AlphaBay Exit Scam Rumors are Fueled by API Exploit Exposing Bitcoin Wallets

As is to be expected, we now see the weirdest conspiracy theories regarding AlphaBay show up on the internet. The DarkNetMarkets subreddit is buzzing with tidbits of information and other conspiracy theories regarding this infamous underground market. One user claims he has some information regarding the recent raids affecting the AlphaBay platform hours before it was shut down. Do keep in mind all of this information is unconfirmed at this point.

A Major Alphabay Exploit was Discovered prior to the Shutdown

After reading through the entire Reddit thread, it becomes obvious this is either a great work of fiction or a story the administrators would rather not see disclosed. Reddit user Hugbunter claims he got in touch with the platform operator – who we believe took his own life in Thailand – regarding an exploit discovered on the AlphaBay platform.  In fact, this particular security flaw exposed a lot of information and even unmasked one of the IP addresses routing some of AlphaBay’s API requests. Said server is apparently located in Europe.

That in itself is quite troublesome for the top darknet marketplace, to say the least. The user also claims he was successful in rooting the server and send malicious queries through the API to obtain vendor messages, order details, and create new orders without even paying. In fact, he feels some of these malicious commands could have easily emptied some of the platform’s top Bitcoin wallets, assuming someone would have exploited this bug in the first place. We don’t know if this is what happened, though.

Sharing this information with the AlphaBay operator allegedly led to talks regarding a large bounty. However, those talks never accumulated to anything major, as the platform disappeared the very next day. Said user now feels it is time to share some information regarding the exploit and what it could do in terms of damage. He claims it was pretty simple to exploit and did not even require any specific tools or knowledge to benefit from.

Knowing a darknet marketplace has an API is rather troublesome, to say the least, as there is no real reason why that would be needed in the first place. Moreover, it seems the AlphaBay team did an incredibly poor job when it comes to protecting their API in the first place. It is certainly possible the discovery of this exploit resulted in the marketplace pulling off a major exit scam and all funds on the platform has been stolen.

It is worth noting several raids against AlphaBay were effectively conducted all over the world. It is possible those raids are the real reason the marketplace was taken offline, but we will probably never know the truth. The most likely outcome is still an exit scam, which unfortunately suffered from bad timing, as the raids took place on the exact same date. Knowing such an exploit exists on the platform for who knows how long is rather problematic, though, as it shows users’ funds has been in danger for quite some time now.

We can only hope the darknet marketplaces still in existence see this information as a valuable lesson. Integrating an API is an absolute no-go in 2017 and beyond.  Moreover, not using the proper multisig wallet address is no longer a viable option either. It will be quite interesting to see which markets try to take over from AlphaBay in the coming months. Rest assured there is a power vacuum waiting to be filled sooner or later.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.