Well, it was quiet couple of weeks, there was a new market who popped up about a week ago called HansaMarket,
It appears that the security they had was not very good to say the least so, once again one of the security guys was able to find the real ip of the market and post in on irc2p, later to be posted again on reddit, with these details (Thread here: http://www.reddit.com/r/DarkNetMarkets/comments/207mk9/hansamarkets_ip_address/):
<Architect> > http://hansann7wim5ier2.onion/
<Architect> > http://18.104.22.168/
<Architect> fucking retards
<six> Title: Login | Hansa (at hansann7wim5ier2.onion)
<six> Title: Login | Hansa (at 22.214.171.124)
<Architect> also: http://blockchain.info/ip-address/126.96.36.199
<six> Title: Transactions Relayed By 188.8.131.52 - Blockchain.info (at blockchain.info)
<Architect> every transfer since the beginning of the site
Try to access the market using this ip address with your normal chrome browser and behold, the so familiar bitwasp login page:
Just in case you are not yet shocked enough, you can register, login and browse the site in complete clearnet browsing:
As you can see in the homepage the Innovative Security is indeed still in “[BETA]”. We don’t know for sure what was the specific weak point that leaked the server details, but it seems bad enough not to matter much as it was also reported that he was running a bitcoin node at the same server (as you can see above with the ip address on blockchain):
— Moustache (@lamoustache) March 12, 2014
We really hope that the market owner will see this thread and take the marketplace offline before anyone will report, although it was not online long enough to commit any crime probably.
Lessons are the same like we saw with the Cantina Market, Black Goblin & Cannabisroad Market, and few others who got shut down before causing real security risks for their users and vendors. we should thank the guys who keep exposing those flaws.