Anonymous journalist researching Tor: the uncensored internet. Privacy is a human right. torproject.org

darkfailllnkf4vf.onion
Joined October 2018
dark.fail retweeted
In an interesting attack, scammer was able to take over domains by presenting a registrar w/ fake court order. Used same language as a real court order. Scammer then used that control to push dark web market phishing sites, stealing BTC vice.com/en/article/qj8833/d…
9
102
15
196
Show this thread
Who are the victims in a well-moderated marketplace?
13
1
0
70
At what point does a marketplace operator become complicit in forgeries, unsafe items? Are Craigslist, Amazon, Alibaba well-moderated?
6
1
0
38
dark.fail retweeted
Maybe you heard that the domain dark.fail (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
15
333
83
706
Show this thread
ALERT: Aurora Market exit scammed.
13
32
5
296
Shout out to Dread for still being the most valuable resource around. Thank you to all admins, mods for quickly warning people about Darknetlive and dark.fail's domain takeovers the past four days. Long live Dread!
2
4
0
86
Signed proof that I have regained access to this Twitter following a domain hijack that allowed an attacker to receive emails to "hello@dark.fail" but not to bypass 2FA. raw.githubusercontent.com/Da…
3
10
2
88
Follow my Mastodon. mastodon.social/@darkdotfail The attacker locked me out of Twitter and Reddit but was unable to get past 2FA. I was able to continue tweeting with Buffer but did not want to announce this vector to the attacker. I was unable to remove dark[.]fail from my profile.
1
3
0
34
Namecheap is still allowing a phishing site to be hosted on my hijacked domain "dark[.]fail". They will not remove the nameservers. This negligence is costing people hundreds of thousands per day. Ticket PVZ-490-11596 do the right thing. @Namecheap
27
38
8
288
This is appalling. Yesterday Darknetlive's domain was hijacked alongside mine. Now the thief is trying to sell darknetlive].]com via Epik. Stop this, @EpikDotCom @robmonster @bitmitigate
6
15
4
118
ALERT: "dark[.]fail" is still hijacked by a phisher. Each link appears to be a real site, but MITM proxies your browsing, allowing the attacker to steal your cryptocurrency and passwords. I estimate people are losing least 250k Euro per day. Only trust my .onion, PGP verify.
13
77
5
287
Netlify is anti-privacy. Protonmail users cannot register even with linked Github, payment information. Because wanting secure email must mean you're a criminal, right @Netlify?
6
11
0
128
Njalla and Namecheap are working to get my domain back. There's no indication that Njalla was compromised. Thank you for friendly service @njal_la please publish an incident report after. Your users should be informed of this attack vector since you are a reseller.
2
8
1
88
Njalla: "From what we can see, the domain has been transferred by the registrar to another account at the registrar, and then to Namecheap. We've asked the registrar in question (Tucows) to explain what has happened but have not yet gotten any information back." @Tucows
5
11
3
91
Signed statement from Darknetlive regarding their domain hijack. "domain recovery seems unlikely. It is still unclear how this party obtained access to the njalla account" Help us out @njal_la raw.githubusercontent.com/Da…
2
16
3
62
Onion[.]live's domain was also hijacked and is serving MITM phishing links which steal cryptocurrency. Researchers: let's log the phisher's cryptocurrency addresses (very carefully) while this very coordinated attack is ongoing.
5
30
3
125
Dark[.]fail is no longer a trusted mirror of Dark[.]fail. Never expected this strange day when writing the mirrors.txt spec. I am fighting to get my domain back from phishers.
7
43
3
187
My domain dark[.]fail was hijacked 12hr ago. I am not in control of it. DarknetLive's domain was also stolen. We are not the same person. Our registrar Njalla is the common denominator between both attacks. My 2FA was on. I received no emails from Njalla. Something is broken.
14
100
11
379
Shout out to @Cloudflare's "Certificate Transparency Notification" alert that notified me that my domain was stolen today due to a new cert being issued. Now the long process of trying to get dark[.]fail back, while tens of thousands of people are getting phished. Help @Namecheap
9
21
0
147