Home » Featured » Another Marketplace Doxxed: “HansaMarket”

Another Marketplace Doxxed: “HansaMarket”

Well, it was quiet couple of weeks, there was a new market who popped up about a week ago called HansaMarket,

It appears that the security they had was not very good to say the least so, once again one of the security guys was able to find the real ip of the market and post in on irc2p, later to be posted again on reddit, with these details (Thread here: http://www.reddit.com/r/DarkNetMarkets/comments/207mk9/hansamarkets_ip_address/):

<Architect> > http://hansann7wim5ier2.onion/
<Architect> > http://46.4.128.75/
<Architect> wow
<Architect> fucking retards
<six> Title: Login | Hansa (at hansann7wim5ier2.onion)
<six> Title: Login | Hansa (at 46.4.128.75)
<Architect> also: http://blockchain.info/ip-address/46.4.128.75
<six> Title: Transactions Relayed By 46.4.128.75 - Blockchain.info (at blockchain.info)
<Architect> every transfer since the beginning of the site

Try to access the market using this ip address with your normal chrome browser and behold, the so familiar bitwasp login page:

hansalogin

Just in case you are not yet shocked enough, you can register, login and browse the site in complete clearnet browsing:

hansamarket

As you can see in the homepage the Innovative Security is indeed still in “[BETA]“. We don’t know for sure what was the specific weak point that leaked the server details, but it seems bad enough not to matter much as it was also reported that he was running a bitcoin node at the same server (as you can see above with the ip address on blockchain):

We really hope that the market owner will see this thread and take the marketplace offline before anyone will report, although it was not online long enough to commit any crime probably.

Lessons are the same like we saw with the Cantina Market, Black Goblin & Cannabisroad Market, and few others who got shut down before causing real security risks for their users and vendors. we should thank the guys who keep exposing those flaws.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

5 comments

  1. Nobody important

    This happened because they were relaying their own transactions. All you had to do to find the real IP of this site was deposit a small amount of money into the site and wait for it to be moved to another Hansa-owned wallet. Then check what IP relayed the transaction on blockchain.info and you have their real IP because they were relaying the transactions themselves.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>