Versus Market was hacked a few days ago, and the administrator took the market offline barely hours after the hack was disclosed. Until date, the administrator of Versus Market has been silent and has not published any information on why the market was shut down or when it will reopen.
On a post titled “Well… That’s All Folks!” (Similar to his earlier statement a few weeks ago in which he indicated that Versus Market will become invite-only), the admin has announced that he has pulled the market offline to investigate the hack.
The markets administrator states that the hack was of a read-only copy of the market status 6 months ago, and that there may have been an ip leak of a server he used in the previous month.
When confronted with those findings, the administrator claims he had two options: correct the problem and continue operating the market, or shut it down. He chose to close the market. Vendors will be provided with a valid link to get their payments without having to wait 90 days for the automatic return.
Versus Market was one of the longest-running darknet markets, having been operating for over three years. It took a long time for the markets to reach to the top, and it wasn’t until Dark0de Market had an exit scam followed by World Market that Versus Market became the largest darknet market.
With the demise of Versus Market, AlphaBay has surpassed Versus Market as the largest darknet market (once again).
Full statement of Market Administrator:
Dear Community,
There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability. After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential ip leak of a single server we used for less than 30 days. We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption)
In many ways, we are glad to see the community coming together to improve everyone's security, this was our dream from the beginning with Versus, though we will say that there was a clear agenda behind the way this was originally handled, but we leave you to draw your own conclusions
Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years. We built a community and even became the #1 DNM when we never intended for that to be the goal. At a certain point, there is no further way up to go, only down, and in this business it is best to not make decisions out of pride. While we are not ending on the note that we would have liked, we hope that the truth about the actual scope of the vulnerability, combined with the impact we have had on the community, leaves users remembering Versus fondly for years to come. Versus Market has officially retired and we thank you for your support and being part of something that hopefully defined the future of DNM's.
For all our vendor:
We will soon publish a link where you guys can get your transactions without the locktime. No need to wait 90 days.
It was a good run and I would like to thank you all.
All the best,
William Gibson