DarkDotFail has regained control of "dark.fail"

@Pygmalion - May 5 2021

Views: 1142   Stars: 5

article image

Hash: SHA256

If you visited sites listed on the clearnet domain "dark.fail"
between April 29th through May 5th 2021 you were phished and should
rotate all credentials immediately!

DarkDotFail has regained control of the domain "dark.fail", the
Twitter account "@DarkDotFail", the Reddit account "/u/DarkDotFail",
and the email address "hello@dark.fail". Thank you Njalla for your
tireless work in getting our hijacked domain back. The attacker was
unable to get past 2FA on our Twitter, Reddit, and Email. They did
not access any existing messages nor servers. Emails sent to any
address @dark.fail during the attack were received by the attacker.
Our .onion site was not compromised. Our OPSEC is fully intact.

A phisher stole our domain and operated it for four days in a highly
sophisticated attack that bypassed all security protocols we had in
place, including 2FA. The attacker sent a fake German court order to
Njalla's partner Tucows and convinced them to transfer our domain to
Namecheap. They then listed 68 phishing replicas of real sites on
our domain, stealing an untold amount of cryptocurrency from these
sites' researchers and users. They also hijacked DarknetLive.com.

It took Namecheap four days to transfer our domain back to us.

Read @brokep's summary of what happened for more information:

Every site listed on the domain "dark.fail" from April 29th through
May 5th 2021 was a man-in-the-middle phishing proxy. Each site
looked real but instead shared all user activity with the attacker,
including passwords and messages. Cryptocurrency addresses displayed
on these sites were rewritten to addresses controlled by the phisher,
intercepting many people's money.

DarkDotFail's .onion address was not affected by this attack. No
phishing sites have ever been displayed there.

As long as we are maintain a clearnet mirror, we cannot fully promise that
this will not happen again. The domain name system is centralized and prone
to human error and deceit.

Always check /mirrors.txt and PGP verify it. Researchers that PGP verified
sites before interacting with them during this attack outsmarted the phish.

This unprecedented attack has set back our entire community. We are
implementing ways to rely less on the antiquated domain name system
used by the clearnet and to move to decentralized DNS alternatives.

We are infuriated that our trusted name was used for harm.

Devastated, motivated. Big changes are on their way.




I am Pygmalion, a small psychedelics vendor.

You may reach me via email at pygmalion@infantile.us.
Please register your own E-Mail address for darknet purposes at http://oq7t5ihk4qew5t5s4zghicigokh2ktt575amirsbnilmyawpme6xmyyd.onion



Jack (5 stars):
Good news. Thanks for writing.

Your comment

Name to display

Give stars to author (0~5 stars)

captcha image

Please input captcha text (case insensitive)