Why do Hackers Attack Dark Web Forums?

In a recent incident, Versus Market, a widely known English-speaking criminal DNM (darknet market) shut down after it was compromised by a hacker named threesixty.

Although this wasn’t the first time the market was attacked, this time the scale of the attack led its admins to decide on the complete shutdown of the Versus Market. The attack was executed by using an exploit that allowed full access to Versus’ database, including IPs, and backup directory, which exposed the personal information of tens of thousands of its users and vendors. The hacker published them across several different dark web platforms.

The news about the attack and the consequent shutdown of Versus Market spread across media sites. We were able to validate the news with data we found on the dark web, when users started reporting on errors when trying to access the market.

Security Is a Concern

Shortly after the attack on Versus, Alphabay’s admin DeSnake published a post on the need to make security a priority by darknet market (DNM) admins. He said he was contacted by threesixty who said he challenged Versus and easily hacked it.

What Motivates Hackers to Attack Dark Web Marketplaces?

Market Competition

The hacking of dark web marketplaces and hacking forums is not a new trend.

A few years ago, the OGUsers (Original Gangsters) forum, which was trading stolen social and gaming accounts, was hacked for the fourth time by a hacker sent from a rival forum. It’s believed to have been carried out by either Raidforums or Cracked. The 200K+ user information was leaked a few weeks later on rival forums.

The motivation, in that case, was eventually financial. Dark web marketplaces are competitive just like legal marketplaces and they are fighting for the same customers. When the competition is eliminated the income can be doubled and even tripled in a very short time period.

The main techniques used to fight the competition are:

• Burn the store – Hacking and leaking their sensitive information
• Show their weaknesses – Sharing a series of posts and statements by highly ranked users to highlight their security flaws, intimidate other users, and push them to use other “better” forums.

These techniques work because most dark web marketplaces lack the features a proper monitoring platform needs to have.

The publication of the leak was intentional and reached a high volume of audience, which hit the reputation of the forum, showing its users that they cannot be trusted anymore. 

Hacktivism

In some cases, less frequent than the rivalry games, a dark web marketplace or forum is hacked by hacktivists, who claim to be the Robin Hood of the people.

Take for example the attack against the OpenRoad market, an illegal drug trading dark web marketplace, which was allegedly scamming dark web traders. The marketplace was breached by a hacktivist called Gladiator, who after compromising it shared users’ information, including crypto addresses. All in an effort to shut it down.

The reason, he claimed in the post below, was to remove the scam market from the landscape.

For security teams looking to build stronger client relationships, understanding these threat patterns and monitoring cybercriminals on darkweb forums is key to market differentiation. 

Effectively doing so requires access to both live and historical intelligence from hard-to-reach sources across the dark web. Webz.io’s Cyber API delivers structured, continuously updated feeds covering thousands of marketplaces, forums, and leak sites, along with up to two years of historical data. This data enables security teams to detect emerging threats, trace threat actor activity, and strengthen their threat intelligence capabilities.

FAQs

What are dark web forums used for?

They’re online meeting spots where hackers, data traders, and cybercriminals share information and do business. People use them to buy and sell stolen data, malware, or access credentials. They also trade tips, post tutorials, and talk about security flaws or attack methods that help them stay ahead.

Why would hackers target other hackers or markets on the dark web?

It often comes down to rivalry, revenge, or money. Some want to steal a competitor’s users or data, while others try to damage a rival’s reputation. A few claim moral reasons, like taking down scam markets or exposing abuse, but even those attacks can throw the whole community into chaos.

How do attacks on dark web forums affect the cybercrime ecosystem?

Every breach shakes up the underground. Identities get exposed, users scatter, and trust erodes fast. Some groups go quiet, others rebuild elsewhere. For researchers and law enforcement, these leaks are gold; they reveal connections between threat actors and help track new campaigns as they form.

Are attacks on dark web forums common?

They happen more often than people think. Rival forum owners, disgruntled insiders, and hacktivists all take shots at each other. After every takedown, smaller invite-only forums pop up, claiming to be safer. That cycle keeps repeating, which makes the dark web both unstable and constantly changing.

What’s the difference between hacker forums and general dark web marketplaces?

Hacker forums are more about conversation and collaboration – people share code, tools, and advice. Marketplaces are about commerce. They exist to sell things like stolen data, malware kits, or fake IDs. One runs on reputation and knowledge; the other runs on transactions and profit.