Dream Market Scheduled to Close Due to Persistent DDoS Attacks

The past week has the darknet community speculating as to what might be the fate of Dream Market after a post on the site said that the marketplace will close down on April 30, 2019 and it will transfer its services to a partner company.Dream Market announcment for shutting down.

As history shows, markets typically fall either through hacks, exit scams or seizures by law enforcement. Users are assuming one of these likely outcomes—with the most probability being seizure by law enforcement.

The reason is that the announcement came a day after the U.S. Drug Enforcement Administration and the Federal Bureau of Investigation announced that through J-CODE they had launched Operation SaboTor, which had led to the arrest of 61 suspects involved in the trafficking of opioids.

The recent operation came a year later after a similar one dubbed Operation Disarray, which led to the arrest of several individuals in the U.S.

Statement from Dream Market on the Shutdown

Despite the speculations that the market had been taken over by authorities, an admin of the marketplace posted a message on Dread (a darknet forum) claiming that the closure and transfer of services to another company is as a result of persistent DDoS attacks over the past seven weeks.Dread dark net forum screenshot.

The attacker demanded that Dream parts ways with $400,000 to stop the disruptions, but the admins have not given in to the demands.

The post goes on to say that the admins have done as much as possible on their side to contain the situation, but it is beyond their ability because the issue is on the side of the Tor browser and, thus, beyond their control.

Among the moves they tried to fix the situation is by creating a V3 link which they hoped would save things because it is more updated. However, according to the admin, this fell short of fixing the problem.

The post also states that users can still withdraw their funds without any issues.

Also, the admin dismissed any claims that the market is taken over by law enforcement because if it were the case, then users would not have the opportunity to initiate withdrawals. He then calls upon those with questions to contact support and they will get sorted out.

Lastly, the post thanks everyone for supporting Dream Market, and they are expecting to see people join the new site upon its launch.

What Happens After the Launch of the New Market?

Since the statement is from the admin, we can note a few things that will happen after the new market is live.

First, these companies do work together and as such, individuals who had accounts in the previous market will most likely not be required to create new ones, but instead use their previous username and password.

The case was evident when Silk Road 3.1 (SR3) was running Lunacy Market, a site that hosted only verified members of SR3.

Those who had accounts on Silk Road could use their credentials to log in to Lunacy, and those who had registered on Lunacy could do the same on SR3.

Comments on Dread

Following the ban on the Reddit forum /r/DarkNetMarkets last year, darknet users have made use of forums like Dread to discuss darknet-related topics.

Apart from the official Dream statement on Dread, there have been other numerous posts and comments about the closure of the market, some which even caught the attention of HugBunter, the founder of Dread.

One question by a particular user was seeking responses as to why the market was facing a DDoS attack, and yet there was a Captcha to fill in before logging in.DarknetMarkets dread forum category.

HugBunter gave a comprehensive response as to why the dark web’s longest-serving marketplace was unable to contain the situation.

The Dread founder said that such types of attacks affect the Tor processes on the server and the effect is that there will be no requests sent to the site. As such, there is no possible way of connecting to the service.

HugBunter goes ahead and explains that an application layer attack does not affect the connection to the Tor network and overload the web server which is responsible for serving the pages to the site.Hugbunter post about Dream Market shut down screenshot.

It works by overloading the web server processes, PHP and database management system, among other things, which cause continuous malfunctions.

HugBunter further explains and says, “Adding a static page that requires no real resources other than the Captcha image prevents any load hitting the application unless their connection is first verified by filling the Captcha.”

So for the case of Dream, Captcha would only work if the attack was of a specific type, just as was the case when Dread experienced a DDoS attack.

So the Dream attacker improvised his attack in the sense that it can bypass this security measure.

When Dread was under DDoS attacks, HugBunter was able to contain the situation, but when Dream tried doing the same, it failed because the attacker had already changed the method before the tech team could come up with a solution.

Then in another post, a user wanted to know reasons as to why he should think that Dread is not under the control of the feds.Dread darknet forum posts screenshot.

In a response, HugBunter said that it is funny that a vast majority of individuals out there have misinterpreted the situation and yet the truth is that the marketplace is rebranding because of the DDoS attacks.

To him, he fails to understand how this will help because the hacker will orchestrate similar attacks on the new site, which will have less traffic than Dream Market.HugBunter post on dread forum screenshot.

HugBunter wonders why people out here are associating the attack to a seizure because if it were the case, then there would be no way users would have been allowed to withdraw their funds. More so, it would make no sense for law enforcement to take over a market and then plan to start a new one with less users than the previous one.

To HugBunter, it seems like these speculations are coming from the law enforcement agencies to raise distrust and fear among the community.

Then in another post that is worth mentioning, another Dread user alleges that there is no involvement of law enforcement and real reason as to why Dream Market is closing down is because SpeedStepper (Dream’s head admin) is retiring due to his identity being compromised, and he does not want the marketplace to be taken over by just anybody.Screenshot of Dream Market converstion on darknet forums.

In the post, he states that the site is being transferred to someone who was a close associate of SpeedStepper and they are using Dream to advertise the new avenue that will be operating under the onion address weroidjkazxqds2l.onion, which is currently offline.

The user also wonders what effect transferring the new market will have, because it can still fall under a similar attack like Dream.

Darknet Market Target of DDoS Attacks

It is not the first time that we are hearing of an underground marketplace falling because of a DDoS attack. Back in October 2017, the top markets went offline because of the same reason only to be opened again over a month later.

Then a few weeks ago, Empire Market reported a DoS attack, and it took them around three to four days to figure out the issue and contain the situation.

In a Dread post, the Empire admin says that the marketplace is not in favor of using mirrors because more use of the same means that there will be more phishing links, which is a big problem to darknet users.Screenshot of Empire Market's dealing with ddos attacks.

However, the solution they came up with to combat DoS attacks still involves the use of mirrors. It works by redirecting the main onion link to working mirrors which will at times requires one to reset their Tor browser.

The attack, he claims, is just hitting the onion meeting points which results in the build-up time to 1,000. This then mimics that the Tor process is having issues, when it is not.

An attack of this type is simple to contain according to the post, but the vulnerability needs to be worked on by Tor because it is a significant flaw.

Lastly, Empire calls upon other sites that have a similar problem to reach out to them for a solution. Up to date, the market is still facing the attack, but they claim the situation is under control.

Other Markets Experiencing an Influx of Registrations

Similar to the mid-2017 fall of AlphaBay and Hansa that led to an influx of new registrants in other markets, the same is no different in this case. Perhaps, the only difference is that this is not a confirmed take over by law enforcement.

In a post on the subdread /d/WallStreetMarket, the community manager explained that Wall Street Market had acquired new infrastructure to cater for the new registrations, which seem to be beyond their hardware capacity.Darknet market announcing that its not working.

He further calls upon patience as they try to sort out issues.

On the other hand, another darknet market, The Majestic Garden, announced on its subdread that they had closed registrations because of an increase in the amount of new accounts.

The Majectic Garden post about its closed registration.

According to the post, the admin highlights that it has been their protocol that whenever there is a significant shakeup in the darknet scene—registrations are closed until things have settled down.

As of now, the dark web continues to be unpredictable with events unfolding by the day. And for the case of Dream and other markets, only time will tell the ultimate outcome.

Leave a Reply

Your email address will not be published.