A Ukrainian man living in the United States has allegedly hacked into a major drug market on the Russian dark web, diverting some of its proceeds into crypto-currencies. The man says he donated the digital money stolen from the illicit website to an organization providing humanitarian aid in his war-torn country.
Wisconsin resident with Ukrainian roots hacks Russian Dark Web marketplace Solaris
Alex Holden, a Ukrainian-born cyber espionage expert who left Kiev in the 1980s as a teenager and now lives in Mequon, Wisconsin, claims to have hacked Solaris, one of Russia’s largest online drug marketplaces, Forbes informs in a report.
Backed by his Hold Security team, he was able to get his hands on some of the bitcoins sent to dealers and owners of the darknet site. The crypto-currency, worth over $25,000, was then transferred to Enjoying Life, a charitable foundation based in the Ukrainian capital.
Without revealing exactly how he did it, Alex Holden explained that he took control of much of the Internet infrastructure behind Solaris, including some administrator accounts, obtained the website’s source code and a database of its users and drop-off locations for drug deliveries.
For a time, the Ukrainian and his colleagues also had access to the “main portfolio” of the marketplace. It was used by buyers and resellers to deposit and withdraw funds and functioned as the platform’s crypto-currency exchange, the article details.
Given the rapid turnover, the wallet rarely had more than 3 BTC at a time. Holden managed to grab 1.6 BTC and send it to Enjoying Life. Hold Security donated an additional $8,000 to the charity, which helps people affected by the war in Ukraine.
Solaris is linked to Russian “patriotic” hacking collective Killnet
The darknet marketplace Solaris is suspected of having links to the Killnet hacking collective, which, after the invasion launched by Moscow in late February, became one of the hacker groups “patriotic” from Russia, vowing to target Ukrainians and their supporters.
Killnet also conducted a number of attacks in the United States, including on airport and state government websites and the National Geospatial-Intelligence Agency. It has reportedly hit the Eurovision song contest, the Estonian government, and the National Institute of Health in Italy.
The group was also accused of attacking Rutor, Solaris’ main rival, which became the main underground drug market in Russia after Hydra was shut down last spring. According to U.S. cybersecurity firm Zerofox, Solaris was paying Killnet for DDoS services.
In addition to the battlefield, Russia and Ukraine also clashed in the online space, with the Kiev government recruiting experts for its own cyber force. This special unit was tasked with identifying and preventing Russian attacks, but also with fighting back.
Attacks such as those against Russia’s largest bank, Sber, and the Moscow Stock Exchange have been attributed to the Ukrainian cyber army. Social media accounts associated with the hacktivist collective Anonymous have taken responsibility for many other attacks.