Law enforcement seizes dark web market after moderator leaks backend credentials
German police, together with Europol and law enforcement agencies from the US, the Netherlands, and Romania, have seized the servers of a dark web marketplace known as the Wall Street Market, on which users sold illegal products such as drugs, weapons, user credentials, and hacking tools, ZDNet has learned.
The site’s seizure comes after a tumultuous two weeks for the Wall Street Market (WSM) and its users, during which the site’s administrators have exit-scammed –ran away with over $14.2 million worth of cryptocurrency from users and vendors’ accounts.
In this midst of all of this, one of the site’s moderators –named Med3l1n– began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.
It is unclear if these extortion attempts succeeded, but days later, Med3l1n published the IP address (located in the Netherlands) and login credentials for the WSM backend on Dread, a Reddit-like community for dark web users.
This, effectively exposed the market’s real-world server location, but also allowed anyone to access the marketplace’s administrative section and gather information on all of the site’s users, orders, and other details that could deanonymize WSM vendors and buyers.
While ZDNet was unable to confirm at this hour that this backend credentials leak led directly or played a major role in the site’s takedown, the Wall Street Market backend started showing an error six days later, on April 30 before the website was taken down two days later, today, on May 2.
The main Wall Street Market, located at wallstyizjhkrvmj.onion, now lists the BKA seizure note, also shown on all of WSM’s mirrors.
We were told that both German police and Europol are scheduled to make an official announcement tomorrow morning, with additional information about the takedown.
The Attorney General’s Office in Frankfurt, the BKA division mentioned in the Wall Street Market site seizure note, did not return a request for comment.
The other big dark web marketplace –the Dream Market– previously announced it was shutting down on April 30, which is coincidentally on the same day that the WSM backend started showing the above error. At the time of writing, the Dream Market is still up and running, despite announcing it was shutting down, and does not show a seizure note.
Related malware and cybercrime coverage: