Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
macOS Stealer Masquerades as Crash Reports to Steal Browser Data
July 13, 2026
Turla Hackers Exploit Critical SharePoint Flaw to Access French Accounts
July 13, 2026
Internet Scans Target Exposed AI Models, Claude Credentials, and MCP Servers
July 13, 2026
Home/Threats/DarkHub Hacking-for-Hire Portal Advertises Crypto Fraud and Message Interception
Threats

DarkHub Hacking-for-Hire Portal Advertises Crypto Fraud and Message Interception

Key Takeaways A new dark web platform, Darkhub, has emerged on the Tor network, openly offering a wide array of illicit hacking-for-hire services. The platform advertises services including social...

Emy Elsamnoudy
Emy Elsamnoudy
May 7, 2026 5 Min Read
59 0

Key Takeaways

  • A new dark web platform, Darkhub, has emerged on the Tor network, openly offering a wide array of illicit hacking-for-hire services.
  • The platform advertises services including social media account compromise, message interception, mobile phone monitoring, and a significant focus on cryptocurrency fraud and unauthorized bank access.
  • Researchers at Oasis Security discovered that Darkhub’s backend infrastructure, while primarily on Tor, has a publicly accessible IP address linked to a U.S.-based hosting provider (ASN AS44259) known for “bulletproof” hosting characteristics.
  • Many of Darkhub’s offerings, particularly “fund recovery” and “credit score manipulation,” suggest the platform may also be an advance-fee scam, potentially defrauding both its clients and external victims.

Darkhub: A New Hacking-for-Hire Marketplace Emerges on the Dark Web

A sophisticated new “hacking-for-hire” portal named Darkhub has been identified operating on the Tor network, openly advertising a comprehensive suite of cybercrime services. This illicit marketplace presents itself as a one-stop shop for illegal digital activities, ranging from compromising social media accounts to intercepting private communications and manipulating financial records.

Table Of Content

  • Key Takeaways
  • Darkhub: A New Hacking-for-Hire Marketplace Emerges on the Dark Web
  • Extensive Menu of Illicit Services
  • Dual Nature: Hacking-for-Hire and Advance-Fee Scams
  • Infrastructure and Bulletproof Hosting Connections
  • What You Should Do

According to a recent security analysis, Darkhub’s brazen marketing of these capabilities, presented with a polished interface, mimics legitimate online businesses, despite its inherently criminal offerings.

Extensive Menu of Illicit Services

Darkhub’s service catalog targets both individuals and organizations, offering unauthorized access to popular platforms such as Instagram, Telegram, and WhatsApp. Other advertised services include email account compromise, mobile phone surveillance, and real-time location tracking. The platform also claims to provide cryptocurrency-related fraud services, unauthorized access to bank accounts, and even the ability to alter credit scores, demonstrating an unusually broad scope of criminal intent for a single dark web storefront.

The researchers at Oasis Security were responsible for identifying and analyzing Darkhub, providing crucial details about its operational infrastructure and the nature of its advertised services.

Dual Nature: Hacking-for-Hire and Advance-Fee Scams

Analysts noted that certain categories within Darkhub’s offerings, such as “fund recovery” and “credit score manipulation,” are classic indicators of advance-fee scam operations. These schemes typically target individuals who have already fallen victim to fraud, promising to retrieve lost funds or improve credit scores in exchange for an upfront payment that is never returned.

The presence of these services suggests that Darkhub may be designed to exploit two distinct groups: those seeking illegal hacking services and, simultaneously, unsuspecting victims looking for financial remedies. This layered deception is prevalent in dark web criminal marketplaces, where many platforms advertising offensive cyber capabilities are, in reality, elaborate scams that collect payments without delivering any actual services.

While Darkhub’s genuine technical prowess remains unconfirmed through external observation, the inclusion of these well-known scam categories in its service listings raises significant red flags regarding its legitimacy as a hacking service provider.

Darkhub hacking-for-hire service site interface (Source - Oasis Security)
Darkhub hacking-for-hire service site interface (Source – Oasis Security)

The platform’s explicit listing of cryptocurrency services, particularly in this context, almost certainly implies the facilitation of theft or large-scale digital asset fraud. Cryptocurrency fraud represents a rapidly expanding sector of cybercrime, and platforms like Darkhub significantly lower the barrier to entry for individuals lacking technical expertise. By offering these illicit capabilities as a paid service, Darkhub enables virtually anyone to commission a digital crime. Its anonymous contact channels, including a Telegram handle (@DarkHubs0) and a ProtonMail address ([email protected]), further underscore its intent to facilitate untraceable interactions.

Service listing and contact information of the Darkhub site (Source - Oasis Security)
Service listing and contact information of the Darkhub site (Source – Oasis Security)
Service offerings displayed on the Darkhub site (Source - Oasis Security)
Service offerings displayed on the Darkhub site (Source – Oasis Security)

The dual offering of “recover stolen funds” alongside cryptocurrency services is particularly telling. Victims of prior crypto scams are often highly susceptible to subsequent fraud attempts, making them prime targets for a platform that overtly promises recovery services it may never intend to deliver.

Infrastructure and Bulletproof Hosting Connections

A critical discovery by the Oasis Security investigation involved identifying a publicly routable IP address linked to Darkhub, despite its presence on the Tor network. Utilizing the dark web intelligence platform Arthur, researchers traced the site’s infrastructure to a U.S.-based hosting provider operating under ASN AS44259.

This hosting provider has previously been flagged in various reports for exhibiting characteristics consistent with “bulletproof hosting,” a service known for intentionally disregarding abuse complaints, making it a preferred choice for cybercriminal operations. The provider has also received an ICANN compliance notice concerning phishing-related domain abuse, and its marketing materials reportedly highlight permissive content policies, an environment highly sought after by dark web operators.

The IP address associated with Darkhub has not been static, with historical data indicating multiple changes before settling at its current value as of January 12, 2026. The reasons behind these fluctuations, whether due to provider migrations or internal operational adjustments, remain unclear. Organizations actively monitoring dark web threats are advised to exercise extreme caution with any network traffic linked to this infrastructure.

Type Indicator Description
Onion URL 7comssbegmmbxdi7nu7obids2urmkqnmxao5ojbesga3hxmns2yjnxqd.onion Darkhub hacking-for-hire Tor hidden service address
IP Address 38.127.***.*** Public IP address associated with Darkhub backend infrastructure
ASN AS44259 Autonomous System Number for ULTAHOST, the identified hosting provider
Email [email protected] Operator contact email advertised on the Darkhub platform
Telegram Handle @DarkHubs0 Operator Telegram contact advertised on the Darkhub platform

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

What You Should Do

  • Organizations should implement robust dark web monitoring to identify any mentions of their assets or personnel on platforms like Darkhub.
  • Educate employees and users about the risks of “hacking-for-hire” services and advance-fee scams, particularly those targeting cryptocurrency recovery or credit score manipulation.
  • Enhance security measures for social media, email, and messaging platforms, including multi-factor authentication (MFA) and strong, unique passwords.
  • Monitor network traffic for connections to known malicious infrastructure, including the IP address and ASN identified as associated with Darkhub (38.127.***.***, AS44259).
  • Report any suspicious activity or attempts to solicit illegal hacking or scam services to relevant law enforcement agencies.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

HackerphishingSecurityThreat

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

CloudZ RAT Abuses Microsoft Phone Link to Steal SMS OTPs

Next Post

FEMITBOT Network Leverages Telegram Mini Apps for Crypto Fraud, Android Malware

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Debian 13 Trixie Released With Security Updates
July 13, 2026
iPhone, MacBook Forensics Expose £113,000 Property Fraud
July 13, 2026
CISA warns of Joomla iCagenda, Balbooa flaws exploited in attacks
July 13, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us