Security Experts:

Connect with us

Hi, what are you looking for?



Hacking Forum Darkode Resurfaces

The Darkode cybercrime forum will return online soon. The news comes less than two weeks after law enforcement authorities announced that they had brought down the website.

The Darkode cybercrime forum will return online soon. The news comes less than two weeks after law enforcement authorities announced that they had brought down the website.

Launched almost eight years ago, Darkode ( was a secretive underground forum where users could buy and sell a wide range of cybercrime tools and services, including malware, exploit kits, spam services, and botnets.

Authorities announced on July 15 that the hacking forum, which according to Europol had between 250 and 300 members, was dismantled. A total of 28 people were arrested and 12 were charged as a result of an international law enforcement operation involving 20 countries.

The United States Department of Justice said Darkode was brought down after it was infiltrated by the FBI.

Despite the arrests and charges brought against its alleged members, Darkode is not out of the picture. On Sunday, the malware marketplace resurfaced on darkode[dot]cc.

The forum will be relaunched soon and its administrators are implementing new security measures to protect the website and its members.

“Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite (no-one else),” reads a message posted on the new website.

According to the security researcher known as MalwareTech, Darkode was resurrected by “Sp3cial1st,” the forum’s main administrator. Apparently, Sp3cial1st wanted to see which of the website’s users were arrested before bringing the forums back online.

Sp3cial1st, who according to security blogger Brian Krebs is a core member of the Lizard Squad, says each user will have their own Onion (Tor) address and authentication will be made through the Bitcoin Blockchain API.

“We will not store any form of user information except a hash of the BTC Guid, a BTC Wallet (for default display NickName), and an alias if the user chooses to create one,” the administrator said.

MalwareTech believes that the use of individual Onion addresses gives Darkode administrators greater control over who has access to the service and helps prevent account hijacking. This method will also allow admins to log each users’ activities and quickly identify potential leakers.

“These new security measures don’t come as a huge surprise seeming as Darkode had a massive problem with people using hacked accounts to leak information to law enforcement and journalists as well as scam users,” MalwareTech said. “Ironically even the Darkode administrators were compromised at one point after one of them had reused his password on another forum, which had its database leaked a few weeks prior.”

Sp3cial1st has advised members to assume that anyone claiming to be a member of Darkode is a scammer. The administrator also urges members to assume that anyone they have dealt with over the past 6-8 months might have turned into an informant for law enforcement.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet