Skip to main content

Wall Street Market reported to have exit scammed

Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed.

Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are particularly vulnerable. As these markets grow in popularity and amass large amounts of transactions, the potential payout of an exit scam can be enormous, as seen with the Evolution market exit scam in 2015, totaling roughly 12 million in stolen Bitcoins.

A common tactic in these types of scams is to initially freeze transactions for "technical difficulties," followed by taking the entire market offline and grabbing the funds.

What the users say

Wall Street Market appears to have followed a similar trajectory, with frozen transactions leading to side channel messages warning of scams, to a mass vendor exodus. Notable in the saga is that at least one actor appears to have compromised a market admin account to notify users of potential issues.

What the money might say

While now empty, the public address (32Eup1TPADYTAa46wq48c7qmg7AuFwigeM) has been identified
by users of Wall Street Market as being the destination of funds stolen from escrow accounts. A recent series of withdrawals totaling about 2,067 BT— around $11.5 million USD—is being broken down and likely laundered through various means so that thieves can cash out their profits.

Average market traffic patterns

Starting with the transaction on April 14, 2019, at 7:15:35PM, the market admins appear to have modified the process that occurs during the release of escrow funds once an order is completed. Instead of funds
being released to vendors, all the funds were instead diverted to the fraudulent account.

Redirection of traffic to a single address, correlating to user complaints

After moving from this address, funds appear to be following a similar pattern of being grouped into 70 BTC amounts.

At this point, most of the funds currently remain untouched except for a few transactions, which appear to be initial tests to cash out funds. For instance, following the outputs of transaction (8b36afc40700c51941fd4218873fd219a19bd36beeaac2f06082362f5327642c) eventually leads us to the known wallet address for Houbi, a large Crypto exchange originally founded in China.

What does it mean?

While we can't prove intent to scam, the transaction pattern over the past few days, in addition to admin behavior mirroring that of previous exit scams, suggests the market admins might not have the best of intentions with their customers' Bitcoin.

Due to a paucity of fraud controls other than reputational built into most marketplace systems, the temptation to exit scam has gotten the best of more than one dark net market. Unfortunately, the best advice available to customers at present time is caveat emptor.

The post Wall Street Market reported to have exit scammed appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more