one on ValHalla (which it appears the vendor never used this market, and had not been logged in for a long time) - However, I noticed that although the Public PGP Key block I used to search for on Grams brought up a listing of his reviews from Evolution etc and linked to his other market profiles - I noticed the Public PGP Key block that Grams displayed itself for the vendor did not match the Public PGP Key block that I used to identify the vendor via Grams, and nor was it the same as those listed on Valhalla, Hansa or Dream - but it displayed the EXACT same information the Public PGP Key block from Hansa, Dream, and ValHalla displays when opened in the Key Manger - fingerprint, user name, key id, expires at, key type and created at - are all the exact same no difference at all - the only difference is the Public PGP Key block its self as in one ends with say 013x and the other ends with 27s3 - besides that all other information is exactly the same. The creation date goes back to early 2013, and like I said all the information for both Public PGP Key block displays the exact same information nothing differs besides what I mentioned.

Can L.E create a new Public PGP Key block which duplicates the fingerprint, creation date, key id, user name, key type and create at? I would of thought if L.E did swap out PGP keys, the ones they had used would of shown in the Key Manager as displaying rather recently and the fingerprint etc would not match.


[2 Points] Canna-Creations:

We're trying to figure out what site/service to move so we can continue. We will be continuing our services. Fuck LE. We all will ALWAYS find ways to get around their fuckery.

Anyone who wants to contact us for orders or our existing clients:

Cantact us on Pidgen live chat: Canna-Creations@404.city


[1 Points] Cannablys:

This is showing considerably that we should avoid the markets for a while and see how how the situation escalates (or de-escalates) in the coming days.


[1 Points] Kuntergrau:

Can you give us more details? What kind of proof did he provide that he's in fact the ex-hansa staff member and not a troll or LE?

Very old/confirmed keys?


[1 Points] funkdogg:

RemindMe! 5 hours


[1 Points] Bigw0rmer:

I got contacted by an ex-hansa staff member telling me that the operation is apparently bigger than we currently assume, that 'there will be a bloodbath, a purge' and that 'any vendor on HANSA should immediately seize his operation, lawyer up and hide his trails.'

its gonna be a rough few months :( ...shit is wild


[1 Points] throwaay7272:

I am really surprised vendors aren't seeing the big picture here. Why did they want everyone to move onto Hansa instead of going after the big fish in AB? Simple, you get 2 for 1.

Hansa offered easy "Auto encryption" for the buyer, so literally thousands of people just handed over the address to LE, and they got a laundry list of buyers to go through. This not only allowed for that, but the profiling of vendors began. A handful of packs got stopped, checked for prints, locations, etc.

Next, for vendors. Sure, they could have re-done the code on AB and got a ton of vendors IP, but not as much as they could have got off Hansa. I think vendors are underplaying how risky it is to download files from any website, especially a file that was recently edited and put on a website that was designed to be malicious.

LE didn't go out of the way to update the file essentially forcing vendors to be sure they download it because they REALLY want you guys to get the coin once they take it down. They also didn't throw up that blue banner to remind you guys to install that file right before it went down to be nice.

Vendors, you let basic OpSec go out the window once you downloaded the file. This is a huge nono, and its being underplayed. I don't care if you have JS disabled, on Tails, or whatever OpSec you think is good enough. You have to assume you are fucked. The FEDS wanted you to install that for a reason, and it will be the thing that unmasks you.

Everything else will play small roles to help confirm and build a stronger case. The profiling that was caused by the thousands of buyers who didn't manually encrypt. Following the bitcoin, among other things. If you were a vendor on AB but didn't go to Hansa, you are probably slightly more okay. If you were on Hansa, you have to assume your fucked.

Buyers, if you auto encrypted anytime in the last 30 days - you are fucked. If you just used tor (no tails) even if you didn't install anything, you leaked your IP. If you sent any coins from Localbitcoin, or worse coinbase, this will be traced to you.

Investigations will be on going. Tons of sellers will get nabbed, taken over, and continued to used to grab more sellers. Stay safe, but assume this was pretty much the worse case thing that could have happened.


[0 Points] MandyThatGirl:

How have we reached this lowly place...? Drowning in feds and it sickens me! How can one girl brace herself against the tide...one tiny voice adrift in a sea of treachery, only to be dashed upon the rocky shores of drugless destitution.