THIS DOMAIN WAS HIJACKED BY A PHISHER. A phisher convinced Tucows to transfer the domain "dark.fail" and served phishing links right here for over four days. Here is my signed statement following the attack. My Twitter followed the events as they unfolded.
You may have been phished. If you researched any darknet sites using links here during the phishing attack and did not PGP verify the .onion URLs you may have been phished.
For now, Dark.fail is only accessible at darkfailllnkf4vf.onion by using Tor Browser while we audit our security. Our .onion site was not affected in any way by this attack.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 If you visited sites listed on the clearnet domain "dark.fail" between April 29th through May 5th 2021 you were phished and should rotate all credentials immediately! DarkDotFail has regained control of the domain "dark.fail", the Twitter account "@DarkDotFail", the Reddit account "/u/DarkDotFail", and the email address "firstname.lastname@example.org". Thank you Njalla for your tireless work in getting our hijacked domain back. The attacker was unable to get past 2FA on our Twitter, Reddit, and Email. They did not access any existing messages nor servers. Emails sent to any address @dark.fail during the attack were received by the attacker. Our .onion site was not compromised. Our OPSEC is fully intact. A phisher stole our domain and operated it for four days in a highly sophisticated attack that bypassed all security protocols we had in place, including 2FA. The attacker sent a fake German court order to Njalla's partner Tucows and convinced them to transfer our domain to Namecheap. They then listed 68 phishing replicas of real sites on our domain, stealing an untold amount of cryptocurrency from these sites' researchers and users. They also hijacked DarknetLive.com. It took Namecheap four days to transfer our domain back to us. Read @brokep's summary of what happened for more information: https://twitter.com/brokep/status/1389314362561777665 Every site listed on the domain "dark.fail" from April 29th through May 5th 2021 was a man-in-the-middle phishing proxy. Each site looked real but instead shared all user activity with the attacker, including passwords and messages. Cryptocurrency addresses displayed on these sites were rewritten to addresses controlled by the phisher, intercepting many people's money. DarkDotFail's .onion address was not affected by this attack. No phishing sites have ever been displayed there. As long as we are maintain a clearnet mirror, we cannot fully promise that this will not happen again. The domain name system is centralized and prone to human error and deceit. Always check /mirrors.txt and PGP verify it. Researchers that PGP verified sites before interacting with them during this attack outsmarted the phish. This unprecedented attack has set back our entire community. We are implementing ways to rely less on the antiquated domain name system used by the clearnet and to move to decentralized DNS alternatives. We are infuriated that our trusted name was used for harm. Devastated, motivated. Big changes are on their way. DarkDotFail -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfW0DbC7R6OyjEztdZcgjJbAZcsUFAmCR9w0ACgkQZcgjJbAZ csW8WRAArtcUkkIu/12fiFfv0gt7FDNM6shzwgBpb7DBOTX5P0PIm78V5wxB1VVB dTBn43o9YRQY95prUnoZ1tYTC5Y+EmetvLgK/ZBaWiSS/pqMTvlIuIgKYInzz4ps 8ws6b+E/4WnhFmXuBeVz/CiL20sQum50hKTWRotFLlpAuxrMTr4VYrwAk1JZV96l 3c54dWg/aP4cXvtQCuiXL94iY/TNiXUJ+nxT/QJLSALh0PS2lhQtmPCgYKT6smnK nUBB3o/S2y3McNue4NSisFA2Qw6qbrUh/LEBWRi9e8cCIdpkWcO809Y1lDpY+R+I AKfxB072I54ZNuLuIG2iWwVftcTqBKmV0ePPubfc0nKzpkyzT/8LmhzWfk9bY/BV I4WjJrDl4llbun2Ip8uUEugri95Frl3hLr21qipBML4fe6poqvrGepM2ZXlZpzwS TAtc5uBZDE5XrOl3vGJetF/uBu+YQBPiFsxxXrUQvE7bzPnwB4wvGDJ3T6lIJXED 9MXpU4p+2Vk9VbBUIJL1L2lz9tpkCtNXAfwCkunipOZo+VPGbAeanKqtOn71UwqH TYNJvKF3WoUh0mqQo3e49JJDgHSJjNO6+aYqJqJXobdycZBtjdwM9Oz+FMwwHw44 512S21KENWFm4JajVC8S3Qg0Uu9Im+X5HKsh2QffXs3K306pKEE= =5CMK -----END PGP SIGNATURE-----
NEW: Verify signatures with Dark.fail's new PGP Tool. Don't get phished. Always PGP verify .onion and Bitcoin addresses before interacting with them.
Tor is the uncensored internet. Install Tor Browser to explore it. Set
darkfailllnkf4vf.onion as your home page to save time. Links are PGP verified and unclickable for your safety. dark.fail's philosophy and finances
This resource is intended for researchers only. I do not vouch for any sites.
Accurate URLs verified by PGP. No direct linking in order to protect against DNS leaks from accidental clicking in a clearnet browser.
Knowledge of darknet site uptime is important to many cybersecurity researchers. This site is provided for information only. No endorsements are made or implied regarding any sites or organizations mentioned here.
Want a link listed or removed here? Email hello -a-t- dark.fail
Jabber: darkdotfail at jabber.calyxinstitute.org
Defend your right to privacy: donate to the EFF.
Donations are Appreciated
dark.fail is supported by our users. No sites pay for placement or advertisements, no affiliate links have or will ever be used. If this resource has helped you please consider sending a contribution.
My current key is available at /pgp.txt.
ADMINS: Introducing the Onion Mirror Guidelines. Implement the "OMG" to remain listed on dark.fail.