ELI5 What was the Black Goblin market [BGM]?

Black Goblin was a short lived and relatively unknown darknet market.

It ran at Tor address ua4aptglh45m5p6b.onionand was announced on Reddit in the DarkNetMarkets subreddit, which has since been banned due to TOS violations.

Black Goblin was launched in 2014 but it was de-anonymized shortly after.

Since the motivation behind some (most?) darknet markets was to enable illicit drug trade, being de-anonymized meant certain closure.

No user would like to be doxxed for using one of these underground marketplaces.

Deanonymization of Black Goblin Market

The de-anonymization process happened via email.

One user who has since deleted the content (and therefore we will not link to it or identify the source at their own desire to remain anonymous) explained that Black Goblin's signup process sent confirmation emails to new users.

This is, of course, a major privacy concern for secret Tor services, since email uses the open Internet.

Upon closer inspection, email headers exposed the hidden server's true IP, its Germany origin and other details.

Hackers then tested DDoS'ing the exposed IP and discovered that the hidden Tor site also went down, correlating one and the other.


Mentioned on a 2018 Darknet Poster [PDF]

About the Author
Published by Gal Crypto - Geek crypto Gal stacking sats to get more tats! Information security enthusast, cryptocurrency early adopter and passionate about decentralized finance + fintechs. Front-end developer (Angular, PHP, React) and weekend skater. Learn More About Us