A team of researchers from Sophos discovered “Heisenberg” after they stumbled upon the Genesis Market site he created, located on the clearnet. Genesis Market is a dark web marketplace that offers hackers the opportunity to buy credentials, cookies, and exploits for various web platform vulnerabilities in order to carry out cyberattacks.
According to experts, the fake site requires users to deposit $100 to create an account, while the real site operates only by invitation. After collecting the crumbs of information left by the attacker, the experts went to other fake sites that work according to the same scheme. From August 2021 to June 2022, they managed to find about 20 similar sites.
Apparently, this scam turned out to be quite successful - more than $132,000 appeared on the site owner's crypto wallets, most of which the attacker had already withdrawn.
The researchers believe that they managed to find the person responsible for this - a user of the darknet marketplace Dread under the nickname waltcranston. This nickname combines the names of the main character of the Breaking Bad series, Walter White, and the actor who plays him, Bryan Cranston.
However, things may not be so simple, because the team of researchers could not find one hundred percent evidence that waltcranston is behind all the fake sites.