dark.fail: Is a darknet site online?Updated Fri, 14 May 2021 01:10:20 UTC
Mastodon | Twitter

THIS DOMAIN WAS HIJACKED BY A PHISHER. A phisher convinced Tucows to transfer the domain "dark.fail" and served phishing links right here for over four days. Here is my signed statement following the attack. My Twitter followed the events as they unfolded.

You may have been phished. If you researched any darknet sites using links here during the phishing attack and did not PGP verify the .onion URLs you may have been phished.

For now, Dark.fail is only accessible at darkfailllnkf4vf.onion by using Tor Browser while we audit our security. Our .onion site was not affected in any way by this attack.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If you visited sites listed on the clearnet domain "dark.fail"
between April 29th through May 5th 2021 you were phished and should
rotate all credentials immediately!

DarkDotFail has regained control of the domain "dark.fail", the
Twitter account "@DarkDotFail", the Reddit account "/u/DarkDotFail",
and the email address "hello@dark.fail". Thank you Njalla for your
tireless work in getting our hijacked domain back. The attacker was
unable to get past 2FA on our Twitter, Reddit, and Email. They did
not access any existing messages nor servers. Emails sent to any
address @dark.fail during the attack were received by the attacker.
Our .onion site was not compromised. Our OPSEC is fully intact.

A phisher stole our domain and operated it for four days in a highly
sophisticated attack that bypassed all security protocols we had in
place, including 2FA. The attacker sent a fake German court order to
Njalla's partner Tucows and convinced them to transfer our domain to 
Namecheap. They then listed 68 phishing replicas of real sites on
our domain, stealing an untold amount of cryptocurrency from these
sites' researchers and users. They also hijacked DarknetLive.com.

It took Namecheap four days to transfer our domain back to us.

Read @brokep's summary of what happened for more information: 
https://twitter.com/brokep/status/1389314362561777665

Every site listed on the domain "dark.fail" from April 29th through
May 5th 2021 was a man-in-the-middle phishing proxy. Each site
looked real but instead shared all user activity with the attacker,
including passwords and messages. Cryptocurrency addresses displayed
on these sites were rewritten to addresses controlled by the phisher,
intercepting many people's money.

DarkDotFail's .onion address was not affected by this attack. No
phishing sites have ever been displayed there.

As long as we are maintain a clearnet mirror, we cannot fully promise that
this will not happen again. The domain name system is centralized and prone
to human error and deceit.

Always check /mirrors.txt and PGP verify it. Researchers that PGP verified
sites before interacting with them during this attack outsmarted the phish.

This unprecedented attack has set back our entire community. We are
implementing ways to rely less on the antiquated domain name system
used by the clearnet and to move to decentralized DNS alternatives.

We are infuriated that our trusted name was used for harm.

Devastated, motivated. Big changes are on their way.

DarkDotFail
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfW0DbC7R6OyjEztdZcgjJbAZcsUFAmCR9w0ACgkQZcgjJbAZ
csW8WRAArtcUkkIu/12fiFfv0gt7FDNM6shzwgBpb7DBOTX5P0PIm78V5wxB1VVB
dTBn43o9YRQY95prUnoZ1tYTC5Y+EmetvLgK/ZBaWiSS/pqMTvlIuIgKYInzz4ps
8ws6b+E/4WnhFmXuBeVz/CiL20sQum50hKTWRotFLlpAuxrMTr4VYrwAk1JZV96l
3c54dWg/aP4cXvtQCuiXL94iY/TNiXUJ+nxT/QJLSALh0PS2lhQtmPCgYKT6smnK
nUBB3o/S2y3McNue4NSisFA2Qw6qbrUh/LEBWRi9e8cCIdpkWcO809Y1lDpY+R+I
AKfxB072I54ZNuLuIG2iWwVftcTqBKmV0ePPubfc0nKzpkyzT/8LmhzWfk9bY/BV
I4WjJrDl4llbun2Ip8uUEugri95Frl3hLr21qipBML4fe6poqvrGepM2ZXlZpzwS
TAtc5uBZDE5XrOl3vGJetF/uBu+YQBPiFsxxXrUQvE7bzPnwB4wvGDJ3T6lIJXED
9MXpU4p+2Vk9VbBUIJL1L2lz9tpkCtNXAfwCkunipOZo+VPGbAeanKqtOn71UwqH
TYNJvKF3WoUh0mqQo3e49JJDgHSJjNO6+aYqJqJXobdycZBtjdwM9Oz+FMwwHw44
512S21KENWFm4JajVC8S3Qg0Uu9Im+X5HKsh2QffXs3K306pKEE=
=5CMK
-----END PGP SIGNATURE-----

 

NEW: Verify signatures with Dark.fail's new PGP Tool. Don't get phished. Always PGP verify .onion and Bitcoin addresses before interacting with them.

Tor is the uncensored internet. Install Tor Browser to explore it. Set darkfailllnkf4vf.onion as your home page to save time. Links are PGP verified and unclickable for your safety. dark.fail's philosophy and finances

This resource is intended for researchers only. I do not vouch for any sites.

Philosophy

Always fast, one server request. No tracking ever, no javascript ever.

Accurate URLs verified by PGP. No direct linking in order to protect against DNS leaks from accidental clicking in a clearnet browser.

Knowledge of darknet site uptime is important to many cybersecurity researchers. This site is provided for information only. No endorsements are made or implied regarding any sites or organizations mentioned here.

Want a link listed or removed here? Email hello -a-t- dark.fail

Jabber: darkdotfail at jabber.calyxinstitute.org

Defend your right to privacy: donate to the EFF.

Donations are Appreciated

dark.fail is supported by our users. No sites pay for placement or advertisements, no affiliate links have or will ever be used. If this resource has helped you please consider sending a contribution.

Monero: 8BENWZNwpzwDqkbLqVgVdTNt9WhN4LdUY4PpBLngaSXc8GkP1N7hdzjJDy9gUiWx3zLTvhnteiYPsXr8tegpR5nGNjtehzw

PGP Key

My current key is available at /pgp.txt.

PGP key rotation history

ADMINS: Introducing the Onion Mirror Guidelines. Implement the "OMG" to remain listed on dark.fail.