More than $1 million USD worth of digital currencies were stolen by a darknet phisher. 

An anonymous user that went by the name of "Phishkingz" recently bragged how he stole over $1 million dollars worth of Bitcoin from accounts on AlphaBay within the last year. 

As you may recall, AlphaBay has been in the news a lot lately for being shut down recently by authorities and was reported as being the largest darknet market place at the time. 

It was ten times the size of Silk Road and had achieved a reputation for excellent service by it's users. 

How did he do it?

Phishkingz said that he decided to start phishing AlphaBay accounts following his discovery of a flaw on the site's forums that allowed him to monitor new members the moment they joined the site. 

He would then send them a verification process which would redirect them to his link. From there, he was able to get the new member's login details, PGP private keys, passwords, pin codes, mnemonic phrases etc. At that point, their money was as good as his.

He would then periodically check their accounts for new deposits from which to transfer to his own accounts. 

Increasing profitability?

As he was able to steal more and more funds, he decided it was in his best interest to expand his phishing empire. 

He went on to employ 27 people to help him steal from the newly registered accounts. According to Phishkingz, one of the major reasons for his success was the total lack of support given by the AlphaBay moderators.

Specifically he had this to say about them:

"The admins didn't really care about their customers, and it only took opening a support ticket with a problem to learn this. BM (Big Muscles, an AlphaBay moderator) especially is a stupid one. He would let me into accounts for 50 percent if I provided mnemonic phrases knowing I had phished the account in the first place."

If you are not familiar, a mnemonic is a tool to help you remember facts or a large amount of information. It can be a song, rhyme, acronym, image, or a phrase to help remember a list of facts in a certain order.

For example, in order to remember Kingdom, Phylum, Class, Order, Family, Genus, Species one might come up with:

"Kyle pees clear only from good spirits"

Or something along those lines...

It was frighteningly easy.

It is pretty scary to hear how easy it was to take advantage of new users and how little was done to protect them. 

My first thought was that most of the users using that market place were likely selling or buying some kind of illegal service or stolen good and that is what they get for dealing in those kinds of goods and services. 

However, the total lack of regard from the moderators and admins is something that I have seen quite often on many of the crypto exchanges as well. 

Hopefully that isn't something that can be exploited by bad actors like Phishkingz. If it is, hopefully as cryptos start to hit mainstream that all starts to change...

As more people come, hopefully a better infrastructure does as well. 

Stay safe friends!

Sources:

https://en.wikipedia.org/wiki/AlphaBay

https://cointelegraph.com/news/scammer-steals-1-mln-worth-of-bitcoin-in-14-months-from-alphabay-users

http://examples.yourdictionary.com/examples-of-mnemonics.html

Image Sources:

https://bestsecuritysearch.com/alphabay-dark-web-marketplace-exposes-private-messages/

https://www.hackread.com/dark-webs-largest-trading-platform-alphabay-hacked-200000-messages-leaked/

https://alphabaymarket.com/

Follow me: @jrcornel