-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
PGP signed to prove we was not compromised.
As a fellow vendor i would just like to warn other vendors and customers to be aware of this vendor. He sent us what appears to be a phishing message. His account is not a verified support account.
I believe this vendor to be either trying to cash out or compromised by LE. If this is not the case, apologies but this is a major warning sign.
His message.
Conversation with GangasKhan
Hello and thank you for using Dream Market. I have been instructed to inform you that two of our server hubs were compromised yesterday in a large scale attack on Dream's infrastructure. Our team has been informed that a former Alphabay administrator familiar with Dream's security apparatus was able to locate our servers and inject malicious code through an XSS bug that has since been patched. Here is what we know:
- No user information was leaked, including passwords, messages, PINs and other sensitive data.
- All deposits, withdrawals, and Bitcoin wallets are unaffected by the attack.
- No IP addresses or other de-anonymizing information were leaked due to the design of the TOR network.
Unfortunately, there are significant security holes the attacker could exploit. The malicious servers could interact with your client-side interface and cause significant damage. For example, your BTC deposit/withdrawal addresses could be spoofed with the attackers' wallet as you interact with the site. Or, private messages/order forms could be sent to the attacker as you send them. Any forms you receive from other users will not be affected.
Our team has decided to take emergency measures to protect Dream market's integrity from the attacker. We are currently in the process of shutting down and migrating all server-side data to a new domain, so expect frequent downtime and slow site interaction on all of our old links. We will post updates frequently as we attempt to patch the site. In the mean time, here is how you can protect yourself:
- Do not use deposit/withdrawal forms on any of our old links, Dream market will not be responsible for any lost BTC using our old links.
- Encrypt all messages and order forms off-site, Dream market will not be responsible for any lost compromising information.
-Update your bookmarks to our new secure domain, www.dmlbea7y6hvcc2 r3.onion/ ( REMOVE THE SPACE! )
We will be taking all of our old links offline soon, so be sure to update your bookmarks to our new domain to avoid losing access to Dream market. After updating your bookmarks, we strongly recommend that you enable 2-factor authentication (2FA) for increased security.
Do not trust messages from other users, they might contain phishing links. Phishing links are leading to fake websites which are stealing your login data.
Thank you for using Dream market and have a great day.
GangasKhan 02:02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCgAGBQJZcSrmAAoJEDmnBnZaFMRmCvkH/AiEYq1If6p5kANyK0e3jlVd A1TXffCoa2PJpUDGVjXdaIjoT5dQ4fQ9t2smiUzu/B4adNYaAfDu3pECEQ0zsGLj rlPIbk12N0lRlV+Fxs10EvnJI+qNW0brfPbYJty4yEruit/36gD5M7yznBdOKrxx G046Z/FGko6VM0hinKOt9NmmuB4fBdC/Izr+OxIpyACl9GraguRcLUUqWUEnO+dY 1aVdEGGs4tIlQXEmLbbSR9+9LERPbZETVNxyrEHr5YyMQnz7YBvSvcspHaTcDEL8 nSPzbg0VEZKAVBjht17ggpcQDnP7PMFVSYqByGPw73zp3lA4+j9kXYReOnw6QH8= =kLz4 -----END PGP SIGNATURE-----
/r/DarkNetMarkets currently does not allow random .onion links to be posted. If you wish to announce a new .onion market or service, please contact the moderators here so we can approve your post.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.