Bitwasp is dangerously insecure, been alot of markets popping up based on it, torbazaar i can tell cause of the crappy grid background, we already had at least one theft from it and the devs say not to use it yet, should people be notified that these markets are based on alpha software given the known risks?
What other sites are based on bitwasp btw, sometimes its not obvious just from looking at it. '
If they are using the new multisig version, and the buyer/vendors are smart in that they always encrypt their message, disable Javascript, and use the escrow multisig transactions... I don't see how they have anything to worry about. At that point if software has a security issue it only causes two problems: a chance that the administration/operator is going to be doxed and get in trouble... And if that happens they may be unable to act as a mediator between the buyer and vendor.
Really the only risk for buyer and vendor are loss of a mediator for the transactions being processed. Otherwise no one can steal their coins, as they can obviously complete the transaction if the site has gone offline.
I'm not saying the software is ready for use, just saying that the potential issues are pretty mild for the buyer and seller. With this design and current state most all of the risk is on the operators of the marketplace. Not the users.
Also I'm not condoning using our software for darknet marketplaces... It'd be great if someone launched a cleanet site.
Please report any bugs you know about. The_avid claims to know three security issues but he won't tell is them when we give him our contact info. I'm not sure what to think of that, seems like he may just enjoy stirring up chaos.