This Christmas, Ukrainian cyber intelligence expert Alex Holden is giving back to his homeland. The Mequon, Wisconsin resident is playing dark web Robin Hood: His team at Hold Security has hacked into one of Russia’s largest online drug markets, dubbed Solaris, and diverted crypto due to dealers and the site’s owners to a charity, Enjoying Life, which provides humanitarian aid to displaced and poor people across Ukraine.
Holden, who left Kyiv as a teenager in the 1980s amidst fallout of the Chernobyl nuclear disaster, declined to reveal how he did it, but said he was able to take control of much of the internet infrastructure powering Solaris, a number of administrator accounts running the illicit bazaar, website source code and a database of its users, as well as drop off locations for drug deliveries. For a brief time, his team also had control over Solaris’ “master wallet.” This wallet was used by buyers and dealers to deposit and withdraw funds, acting as the site’s cryptocurrency exchange.
Holden showed Forbes multiple screenshots of access to Solaris admin accounts and the master wallet, and a Ukrainian cybersecurity expert confirmed the screenshots did indeed appear to show access to backend Solaris accounts.
With money quickly going in and out of the wallet, it rarely contained more than 3 bitcoin, worth $50,000, Holden said. That meant there wasn’t a huge amount for him to siphon off, though he did manage to grab 1.6 bitcoin, worth $25,000, and sent it to Enjoying Life. Hold Security is also making a separate donation of $8,000.
Enjoying Life cofounder Tina Mikhailovskaya confirmed the nonprofit had received the donation, saying all contributions went direct to the elderly, families and internally displaced persons who suffered because of Russia’s war.
Holden is now sitting on a substantial cache of information on Solaris’ users and operations, which he believes could be used to identify the whereabouts of any Russian cybercriminals who’re using the site to fuel their operations. He’s also kept control over various parts of the market, so far without being detected. By going public via Forbes, he wants to spook the owners into closing the site. There’s a political edge to the attack too. “Maybe Russians without their drugs would soberly look at their country and do something,” he said. “Maybe the Kremlin won’t defend their country’s drug trade and fix the drug problems instead of invading Ukraine.”
A Solaris dealer’s offerings. Alex Holden, founder of Hold Security, believes the site does thousands of transactions a day
The attacks could have an impact beyond the dark web drug trade in Russia. It may disrupt one of Solaris’ associates: a pro-Kremlin hacking crew known as Killnet. Holden is keen to stymie Killnet in any way he can, and his infiltration of Solaris offers one path because the exchange has numerous ties to the Russian hacking group. Over the summer, the latter carried out DDoS attacks on Solaris’ main rival Rutor, which had become Russia’s underground drugs market leader after another bazaar, Hydra, was shut down in March. Analysts at U.S. cybersecurity firm ZeroFox said earlier this year it appeared Solaris was paying for Killnet’s DDoS services.
Killnet’s own leadership has been vocal about its support from Solaris too. In an October interview with Russian publication RT, a Killnet founder known as KillMilk said his gang had “huge support” from Solaris’ “daring and strong team.” After pledging to hack American government agencies in response to U.S. support for Ukraine, he said he’d known the Solaris team “for a very long time.” Holden, believing Killnet is funded by Solaris’ drugs money, added that “maybe severing this connection will remove some fuel from the Killnet garbage fire.”
Originally published by Forbes on 22.12.2022
Along with this, you may be interested in our report on how mobilization and closed borders in Ukraine worsens the wages and working conditions for men through the growth of shadow employment.
At the same time, regular blackouts due to Russian missile strikes on power plants also lead to employees paying for bosses’ losses out of their own pockets.