Security Audit of Trade Route Market

So this evening I felt a little bored and thought: is Trade Route Market a viable alternative to HANSA market? I work as a web app penetration tester in my day-to-day work life, and I have done a usual security audit of the hidden service.

To my surprise, there was nothing to put a finger on. Everything was quite cleverly implemented. This leaves 2 questions in my mind: Is this site run by the Dutch? What did the Dutch mean by creating this site?

In all seriousness, they've implemented HANSA's improvements within multi-sig transactions, a huge benefit for preventing exit scams.

Even though there's nothing inherently wrong with the implementation of Trade Route, other people around this sub has claimed that so was HANSA. Finding 2 hidden nodes in the span of a month is a bit scary to me - let's hope it's not TOR. Lay low, and use TradeRoute once the storm has calmed.

// Not involved with TradeRoute


Comments


[7 Points] pizzafapper:

If you're an actual web application penetration tester, TOR recently announced a bug bounty program, awarding $4000 to people who find bugs. Go help them.


[2 Points] endedbytheknife:

They found AB's servers after combing through the unlocked laptop with unencrypted data.

We don't know how they found out hansa's info to find it's servers.