A leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack.

Solaris Allegedly Taken Over by Darknet Marketplace Called Kraken

Solaris, a major marketplace for drugs and other illicit products, has been targeted in a hacking attack carried out by a similar enterprise, Kraken, not to be confused with the well-known cryptocurrency exchange with the same name.

After in April last year law enforcement authorities shut down Hydra, the former leader in this business, seizing its servers in Germany and arresting an alleged operator in Russia, Solaris managed to gain between 20% and 25% market share, according to estimates quoted by Elliptic.

This week, the blockchain forensics company reported that since Friday, Jan. 13, those who visited the onionsite were being transferred to Kraken. The latter claimed to have taken control over the infrastructure, Gitlab repository and source code of Solaris and blocked its bitcoin wallets.

Kraken is another player in the dark web space and, like Solaris and Hydra, is targeting the Russian-language segment of the underground market. The illegal trading platforms are suspected of having other ties to Russia as well.

For example, Solaris is believed of have used the services of one of the Russian “patriotic” hacker groups. The pro-Kremlin Killnet is known for launching distributed denial-of-service (DDoS ) attacks on Ukraine after Russia invaded the country in late February, 2022.

This isn’t the first attempt to breach Solaris. Ukrainian-born cyber intelligence expert Alex Holden claimed to have hacked into the marketplace, according to a report in December, and getting hold of some of the bitcoin sent to dealers using the site and to its owners.

Helped by his cybersecurity company, Holden said he specifically targeted a wallet used for crypto exchange transactions and was able to divert 1.6 BTC. The cryptocurrency was later donated to a Kyiv-based charity.

What do you make of the darknet market Kraken’s hacking attack on rival Solaris? Share your thoughts on the subject in the comments section below.

Law enforcement in Russia has blocked major sites on the dark web, including a carding market leader. The platforms have been seized amid ongoing investigations into hacking groups, with Russian authorities ramping up efforts to dismantle the cybercrime rings and detain their members.

Interior Ministry of Russia Hits Stolen Credit Cards Market

The Ministry of Internal Affairs of the Russian Federation (MVD) has brought down four prominent websites operating on the dark web, blockchain forensics firm Elliptic has revealed. The sites have been blocked by Directorate “K”, MVD’s unit combatting computer-related crime.

The seized platforms are the Sky-Fraud forum, Trump’s Dumps, UAS Store, and Ferum Shop, which became the leading market for stolen credit cards after the largest marketplace in the niche, Unicc, was taken offline in January, the report details.

According to Elliptic’s estimate, the sites have collectively made more than $263 million in crypto sales denominated in bitcoin (BTC), ether (ETH), and litecoin (LTC) before they were shut down. Ferum accounts for the bulk of that amount with $256 million in bitcoin generated, or 17% of the carding market.

Trump’s Dumps, another website distributing compromised card data, has allegedly made around $4.1 million since its launch in 2017. Both sites were advertised on the on Sky-Fraud forum, where carding techniques and money laundering tips were among the main topics. Directorate “K” has apparently left a message in its source code, reading: “Which one of you is next?”

[#Russia] SKY-FRAUD & FERUM, famous Russian #carding forums closed by Russian authorities.

Authorities left an easter egg on the code source saying “WHICH ONE OF YOU IS NEXT?”#cybercrime #takedown #infosec #banking pic.twitter.com/RbNTkWPHIc

— Soufiane Tahiri (@S0ufi4n3) February 7, 2022

The fourth blocked website, UAS Store, was a platform offering stolen remote desktop protocol credentials that cybercriminals use to gain access to victims’ accounts from other devices. These breaches have increased during the Covid-19 pandemic as more employees are now working from home. Since late 2017, UAS Store has made around $3 million in cryptocurrency.

Elliptic notes that the latest seizures have been executed after the previous top carding marketplace, Unicc, and its affiliate proxy market Luxsocks, became inaccessible in mid-January. The seizures also came after the subsequent arrest of Unicc’s suspected administrator by the Russian Federal Security Service (FSB). Researchers claim the crypto proceeds of the two platforms reached $372 million.

Meanwhile, the MVD has sought through a Moscow court the arrest of six unidentified hackers accused of “illegal circulation of means of payment.” Whether the group is linked to the closed-down dark web sites is not clear yet. Last month, FSB and MVD busted the notorious Revil ransomware group on a U.S. request, detaining 14 of its suspected members.

Do you think Russia will continue to crack down on dark web platforms and hacking groups? Tell us in the comments section below.