Russia-linked drug marketplace Solaris hacked by its rival
Solaris, one of the leading darknet drug marketplaces, has been taken over by its rival, according to research released this week.
Users who tried to access Solaris after January 13 were redirected to the recently-launched Russian language drug marketplace known as Kraken, which claimed to have successfully taken over Solaris’ infrastructure, GitLab repository and project source code, researchers from blockchain analysis firm Elliptic said.
Kraken shared logs that purportedly confirm it has taken full control of Solaris and said that Solaris’ bitcoin wallets have been deactivated. Elliptic said no activity has been tracked in Solaris-affiliated bitcoin addresses since January 13.
How it happened
Solaris rose to prominence several months ago when it replaced Hydra, once the world’s largest darknet marketplaces worth an estimated $5 billion. Hydra, which also sold stolen databases, forged documents and hacking-for-hire services, was seized by German police in April.
Solaris’ market share increased from 20% to 25% over these months, according to researchers. It processed approximately $150 million in sales of drugs and other illicit goods.
But Solaris’ security problems began in December 2022, when Ukrainian cyber intelligence expert Alex Holden claimed to have hacked into the platform and withdrew 1.6 Bitcoin (about $25,000) from its central bitcoin wallet. Holden, who is the founder of the cybersecurity firm Hold Security, donated this money to a Ukrainian charity.
The transaction did not affect the drug user wallets or shop owners but specifically targeted the exchange operators themselves, according to a report by Hold Security released last week.
Once the funds were diverted from the Solaris exchange, Solaris administration took down much of its infrastructure and claimed it was due to a major upgrade, Hold Security said.
The news of the company’s security breach led to increased attempts by Solaris’ rivals to find vulnerabilities in its systems, according to Elliptic.
Kraken operators said it took them three days to take over Solaris.
Both Solaris and Kraken have ties to Russia. According to Hold Security, Russia is “a safe haven for several dangerous platforms that supply illegal drugs to tens of thousands of users.”
During Russia’s war with Ukraine, Solaris affiliated itself with the pro-Kremlin hacking group Killnet, which is known for launching distributed denial-of-service attacks on Ukraine and its allies.
Killnet has been open about its affiliation with Solaris, which has netted the group more than $44,000 in bitcoin donations. In an interview in October, Killnet thanked Solaris for its “huge support.”
Killnet has kept quiet about Kraken’s takeover of Solaris, instead focusing on its hacks, Elliptic said.
Russian-language Kraken is also considered pro-Kremlin. It competes with other pro-Russia marketplaces vying to fill the gap left by Hydra. Kraken is not affiliated with the legitimate crypto exchange of the same name, Elliptic said.
Some believe that Kraken, seen as a Hydra successor, is operated by Hydra’s former administrators. Both platforms have a similar logo, registration process and a built-in cryptocurrency mixer, according to a study by cyberthreat intelligence firm Flashpoint.
After the Solaris hack, Kraken mocked its rival’s allegedly weak security, saying that storing passwords and keys “in clear text” was “a big mistake.”
Kraken also denied rumors that it had bought Solaris. Hacking a competitor was “a response to aggression in our direction,” Kraken said in a statement published on its website and shared by Elliptic.
Kraken has also warned that the same will happen with other platforms that compete with it.