“DoubleFlag”- The Famous Dealer
There is currently a well-known dealer on Darknet platforms that goes by the name of “DoubleFlag”. It has been discovered that he put up for sale databases of 11 bitcoin forums on, Valhalla, a famous darknet trading arena. These same databases had earlier been reported as stolen within a period of six years (2011 to 2017) from sites within the web that are popular and visited by many people. The databases contain news on BTC trading and mining.
Information from the Darknet website shows that “DoubleFlag” has made sales of over 100, and rated very highly, with a 98% positive rating. His popularity came about when he caught peoples’ attention soon after doing business in several “mega-breaches” since 2013. These affected other major platforms like LinkedIn, Twitter, Gmail, and Yahoo. Over 117 million LinkedIn login data and 33 million Twitter login data was put up for sale on a darknet marketplace in May 2016.
It is to be noted that it is this same “DoubleFlag” who earlier was discovered selling information belonging to high-profile organizations like Brazzers, Epic Games, DropBox, ClixSence, uTorrent, Mail.ru and Yandex.ru.
List Of Affected Accounts
Observation at hand shows that the total amount of the information stolen from these platforms is actually over 12 million. These include accounts from MerlinsMagicBitcoin.com totalling to 536,727, which was a victim of a breach carried out in January 2017. Other forums that suffered were BitcoinTalk.org, which lost 514,409 accounts in May 2015 after being hacked. When these accounts surfaced one year later, one was being sold for one BTC.
BTC-E.com lost 568,357 accounts in October 2014. This one was a bit more serious. Information that got out to the public included Bitcoin wallet balances, user IDs, and their respective IP addresses. LeakedSource, which is now classified as defunct breach notification website reported this hack in 2016.
Information from LeakedSource shows they use a method called “sha256crypt” to store passwords. It has been used to encrypt 91% of the total passwords and is notably stronger than those used by many other websites they have come across so far. Clearly, this is quite a praise, especially because this information is from a source that unveils details of breaches quite often, in an era where over hundreds of millions of such mega-breaches is popular. It was able to gather 30,389 passwords.
BTC4Free.com was hacked in January 2014 and lost 21,439 accounts.
There are still more victims. In June 2011, MtGox.com had 61,011 of their accounts stolen. In January 2014, DogeWallet.com lost 28,298 accounts after being hacked. BitLeak.net accounts were stolen in March 2014, totalling to 1,780. Bitcoin.Lixter.com lost 3,153 accounts when they were breached in September 2014. Additionally, BitcoinSec got breached in 2014 and suffered the loss of 10,855,376 accounts. Others, with breach dates unknown, are also recorded. These include BitsCircle.com which lost 34,513 and TheBitcoinShop.pixub.com which after breach lost 3,149 accounts.
What made “DoubleFlag” successful was that it was able to get a hold of the data before any organization or any person was able to grab it.
These accounts had the following stolen:
- a personal text number
- email address
- a username
- the date of birth
- secret questions
- with their respective silenced secret responses
- a website URL and title
- the password
- location of the user’s account
In a few of these situations, the passwords have already been decoded. However, others are making use of the SHA1 hash. This one is simple to decipher since researchers at Google security have already cut in on the SHA-1 security tool sometime last month.
The value paid for this information totals to 400 US dollars, which equals BTC 0.3817.
It is worth observing that two of these accounts, BitcoinTalk.org and BTC-E.com, are the most valuable bitcoin related areas to vendors. Information on these accounts has been up for sale on Outlaw Market since 2016 by a number of traders. Data on other platforms is however not ascertained.
Still, anyone with an account, on any of these forums, has been forewarned to alter their passwords as soon as possible. Additionally, even some of the platforms mentioned here are no longer in operation. Hence, it is out of question whether the data contained there is applicable.