Close up of a person's hand typing on a laptop in a dark space.
© Srinivasan.Clicks/

Popular dark web marketplace Solaris has been hacked and taken over by rival Kraken. Since Jan. 13, visitors to the Solaris dark website have been automatically redirected to Kraken’s site.

Kraken claims they’ve wrestled control over Solaris’ website and cyberinfrastructure, as well as its project source code and GitLab repository.

Solaris and Kraken profited heavily from the takedown of the Hydra marketplace in April 2022. Solaris had an estimated 20-25 percent share of the illegal dark web market.

Vulnerabilities in Solaris’ Infrastructure

According to Blockchain analytics firm Elliptic, cracks in Solaris’ infrastructure began to show in December 2022. A Ukrainian hacker named Alex Holden told Forbes he managed to penetrate Solaris’ central Bitcoin wallet.

Holden withdrew 1.6 Bitcoin, which he donated to the Ukrainian charity Enjoying Life. Solaris issued a statement shortly after that disputed the claims made in the Forbes article.

However, a few weeks later, on Jan. 13, Solaris’ visitors found they could not access the dark web marketplace. They were redirected to the Kraken marketplace, which contained a notice announcing the Solaris hack.

“Kraken attributed its successful takeover to poor operational security by Solaris admins, allowing the hack to take place over three days without notice. Logs apparently confirming Kraken’s full control of Solaris were also shared,” Elliptic’s report states.

Kraken has even disabled Solaris’ Bitcoin wallets. Elliptic confirmed it could not track any activity in Solaris-affiliated Bitcoin addresses since Jan. 13.

Ties to Russia

Solaris, only a few months old, has processed $150 million in drug sales and other illegal activities.

Kraken and Solaris are Russian-speaking marketplaces, and both gained some prominence following the shutdown of Hydra last year. Solaris has ties to Killnet, a pro-Russia hacking group known to carry out DDOS attacks against its targets.

Last year, Killnet targeted the websites of several U.S. airports, banks, and Lithuanian government infrastructure. Killnet has not spoken out about the takeover so far. The group’s dark forum, Infinity, is currently focused on an apparent hack of the U.S. Internal Revenue Service.

If you are curious to learn more about dark web markets, make sure to read our dark web marketplace safety guide before you begin exploring.

Leave a comment