Cipher0007 Breaches phpMyAdmin Area of Sanctuary Darknet Marketplace

May 31, 2017

Darknet marketplaces attract the attention of both criminals and law enforcement agencies alike. In most cases, these marketplaces will eventually go offline, as they are infiltrated and taken over by a law enforcement agency. However, the Sanctuary darknet marketplace suffered from a different kind of hack. The culprit goes by the name of Cipher0007. Apparently, he used an SQL injection flaw to take over the platform.

Sanctuary Darknet Marketplace Faces a Setback

It is not uncommon for hackers to go after darknet marketplaces. These underground platforms attract a lot of attention and often require users to pay a membership fee in Bitcoin. Moreover, most marketplaces offer an escrow service for all transactions, which means they control a lot of funds at any given time. Several marketplaces have lost a lot of funds due to hacks in the past.

It is unclear if that is what happened to the Sanctuary darknet market, though. To be more specific, a user by the name of Cipher0007 is responsible for breaching this platform. This is facilitated thanks to an SQL injection flaw to upload a shell onto the server. This backdoor allowed the hacker to access most of the platform’s backend. It also appears he dumped the master key related to the marketplace’s .onion URL.

Moreover, it appears the hacker successfully gained access to the phpMyAdmin backend and subsequently was able to access the user database. Additionally, he also got his hands on other login information. As of right now, the Sanctuary phpMyadmin page is still vulnerable to external connections as we speak. It is expected this problem will be addressed sooner or later, although it remains to be seen when this will happen exactly.

Although Sanctuary is one of the many smaller darknet marketplaces, this breach should not be taken lightly. In fact, it goes to show criminals and hackers will try to gain access to any system that can help them make money. Sanctuary is best known for selling digital information and nefarious tools, such as malware and data dumps. Guns and drugs sales take place on the platform as well, albeit they only generate a fraction of the sales volume.

The administrator of the underground marketplace has yet to comment on the situation, which raises a lot of questions. Most people think these marketplace owners spend their entire day monitoring the site, but that is not always the case. It is possible the owner will turn his or her back on the site now that it has been exposed, though. This negative attention is a PR nightmare among criminals, and fewer people will trust Sanctuary moving forward.

What is rather remarkable is how Cipher0007 is building up quite the reputation for hacking darknet marketplaces. He is the same person reporting a major flaw to the AlphaBay admins earlier this year. That particular exploit would have potentially exposed all direct messages in the marketplace to prying eyes. Anyone using AlphaBay does not want their communication exposed by any means, that much is evident.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

About The Author

Jdebunt

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.