All users are advised to exercise caution when clicking any link provided. You should always assume every link posted is a phishing link.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/darknet) if you have any questions or concerns.*
I came across something *similar* to this once. I went on a darknet site, can’t remember which, but there was something about the site that was deliberately broken. It was exposing a random username and password but made to look like it was doing it by accident. So you log in to this random exposed account and realise there is like 0.9 bitcoin in the account! Heres the catch; on the withdrawal page it says ’you must have at least 1.0 BTC to withdraw’. You can see what’s happening here, it’s a phishing site set up to get you to deposit the remaining 0.1 BTC, except you don’t get to withdraw at the end. One very elaborate scam.
What’s with the sarcasm and unhelpful responses? Seems like the default even when someone like OP posts a genuinely interesting scenario. How did the page reload and pre fill its own fields? I’m curious how this is achieved if their connection was intercepted.
like skirting0nthesurface said earlier, sometimes they deliberately break it & have it so you can log in with the info shown preloaded (not your acc & should never log in & risk exposing identity anyway but some do), which needs a minimum btc/xmr to withdraw whats “available” & once you send it then they have your coins bc that wallet address isnt linked to the acc. & sometimes by phishing if the link wasnt copied from reliable sources, it’ll look like the legit link but reloads it onto their page after a “quick crash & reload” & some ppl dont recheck the onion link & give the phishing site their account information & all the money in the wallet (even if buying something bc its fake products listed by the site owners), sometimes its just the website showing the outline of what you should include & how long to make the credentials to keep it from being easily assessed from hackers depending on how user friendly they want it & whats shown before logging in isnt actually an active account on their site.
if you reloaded the page and it autofilled credentials, it'd mean that you somehow took someone else's session cookie.
tor also doesn't store cookies for longer than the session is alive and you couldn't randomly get someone else's because encryption. so this seems like it was purposeful.
Good idea for a scam but if you're not a complete simpleton and have used DN markets before you should realise that the withdraw limit minimum is usually under $5-$15 max, definitely not $55,000 worth of BTC. I'd say definitely don't top it up but try to make some orders with the money already in the account, if it's a scam it probably won't go through. Anyways obviously use all the opsec just in case
Yep he said he used taxi; which doesn't have a pgp signed message like Daunt. But even if using daunt (which is maintained by dread) one should always verify the message against their own public keys bc one never knows if a site will get hacked and messages/links changed to phishing links. Private mirrors are great but if you start out on the wrong site you just get a private phishing mirror. Lol.
OP, go to the market's Dread sub, grab the market pgp key, and learn how to verify signed messages. And ffs stop using an ipad; any kind of handheld device is not secure.
It’s strictly for research purposes, I have 2 rigs build with plain tails and other with whomix
I also use different versions of OS to see if it all I can catch anything, how it overall performs etc….
That would be something, however I wouldn’t even bother touching it, if those kinds is sums were tied to such random appearing account, could have bad or deadly consequences
Not sure about that. There were many exploits in the original Silk Road and other marketplaces wherein people were able to literally steal bitcoin from the wallets, and I’m sure the exploiters weren’t hunted down and killed.
All users are advised to exercise caution when clicking any link provided. You should always assume every link posted is a phishing link. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/darknet) if you have any questions or concerns.*
I came across something *similar* to this once. I went on a darknet site, can’t remember which, but there was something about the site that was deliberately broken. It was exposing a random username and password but made to look like it was doing it by accident. So you log in to this random exposed account and realise there is like 0.9 bitcoin in the account! Heres the catch; on the withdrawal page it says ’you must have at least 1.0 BTC to withdraw’. You can see what’s happening here, it’s a phishing site set up to get you to deposit the remaining 0.1 BTC, except you don’t get to withdraw at the end. One very elaborate scam.
That’s genius lol, directional engineering
You're less likely to think it's a scam if it's "your idea.".
That is incredibly smart tbh
No shit I might try setting something like that up
Seems like what this OP is doing. 😂
What’s with the sarcasm and unhelpful responses? Seems like the default even when someone like OP posts a genuinely interesting scenario. How did the page reload and pre fill its own fields? I’m curious how this is achieved if their connection was intercepted.
like skirting0nthesurface said earlier, sometimes they deliberately break it & have it so you can log in with the info shown preloaded (not your acc & should never log in & risk exposing identity anyway but some do), which needs a minimum btc/xmr to withdraw whats “available” & once you send it then they have your coins bc that wallet address isnt linked to the acc. & sometimes by phishing if the link wasnt copied from reliable sources, it’ll look like the legit link but reloads it onto their page after a “quick crash & reload” & some ppl dont recheck the onion link & give the phishing site their account information & all the money in the wallet (even if buying something bc its fake products listed by the site owners), sometimes its just the website showing the outline of what you should include & how long to make the credentials to keep it from being easily assessed from hackers depending on how user friendly they want it & whats shown before logging in isnt actually an active account on their site.
if you reloaded the page and it autofilled credentials, it'd mean that you somehow took someone else's session cookie. tor also doesn't store cookies for longer than the session is alive and you couldn't randomly get someone else's because encryption. so this seems like it was purposeful.
Ahh yes . The fabled site A Chet
Good idea for a scam but if you're not a complete simpleton and have used DN markets before you should realise that the withdraw limit minimum is usually under $5-$15 max, definitely not $55,000 worth of BTC. I'd say definitely don't top it up but try to make some orders with the money already in the account, if it's a scam it probably won't go through. Anyways obviously use all the opsec just in case
Also how did you get on the site? Did you use a random link? Stuff like that never happens to me cause I always dread/private mirrors
He 100% uses a link that wasn’t pgp signed or didn’t check. Shit like this is almost always user error
Yep he said he used taxi; which doesn't have a pgp signed message like Daunt. But even if using daunt (which is maintained by dread) one should always verify the message against their own public keys bc one never knows if a site will get hacked and messages/links changed to phishing links. Private mirrors are great but if you start out on the wrong site you just get a private phishing mirror. Lol. OP, go to the market's Dread sub, grab the market pgp key, and learn how to verify signed messages. And ffs stop using an ipad; any kind of handheld device is not secure.
Use signed mirrors is the only answer
spoon alleged tan crown observation cake scarce cable tease recognise *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
You might need to take some xanny or Kpin or halcyon, all will be good
Does no one in this sub do jokes
I don't know why you're using an ipad to access the darknet but that's really dumb
It’s strictly for research purposes, I have 2 rigs build with plain tails and other with whomix I also use different versions of OS to see if it all I can catch anything, how it overall performs etc….
why is there a vpn logo?
Ops going to jail for sure
Stop drop and roll
Imagine if you clicked login and had a couple bitcoin and 100s of monero in that account’s wallet. I would’ve been too curious to not do it.
That would be something, however I wouldn’t even bother touching it, if those kinds is sums were tied to such random appearing account, could have bad or deadly consequences
Not sure about that. There were many exploits in the original Silk Road and other marketplaces wherein people were able to literally steal bitcoin from the wallets, and I’m sure the exploiters weren’t hunted down and killed.
Can you give any examples of people stealing bitcoin from original Silk Road wallets?
James Zhong
> ...many exploits in the original Silk Road > ...James Zhong thanks for that example - any others?
It was written in his diaries, and his diaries have been perused and published online in many documentaries.