Deep inside the dark web, on Tor anonymity servers, someone with a little imagination has devised a cunning and opportunistic scam for stealing Bitcoins from people as they go about their daily routine of attempting to purchase drugs, weapons, or both, at rock bottom prices.
Gone are the days when buying a fix of high grade,90 percent pure Peruvian cocaine might get you mugged on a dark backstreet in the bad part of town, leaving you drugless, beaten up, and with no funds in your wallet.
These days, you do not even need to leave the comfort of your own lounge, where you could be sat relaxing, still in your jim-jams on a comfortable leather sofa, as you get robbed of your drug money – leaving you sad, empty, disappointed, drugless, and humiliated in front of your new girlfriend Rhiannon, and her hot friend Beth.
What we are talking about, of course, is the rampant online drugs trade that is the average deep web marketplace, and in particular one that has risen to popularity since the death of Silk Road.
The name of this site is Agora, and recently some users on reddit have gone on record warning others that a scam advert is redirecting users to a fake marketplace that promises skunk and grenades at even lower prices than Agora. Instead, what they get is a malicious bit of code that empties users’ funds from thier account. Explaining how he got sucked into the scam himself, one redditer writes,
‘Got a message from user brandos on Agora about a new market. It doesn’t say the name or anything but the guy says he’s an old seller and started his own market.’
He then continues by explaining how the message builds confidence and intrigue by claiming that the new marketplace offers a first deposit bonus, 24 hour support, and is able to (thanks to close ties with sellers) offer discounts on products of ‘about 10%’.
This information, of course, is designed to lure the Agora user into clicking on the link at the bottom of the message, something that the redditer admits he was successfully fooled into doing.
‘Immediately after I clicked to open the page, tons of Agora tabs opened up saying “Unable to withdraw amount: 1.0000000”, “Unable to withdraw amount: 2.0000000”, etc. and there were like at least 20 pages with different amounts. 2.0, 0.5, etc. Luckily I had only like $20 in my account.’
The scam actually only works if the person who clicks on the link in the message is logged into their Agora account at the time. It would also appear that Agora has a security mechanism in place to stop very frequent Bitcoin transfers – which appears to have limited the severity of attacks.
Thomas White, a Tor hidden services developer, says the scam is very simply put together, and likely the work of an amateur. The code itself, which was obtained by Darknetmarkets, appears to have been copy and pasted from open source code site GitHub, and while it does have the ability to successfully rob Bitcoins (as demonstrated by the scammed reddit user), White explains that the code does not exploit a weakness in the Agora site,
‘This isn’t an exploit, it is closer to a kind of social engineering, since there is nothing in this that gets around security: the user is totally complicit in the process through ignorance of good security practices,’
One reddit user who is baffled that anybody would click on an unsolicited link in a message in their Agora mailbox writes,
‘People like you are idiots. Sorry, it has to be said.’
It is clear from reading further messages on the reddit page that others have also fallen prey to the scam. Luckily for those affected, however, it does not appear that anybody lost any substantial amount of money. Many, however, are complaining that the scam also changed their pin and password and has locked them out of Agora – something they appear to be desperate to rectify as soon as humanly possible. Cough, cough.