Advertisement
Motherboard

'Hacked' Dark Web Market Admins: ‘We Are Not Running Away’

Nucleus' nuclear implosion just got more interesting.

by Jordan Pearson
Jul 22 2015, 5:06pm

Image: Flickr/L B

Nucleus, a market for illegal goods on the dark web, is still offline after vendors reported earlier this week that their accounts had been hacked, and that their funds had been stolen after being locked out. Now, the site's admins want everyone to know that they're definitely not running away with the money, as some users suspected.

Today, the site's support team posted in a thread on the Nucleus forums, stating that "Nucleus will be back within 5 days approximately. Some big vendors have been affected by this but we were able to shut the server down before worse could happen." A message at the top of the forum says that the administrators are "not running away," and that the forum will remain up as the market server undergoes "big changes."

After the alleged hack, an anonymous user going by "nucleususer69" claimed to own the wallet that contained the first wave of stolen bitcoins before they were siphoned off to other wallets and demanded a bounty for a "fix." One drug vendor that Motherboard contacted using encrypted chat also said that the site's support team suspended his account after he asked, in order to prevent unsuspecting buyers from placing orders.

Watch more from Motherboard: Buying Guns and Drugs on the Dark Web

In a bid to show that he or she controls the Bitcoin wallet in question, which contained more than $50,000 USD in stolen funds by today's Bitcoin price, nucleususer69 posted a cryptic message, "Ahoj friends how much for an explanation and solution," as well as the address to the wallet that contained the stolen funds and a cryptographic signature. Bitcoin wallets are cryptographic keys, with a public half (the wallet address) and a secret half. It's possible to sign a message with the secret half and then verify its authenticity using the public wallet address.

With help from The Intercept's Micah Lee, we verified that the message nucleususer69 posted was signed by the wallet containing stolen funds, indicating that the user likely controls the wallet. So, it's looking like Nucleus's nuclear meltdown was the result of a hack, after all. But, keep in mind, this is the dark web—just about anything can happen.

It's still possible that nucleususer69 is merely a part of a larger scheme and is trying to take credit for the hack in exchange for a bounty, and that the admins are just pulling a long con, possibly involving some vendors. At this point, hacked sellers will likely just have to wait five days and hope their money is still there when they get back.