-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 If you visited sites listed on the clearnet domain "dark.fail" between April 29th through May 5th 2021 you were phished and should rotate all credentials immediately! DarkDotFail has regained control of the domain "dark.fail", the Twitter account "@DarkDotFail", the Reddit account "/u/DarkDotFail", and the email address "hello@dark.fail". Thank you Njalla for your tireless work in getting our hijacked domain back. The attacker was unable to get past 2FA on our Twitter, Reddit, and Email. They did not access any existing messages nor servers. Emails sent to any address @dark.fail during the attack were received by the attacker. Our .onion site was not compromised. Our OPSEC is fully intact. A phisher stole our domain and operated it for four days in a highly sophisticated attack that bypassed all security protocols we had in place, including 2FA. The attacker sent a fake German court order to Njalla's partner Tucows and convinced them to transfer our domain to Namecheap. They then listed 68 phishing replicas of real sites on our domain, stealing an untold amount of cryptocurrency from these sites' researchers and users. They also hijacked DarknetLive.com. It took Namecheap four days to transfer our domain back to us. Read @brokep's summary of what happened for more information: https://twitter.com/brokep/status/1389314362561777665 Every site listed on the domain "dark.fail" from April 29th through May 5th 2021 was a man-in-the-middle phishing proxy. Each site looked real but instead shared all user activity with the attacker, including passwords and messages. Cryptocurrency addresses displayed on these sites were rewritten to addresses controlled by the phisher, intercepting many people's money. DarkDotFail's .onion address was not affected by this attack. No phishing sites have ever been displayed there. As long as we are maintain a clearnet mirror, we cannot fully promise that this will not happen again. The domain name system is centralized and prone to human error and deceit. Always check /mirrors.txt and PGP verify it. Researchers that PGP verified sites before interacting with them during this attack outsmarted the phish. This unprecedented attack has set back our entire community. We are implementing ways to rely less on the antiquated domain name system used by the clearnet and to move to decentralized DNS alternatives. We are infuriated that our trusted name was used for harm. Devastated, motivated. Big changes are on their way. DarkDotFail -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfW0DbC7R6OyjEztdZcgjJbAZcsUFAmCR9w0ACgkQZcgjJbAZ csW8WRAArtcUkkIu/12fiFfv0gt7FDNM6shzwgBpb7DBOTX5P0PIm78V5wxB1VVB dTBn43o9YRQY95prUnoZ1tYTC5Y+EmetvLgK/ZBaWiSS/pqMTvlIuIgKYInzz4ps 8ws6b+E/4WnhFmXuBeVz/CiL20sQum50hKTWRotFLlpAuxrMTr4VYrwAk1JZV96l 3c54dWg/aP4cXvtQCuiXL94iY/TNiXUJ+nxT/QJLSALh0PS2lhQtmPCgYKT6smnK nUBB3o/S2y3McNue4NSisFA2Qw6qbrUh/LEBWRi9e8cCIdpkWcO809Y1lDpY+R+I AKfxB072I54ZNuLuIG2iWwVftcTqBKmV0ePPubfc0nKzpkyzT/8LmhzWfk9bY/BV I4WjJrDl4llbun2Ip8uUEugri95Frl3hLr21qipBML4fe6poqvrGepM2ZXlZpzwS TAtc5uBZDE5XrOl3vGJetF/uBu+YQBPiFsxxXrUQvE7bzPnwB4wvGDJ3T6lIJXED 9MXpU4p+2Vk9VbBUIJL1L2lz9tpkCtNXAfwCkunipOZo+VPGbAeanKqtOn71UwqH TYNJvKF3WoUh0mqQo3e49JJDgHSJjNO6+aYqJqJXobdycZBtjdwM9Oz+FMwwHw44 512S21KENWFm4JajVC8S3Qg0Uu9Im+X5HKsh2QffXs3K306pKEE= =5CMK -----END PGP SIGNATURE-----