Solaris, a major dark web marketplace for illegal substances, was recently taken over by a smaller competitor called Kraken. Its representatives claim to have hacked the Solaris website and databases on January 13, 2022.
The Solaris site, hosted on Tor networks, is currently redirecting to Kraken. The blockchain monitoring experts at Elliptic have not yet reported a change in the cryptocurrency addresses associated with the site after January 13, 2022.
The Solaris marketplace appeared a few months ago, after the liquidation of the Hydra Market. The new online store quickly captured about 25% of the market and processed about $150 million in illegal sales.
A Resecurity report released earlier in the year on the emergence of new drug markets claimed that about 60,000 people signed up on the Solaris site after the sudden “demise” of Hydra, while Kraken absorbed only about 10% of this number.
Solaris was a Russian-language platform reportedly linked to Killnet, a hacktivist group that carried out several DDoS attacks against organizations in the Western world in 2022. Elliptic has tracked several donations from Solaris to Killnet worth over $44,000 in bitcoin.
In December 2022, cyber intelligence analyst Alex Holden claimed to have hacked the Solaris website and stole $25,000, which was then donated to the charity's humanitarian aid. While Solaris disputed the hack claims and cited a lack of evidence, Holden later released more details and leaked the source code as well as databases allegedly related to the market.
On Friday, January 13, 2023, the hack happened again, but on a larger scale. The aforementioned Kraken organization announced that it had taken over the Solaris infrastructure, the GitLab repository, and all of the project's source codes thanks to "several huge bugs in the code."
Kraken said in a statement that it took them three days to steal the clear text passwords and keys stored on Solaris servers, gain access to its infrastructure located in Finland, and then download all the data to themselves. Finally, the attackers claimed to have shut down the Solaris bitcoin server, which is consistent with Elliptic's observations regarding the blockchain.
Representatives of Kraken humorously went over the protection measures taken by Solaris: “The project has several huge bugs in the code, which remain relevant to this day. And storing passwords and keys from your servers in clear text (unencrypted) is an even bigger mistake, the lot of schoolchildren from the fifth grade. This event took us 3 days without any rush, and we downloaded absolutely EVERYTHING that is supposed to be in such cases (and no one stopped us).”
As of now, neither Killnet nor anyone on the core Solaris team has made any statements about the status of the platform and the validity of Kraken's claims. However, given the configured redirect to the Kraken website, as well as previous hack claims, the information seems to be quite reliable.