Versus Update: Versus Market Retires After an Exploit

05/30/2022Darknet News

After a week of working to save the Versus marketplace, the head admin made a final remark regarding the exploit and explained that they were retiring. It’s been a tough few weeks, and perhaps crumbling under the pressure of being the largest market makes it harder to deal with. So how did Versus get to the place where they were forced to retire?

Versus Security Exploit

On May 18th, Alphabay market admin added a post to dread titled “Versus hacked for 3rd time or why security must be a priority for DNM admins.” In the post, he explained in detail how the well-known darknet hacker u/threesixty found a “simple” exploit in the versus market coding that provided full access to the backend servers.

“The exploit is extremely simple but compromising. It allows for full access to the underlining file system on the server. This includes information within the /etc/ directory as well as wallet directories. It is a full information compromise of the system. Everything to the server’s IP address, to the backup of the database in the admin home folder, to the wallet files themselves. I am able to traverse nearly the entire file system with web server level access. There is no jail, WAF, and minimal care to limit the information disclosure in the event of a web server compromise. I am able to view the history of IP addresses which have previously accessed the server”

The Vulnerability

According to DeSnake and ThreeSixty, testing the vulnerability was straightforward. There was no complexity to it, and it should have been picked up during the site’s coding. However, the backend eventually gave a white screen of death, perhaps from a DoS to the backend. Web Application Firewall (WAF) is not present on Versus to further the issues.

When accessing the exploit, it could provide a complete takeover. Databases, files, cryptocurrency wallets, and an exposed IP address.

A few short moments after the post went up, Dread’s head admin ,u/Paris, verified the exploit and added a warning on the Versus subDread.

“u/DeSnake has provided me the exploit and rationale. I have personally verified it. IT IS REAL. This entire server is probably compromised already by law enforcement and being monitored. It is a total compromise and is without a doubt one of the worse outcomes to a simple security exploit I have seen in a very long time.”

The reality is that the exploit is a massive security flaw that should not be present on a darknet market. The Versus admin screwed up in this area, and making a recovery would have been too difficult. In the post’s comments, DeSnake and Paris pushed their opinions that this was not to damage the market but rather to protect the customers. However, AlphaBay’s intentions are clearly different.

A Final Word: Well, That’s All Folks.

As soon as DeSnake’s post went up, the Versus Project Url was down. There was no response from the market admin “u/WilliamGibson” but most assumed that he was busy fixing the patch. There was some speculation that they had exit scammed instead of dealing with the project. However, as Versus uses a Walletless system, it was less than likely.

The community had already lost faith in the market, and many vendors explained that they were finding new homes. AlphaBay ads covered the front page of Dread, and DeSnake was milking this opportunity.
On May 23rd, William returned to Dread and addressed the issue at hand. He provided the information on the leak, and announced his retirement. In a post titled: Well… That’s All Folks! William Gibson wrote:

“There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability. After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential ip leak of a single server we used for less than 30 days. We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption). Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. Versus Market has officially retired and we thank you for your support and being part of something that hopefully defined the future of DNM’s.For all our vendor: We will soon publish a link where you guys can get your transactions without the locktime. No need to wait 90 days. It was a good run and I would like to thank you all. All the best, William Gibson”

Conclusion

The recent months have been interesting as DeSnake and Paris have worked together closely, and markets have retired, or exit scammed from their approaches. In the past month, DeSnake has released information about Archetyp and now his biggest competitor, Versus Project.

As one user put it: “Rather than quietly pass this over and give it 24 hours. You and your best friend DeSnake (the only market operator here that has actually has a market busted by LE) blow it wide open and you even make it an announcement? You are the root cause of world exiting in the fashion they did, Archtyp left Dread, again ,because of the way YOU handled things.”

Part of Dread’s rules is that FUD is not allowed, yet the Dread Admins have given a blind eye to the AlphaBay Market admin, who has a shady past. It may be situational. However, it is concerning. We suggest trying out a smaller market as they are less likely to exit or retire soon. Their main issue will be product availability and are more likely subject to DDoS attacks. However, the pros outweigh the cons with smaller markets. If you are looking for a new market, here is a market list. We suggest you look at our reviews of markets such as Tor2Door or Vice City Market.