DarkHub Hacking-for-Hire Portal Advertises Crypto Fraud and Message Interception
Key Takeaways A new dark web platform, Darkhub, has emerged on the Tor network, openly offering a wide array of illicit hacking-for-hire services. The platform advertises services including social...
Key Takeaways
- A new dark web platform, Darkhub, has emerged on the Tor network, openly offering a wide array of illicit hacking-for-hire services.
- The platform advertises services including social media account compromise, message interception, mobile phone monitoring, and a significant focus on cryptocurrency fraud and unauthorized bank access.
- Researchers at Oasis Security discovered that Darkhub’s backend infrastructure, while primarily on Tor, has a publicly accessible IP address linked to a U.S.-based hosting provider (ASN AS44259) known for “bulletproof” hosting characteristics.
- Many of Darkhub’s offerings, particularly “fund recovery” and “credit score manipulation,” suggest the platform may also be an advance-fee scam, potentially defrauding both its clients and external victims.
Darkhub: A New Hacking-for-Hire Marketplace Emerges on the Dark Web
A sophisticated new “hacking-for-hire” portal named Darkhub has been identified operating on the Tor network, openly advertising a comprehensive suite of cybercrime services. This illicit marketplace presents itself as a one-stop shop for illegal digital activities, ranging from compromising social media accounts to intercepting private communications and manipulating financial records.
Table Of Content
According to a recent security analysis, Darkhub’s brazen marketing of these capabilities, presented with a polished interface, mimics legitimate online businesses, despite its inherently criminal offerings.
Extensive Menu of Illicit Services
Darkhub’s service catalog targets both individuals and organizations, offering unauthorized access to popular platforms such as Instagram, Telegram, and WhatsApp. Other advertised services include email account compromise, mobile phone surveillance, and real-time location tracking. The platform also claims to provide cryptocurrency-related fraud services, unauthorized access to bank accounts, and even the ability to alter credit scores, demonstrating an unusually broad scope of criminal intent for a single dark web storefront.
The researchers at Oasis Security were responsible for identifying and analyzing Darkhub, providing crucial details about its operational infrastructure and the nature of its advertised services.
Dual Nature: Hacking-for-Hire and Advance-Fee Scams
Analysts noted that certain categories within Darkhub’s offerings, such as “fund recovery” and “credit score manipulation,” are classic indicators of advance-fee scam operations. These schemes typically target individuals who have already fallen victim to fraud, promising to retrieve lost funds or improve credit scores in exchange for an upfront payment that is never returned.
The presence of these services suggests that Darkhub may be designed to exploit two distinct groups: those seeking illegal hacking services and, simultaneously, unsuspecting victims looking for financial remedies. This layered deception is prevalent in dark web criminal marketplaces, where many platforms advertising offensive cyber capabilities are, in reality, elaborate scams that collect payments without delivering any actual services.
While Darkhub’s genuine technical prowess remains unconfirmed through external observation, the inclusion of these well-known scam categories in its service listings raises significant red flags regarding its legitimacy as a hacking service provider.

The platform’s explicit listing of cryptocurrency services, particularly in this context, almost certainly implies the facilitation of theft or large-scale digital asset fraud. Cryptocurrency fraud represents a rapidly expanding sector of cybercrime, and platforms like Darkhub significantly lower the barrier to entry for individuals lacking technical expertise. By offering these illicit capabilities as a paid service, Darkhub enables virtually anyone to commission a digital crime. Its anonymous contact channels, including a Telegram handle (@DarkHubs0) and a ProtonMail address ([email protected]), further underscore its intent to facilitate untraceable interactions.


The dual offering of “recover stolen funds” alongside cryptocurrency services is particularly telling. Victims of prior crypto scams are often highly susceptible to subsequent fraud attempts, making them prime targets for a platform that overtly promises recovery services it may never intend to deliver.
Infrastructure and Bulletproof Hosting Connections
A critical discovery by the Oasis Security investigation involved identifying a publicly routable IP address linked to Darkhub, despite its presence on the Tor network. Utilizing the dark web intelligence platform Arthur, researchers traced the site’s infrastructure to a U.S.-based hosting provider operating under ASN AS44259.
This hosting provider has previously been flagged in various reports for exhibiting characteristics consistent with “bulletproof hosting,” a service known for intentionally disregarding abuse complaints, making it a preferred choice for cybercriminal operations. The provider has also received an ICANN compliance notice concerning phishing-related domain abuse, and its marketing materials reportedly highlight permissive content policies, an environment highly sought after by dark web operators.
The IP address associated with Darkhub has not been static, with historical data indicating multiple changes before settling at its current value as of January 12, 2026. The reasons behind these fluctuations, whether due to provider migrations or internal operational adjustments, remain unclear. Organizations actively monitoring dark web threats are advised to exercise extreme caution with any network traffic linked to this infrastructure.
| Type | Indicator | Description |
|---|---|---|
| Onion URL | 7comssbegmmbxdi7nu7obids2urmkqnmxao5ojbesga3hxmns2yjnxqd.onion |
Darkhub hacking-for-hire Tor hidden service address |
| IP Address | 38.127.***.*** |
Public IP address associated with Darkhub backend infrastructure |
| ASN | AS44259 | Autonomous System Number for ULTAHOST, the identified hosting provider |
[email protected] |
Operator contact email advertised on the Darkhub platform | |
| Telegram Handle | @DarkHubs0 |
Operator Telegram contact advertised on the Darkhub platform |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
What You Should Do
- Organizations should implement robust dark web monitoring to identify any mentions of their assets or personnel on platforms like Darkhub.
- Educate employees and users about the risks of “hacking-for-hire” services and advance-fee scams, particularly those targeting cryptocurrency recovery or credit score manipulation.
- Enhance security measures for social media, email, and messaging platforms, including multi-factor authentication (MFA) and strong, unique passwords.
- Monitor network traffic for connections to known malicious infrastructure, including the IP address and ASN identified as associated with Darkhub (38.127.***.***, AS44259).
- Report any suspicious activity or attempts to solicit illegal hacking or scam services to relevant law enforcement agencies.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.