A relatively new darkweb market, Kingdom Market has recently gone through the grinder for using what has been described as a misconfigured onion service which ultimately resulted in their IP leaking.

This leak and further information about the downward spiral of the market was posted on Dread where users raised concerns about a general lack of OPSEC and incompetency when it came to the more technical details involved in running a site, much like a market based over the darkweb.

One particular user with such opinions was /u/bugkiller who at the time shared a thread detailing some of these missteps the new market has made since its inception and why users should not be investing their money on there.

Following this information, admin of Dread shared a warning on a Subdread. Hugbunter stated:

Found by /u/bugkiller via Shodan.
IP is accessible over Clearnet and I’ve verified as much as possible to rule out it being a phishing proxy. Get your coin out now if you, for some strange reason shopped/vended there.
Edit: It is now leaking tonnes due to coinmarketcap seemingly blocking their crypto rate requests, they have errors enabled, oh lord!
ErrorException (E_ERROR)
file_get_contents(https://api.coinmarketcap.com/v1/ticker/bitcoin/):
failed to open stream: HTTP request failed! HTTP/1.1 429 Too Many Requests (View:
/var/www/html/resources/views/master/navbar.blade.php) (View:
/var/www/html/resources/views/master/navbar.blade.php) (View:
/var/www/html/resources/views/master/navbar.blade.php)

He went further to explain how these technical malfunctions were affecting the site:

“Also, this explains why it was slow to load each page, he’s running rate update via file_get_contents on every page load.”

The standing argument is that the market, though professing to be a darkweb site, was available on the Clearnet which makes it vulnerable to be tracked down.

Another issue that seemed to raise concern amongst users was the stance Kingdom Market took on OPSEC, leaving images uploaded on the site with EXIF data on them. While this cannot be blamed on them entirely, it is important to note that some degree, various sites and markets hold some sort of responsibility to cleaning out the content left up by users to ensure its appropriate and safe for other users, especially if it is under scrutiny. So while vendors are mandated to keep EXIF data off the images they upload, any self-respecting market should be in charge of holding them to that standard. This was poorly handled by Kingdom.

These concerns and some has somewhat been addressed, rather poorly, by admins of Kingdom Market who shared this via /u/KingdomMarketSupport, in what appears to be English written by a 4-year-old:

“I am here, I left with no money yet in escrow I have more than 28,000 dollars my users are safe”

They seem to take some responsibility here, stating that while they have not offered the best of service in technical work it is being worked on and so far no vendors have been compromised. They accuse competitor Kilos of a double standard in him issuing a statement about his interactions with admins from the market some weeks back where he alleges that their correspondence was from a Gmail account and set up in French, which to him was attributed to a lackadaisical approach to security and advised that users take caution:

(…) and a liar he says take my database except that it is not possible he speaks to noob, certainly I screw up in the configuration of my DNS but it is under repair no user and no seller has his security of compromise.
after with your forum “Kilos” frankly it and more crappy than crappy ^^
why don’t you make a market you talk a lot, people like you are brainless disabled
A noob lol
Know one thing we will never pay we and not it is bitch who pays us we pay nothing on the contrary we are paid but good little spotty long hide the back hide are hiding lol

Finishing with a well-deserved and frankly the first properly written statement:

“Best Regards,
Kingdom”

The statement has since been removed along with bugkiller’s thread on Dread due to doxxing rules according to Hugbunter. Some have shared opinions that this is clearly a ploy to get users and then exit scam at the least success, and so are not taking the market seriously. But to those vulnerable users out there, this remains a fact: Check your sources!

Ensure your markets have some modicum of integrity – even some of the largest markets have exit scammed, so trust no one and play it smart, especially because it is your money.