-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We would like to announce the launch of our new market, Empire Market.
Our market is modeled after the late AlphaBay Market and has all of the
basic features you are familiar with: 2FA, trust levels, advanced
notification system, support system, exif data remover for listing images, and more.
We chose to use AlphaBay's UI because of its simplicity and user friendly traits.
We began working on this market since August of 2017 after AlphaBay went down.
For those of you who have used AlphaBay Market before; vending, deposits,
and the order purchase process is virtually identical. The UI may look the
same but we assure you every line of code is original and written from scratch,
utilizing the latest in server security and development platforms by a very skilled team.
PGP and 2FA
Only vendors are required to have a PGP key, but it is recommended that
everyone uses it for increased security.
Commission Rates & Vendor Bonds
Our commission rate is set at 4% and vendor accounts require a $100 bond
before selling. Vendors have the option to have their vendor bonds waived
if they are able to prove they are trusted vendors on other marketplaces.
To do so, simply open up a support ticket.
Primary Currency
With the uncertain future of Bitcoin and its fees, we have decided to use
Litecoin for the primary transaction currency.
Affiliate Program
Empire Market has an affiliate program where you can earn 20% of the commissions
every time your referral purchases anything on the market.
Future Development (otherwise known as phase 2)
During phase 2, we will be implementing CC & Accounts Autoshops, Multisig,
and multiple currency additions. BTC, Bitcoin Cash,Monero, Ethereum, ZCash.
Along with other feature suggestions by the community.
Support and customer service is very important to us. If you ever have
any questions or issues, do not hesitate to send in a support ticket.
We will answer it as quickly as possible.
Market URL: http://empiremktxgjovhm.onion/
v3 Market URL: hsqluhqe6dlfl7jaxulf7cfun6xt274btvnqvaorliem5j6sqjiwhdyd.onion/
Forums: http://empforumgfttfqnq.onion/
Market PGP Key: http://empiremktxgjovhm.onion/pgp.txt/
Our Subreddit: https://www.reddit.com/r/EmpireDNM/
We have put a lot of time and energy in breathing life back into what once
was AlphaBay, with a new name. Since the demise of many top darknet markets,
the darknet market scene appeared to be losing hope. Fear not. Hope is not lost.
Best regards!
-----BEGIN PGP SIGNATURE-----
iQJCBAEBAgAsBQJadQ7JJRxFbXBpcmVNYXJrZXQgPGVtcGlyZW1hcmtldEBub25l
LmNvbT4ACgkQkWAm9W6rgx40Cg//RKffcjdIrmIuTO2eopWBS//0nND2joZpU9wo
zcfIbxKcigF9de8B4A08e/+hbIBtdhmMxpWV8tqN14KwbLbR7Up0fkVyEipzNlYS
sl9Jg3EsX4uWwCW5w0xSXMvvC11dtFGtwZlswGElpJDQilRX8AtUYZcZAAk1+ky8
VdJlnaysVsFZG9rrVhmiK/LOXW0m9psEiCkYsEfmTfjXoizYv08xQxR8hJJ5uOVV
0e5Mdd3WA9zk4h24Wl8fM3t8oSAYlBMx8KPzuHfYF2+uiCEED6qKRq3kKPNhJiD+
jFl6kDxW4VGe25MHOMIZ6tvmj3VncjcP+648lzfE62OP0LOkMERmLW59Q+Ivt1d2
q2d8SgzyoC7Wgsl+b8beZ2bxvEqqGue81IunL9kQBjanITrCFQsYkuvcOnyYwNaR
vyAsJ/hI70RfmO3I2vdDsxBmCMoMrKwV7RjKFHNDrEgDXNcG0luvfUCyvjjWumSi
blRDauBLdEfjLqWxg4RhwKnYKNgyf3LvstfslIJxpS2Wvin+hLBgwHTUY2rIG386
F8TMmvJsLfzFxy8u7xeqFqvH9HIRin9PZKBsst3bfS6OSsW1qzsAiFUFYNOcK4cQ
ljshs6kp9CTph1FaN+ypLyP8pfPd45UhfRyoNHnSlL9DR/91ZiWc64DfX8rc0vus
Pew/cg4=
=Mlp8
-----END PGP SIGNATURE-----
Such incompetence.
In less than 15 minutes after registering to this market I was able to easily get access to their full database of profiles, as well as some leaked system configuration (Server engine, its version and Operating system).
Basic error handling issues:
https://cdn1.imggmi.com/uploads/2018/2/4/80239348b6b59d46ac7a357aacf4c648-full.png
Configuration leak:
https://cdn1.imggmi.com/uploads/2018/2/4/2bd03c252aea00ff063db18518d7d219-full.png
There is no CSRF protection for forms related to funds withdrawal. This is a crucial security flaw.
To add an insult to injury, I managed to get access to all conversations sent between users.
Even tho there are barely any, but still this is a crazy security breach.
Here's the list of their current users as I grabbed.
In short, these guys are noobs when it comes to DN stuff. I'm sure if I spent more time I'd find much more vulnerabilities.
If you want to put your life in jeopardy, this would be a good place to start.