Skip to content

The Fish Darknet Market has Officially Exit Scammed

Per Fish Market staff via Dread: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/555086ad3a2e05d3b861


The Fish Market is Officially Gone - A Difficult Announcement.
by /u/Byt3s • 22 hours ago* in /d/DarkNetMarkets
Dear /d/DarkNetMarkets Community,

I wanted to take a moment to address the recent developments with the market. It's been about five days since things went down, and I realize this announcement is a bit late, but there's a good reason for that, which I'll explain shortly.

To be honest, I've been pretty taken aback by how everything has unfolded. I never imagined I'd find myself in this position, writing a post like this. Unfortunately, I can now confirm that the market will not be coming back online. I’ll do my best to provide some context and transparency on what’s gone down, the main reasons for the closure, and my take on where things have ended up.

As I'm sure you've all noticed, the market has been down for around 5 days now. When I first saw it had gone offline, I promptly reached out to /u/GoFish (the admin) on Jabber to let him know. Initially, I suspected it might be a DDoS attack that took the main onion down, as we've been a constant target since the superlist announcement. I imagine a lot of other markets face this threat too.

After contacting GoFish, I made an announcement (/post/2407273fee7cf3fb8ad5) to let everyone know market staff (myself) were aware of the situation. My goal was to reassure people that someone on the team was on top of it and prevent any crazy rumors from spreading. I wanted to make sure panic didn't set in, especially with all the baby accounts out there ready to spread nonsense. I acted how any responsible moderator would with the limited information I had at the time. After all, when we got DDoSed a month ago /post/27826bcd165e2071adf5, GoFish was able to resolve it quickly once he got back online. I thought this would be a similar situation.

However, this time was a bit different, and unfortunately, for the worse. Some time after the main market onion went down, I became increasingly concerned when the mod panel and private mirrors I had access to also went offline. This was unusual, as those mirrors are typically still accessible even during DDoS attacks. That was my first red flag. At this point, I still hadn't heard back from the admin, and I was left trying to make sense of the extended downtime.

Once I realized the mod panels were affected too, I promptly reached out to Dread admins and /u/SamWhiskey to keep them in the loop on any new developments. I also tried to get in touch with GoFish privately on Jabber again since I hadn't heard from him in a few days. I was still a bit optimistic at this point that we'd get everything back up. I figured his absence could just be him dealing with some IRL stuff. But as time went on, that optimism slowly started to fade, and I got a bad feeling that something more serious might have happened.

Then I checked my Jabber and that's when I got the confirmation that the market won't be returning. The message I received was extremely vague and It felt like a final goodbye, which was shocking given the progress we’ve made recently. For operational security reasons, I don’t log any of my Jabber messages and wouldn’t feel right sharing it publicly, but the gist was that it seemed a VM server may have been compromised. GoFish mentioned he couldn’t get the volumes back online without potentially exposing encryption keys to a MiTM attack. He followed that up with an apology that it had to end this way.

From what I can gather based on his final message, the idea of just a VM being compromised doesn’t really add up to a seizure or anything. Maybe a hack, but only he would be in the best position to clarify that. For clarity, I didn’t have access to any of the actual market servers; my privileges were limited to handling day-to-day support tasks and PR. I didn’t possess any elevated privileges beyond what is typically expected for a support moderator.

Throughout my time working alongside him, I consistently urged him to keep operational security tight for his and the market's sake. I really stressed the importance of regular security audits to make sure everything was secure. Soon after I joined, we still had a clearnet rotational mirror in place, which I was vehemently against and kept pushing to have removed for security reasons to which he eventually did /post/f18a33f34741cfb74594/#c-920fe916e7941dfb23. I’ve always been a big proponent of OpSec, and while he claimed to have taken measures, I can’t help but wonder if he was just telling me that to appease me.

Now, the reason this announcement post is a bit late is that I responded back to his Jabber message asking how the market was compromised. I suggested that if it was indeed compromised, he should at least close the market gracefully. I was hoping to get a response back, as it would have been great to see if I could help make users whole in some way. But it seems he’s burned bridges and gone completely dark, leaving the market inaccessible. I genuinely don’t believe this was premeditated; it seems more like a security lapse on his part that led to him abandoning ship so abruptly. I really wanted to give him the benefit of the doubt in case he was having trouble getting back on securely or for any other reason. I hope that he is fine and safe.

As someone who’s probably closest to this whole situation and the market in general, I can say from my perspective that I don’t believe he has been busted by LE, nor do I think any data was breached. My guess is that as soon as he realized what had happened, he panicked and likely proceeded to nuke all the market infrastructure before exiting. I’m also not sure how long the market was exposed for or how critical the issue was, but if I had to guess, it must have been recent. It wouldn’t surprise me if law enforcement has tracked down the IP, especially if what i have seen floating around is true. It would be naive not to consider that possibility. For security’s sake, I’d still advise all users to clean house!

One last thing I will say is that throughout our relationship, he was a fair and honest admin—at least while he was still around. If I’m being honest, the way this departure went down feels kind of cowardly to me, and not what I would expect from him given the gravity of the situation. But I suppose everyone has their own way of handling things. I’m still shocked he’d leave me to deal with this mess, especially after all the hard work we put in together. We were just two months away from being officially listed, and everything was looking so promising. Honestly, it’s just really sad to see it end like this.

To all our merchants and customers, I sincerely apologize to those who lost any coins. By all that is good and true, I've tried my absolute best to turn this around, but sadly, my efforts to make users whole just aren't possible at this point. I don't know what else to say. Throughout my time in this space, I have only ever tried to contribute positively and always pushed for security while making a few contributions along the way. I hope that I have helped at least one person during my time here. I know some people will try to blame me and point fingers, and I understand. To those individuals, I say I am truly sorry.

Take care, everyone.

Comments

Latest