Cyber Incident Victim: Solaris

The Solaris darknet marketplace, specializing in illegal drugs and substances, was hijacked by a competitor named Kraken on or around January 13, 2023. Kraken executed a hostile takeover by exploiting critical vulnerabilities in Solaris’ infrastructure, redirecting Solaris’ Tor site to Kraken’s platform. Blockchain analysts at Elliptic confirmed no cryptocurrency transactions from Solaris’ wallets after January 13, indicating a disruption of financial operations coinciding with the attack. Kraken publicly claimed responsibility, stating they had identified severe flaws in Solaris’ codebase, which allowed them to compromise servers hosted in Finland over a three-day period. During this time, attackers exfiltrated cleartext passwords, cryptographic keys, project source code, and GitLab repositories. Kraken also disabled Solaris’ Bitcoin payment server, effectively halting all transactional activity on the platform.

Solaris had emerged months earlier following the seizure of Hydra, another major darknet market, rapidly capturing approximately 25% of the illicit market share with an estimated $150 million in sales. Resecurity reported Solaris gained 60,000 new user registrations post-Hydra, dwarfing Kraken’s growth of roughly 6,000 users. The hijacking redirected Solaris’ user base to Kraken, consolidating market influence and undermining confidence in Solaris’ security. Kraken’s operators, described as pro-Kremlin but motivated by commercial interests rather than politics, framed the attack as a strategic acquisition to absorb a rival’s infrastructure and customers. The incident left Solaris inoperable, with its infrastructure and data fully compromised, while Kraken leveraged the breach to expand its operational footprint and user traffic. No law enforcement or third-party response actions were documented in the available reporting.