Agora Market, which is often considered to be the largest currently operating Bitcoin black market, has decided to pause operations due to a Tor de-anonymizing vulnerability.
On July 28th, MIT and Qatar Computing Research Institute (QCRI) published a paper detailing de-anonymizing attacks on the Tor network. The network, which has been the standard for many deep web black markets since Silk Road, keeps servers and users alike anonymous through a network of systems. Tor project developers are still analyzing proposed defenses.
The black market, protecting itself from attacks which could expose it’s server and user locations, decided to get ahead of the issue by pausing operations at an undisclosed time. Agora explained in a PGP signed message on their hidden site,
“At this point, while we don’t have a solution ready would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved.”
While Agora is still operating, they’re working hard to clear outstanding orders and process Bitcoin withdraws. They note, “During this time, there might be some delays in payouts, since many people are expected to withdraw money at the same time, but we intend to resolve any such issues in the end.”
Agora warns users to avoid depositing to the market during downtime. To similarly avoid risking user Bitcoin, Agora is working on returning the bonds vendors are required to pay to vend. For many vendors, this will likely be the first time they’ve ever had a deep web market vendor bond returned.
For Agora users looking to get back on the site, all hope is not lost. Agora explains, “We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement.”