Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring

Discover more Antivirus software subscription Software Antivirus & Malware HomeCyber Security News Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring By Tushar Subhra Dutta May 6, 2026 A dark web platform calling itself Darkhub has surfaced on the Tor network, openly advertising hacking-for-hire services to anyone willing to pay. The platform presents itself as a one-stop shop for illegal cyber activity, with offerings ranging from breaking into social media accounts to intercepting private messages and manipulating financial records. What makes Darkhub notable is how openly it markets these capabilities, packaging a broad menu of illegal services in a polished interface as if it were a legitimate business. The platform targets everyday people and organizations alike. Darkhub’s listed services include unauthorized access to Instagram, Telegram, and WhatsApp accounts, along with email compromise, mobile phone monitoring, and real-time location tracking of individuals. It also claims to offer cryptocurrency-related fraud services, unauthorized bank account access, and the ability to alter credit scores, covering a surprisingly wide range of criminal intent in a single storefront. Researchers at Oasis Security identified and analyzed the platform, revealing details about its infrastructure and the true nature of its advertised offerings. Their investigation found that Darkhub is not just hiding behind the anonymity of the Tor network. A publicly accessible IP address was linked to the service, suggesting that parts of its backend are exposed beyond the encrypted Tor environment, a notable detail for any service that depends on staying hidden. One aspect of Darkhub’s catalog drew particular attention from analysts. Categories like fund recovery and credit score manipulation are well-known hallmarks of advance-fee scam operations. Darkhub’s Service Scope and Crypto Fraud Angle These schemes prey on prior fraud victims, promising to recover lost money in exchange for an upfront payment that is never returned. Their presence in the service listing suggests Darkhub may be targeting two groups at once: outside victims and its own paying clients. This kind of layered deception is not uncommon in the dark web services space. Many platforms advertising offensive hacking capabilities are, in practice, scam operations that collect payment without ever delivering anything real. While Darkhub’s true technical capability cannot be confirmed through external observation, the warning signs throughout its service catalog are very hard to overlook. Darkhub hacking-for-hire service site interface (Source – Oasis Security) The range of services advertised by Darkhub covers nearly every recognizable form of digital intrusion. Beyond social media hacking and phone surveillance, the platform explicitly lists cryptocurrency-related services, which in this context almost certainly involves facilitating theft or large-scale fraud involving digital assets. Service listing and contact information of the Darkhub site (Source – Oasis Security) Crypto fraud is one of the fastest-growing areas of cybercrime, and platforms like Darkhub lower the barrier to entry for people with no technical background. By offering these capabilities as a paid service, the platform makes it possible for anyone to commission a digital crime. Its contact channels include a Telegram handle and a ProtonMail address, keeping interactions deliberately anonymous. Service offerings displayed on the Darkhub site (Source – Oasis Security) The inclusion of “recover stolen funds” alongside cryptocurrency services is especially revealing. People who have already lost money to crypto scams are among the most vulnerable targets for follow-up fraud, making them ideal marks for a platform openly promising recovery services it may never actually deliver. Infrastructure Exposure and Bulletproof Hosting Links A key finding from the Oasis Security investigation was the identification of a publicly routable IP address tied to Darkhub. Using the dark web intelligence platform Arthur, researchers traced the site’s infrastructure to a U.S.-based hosting provider operating under ASN AS44259. This provider has previously been flagged in third-party reports for exhibiting bulletproof hosting characteristics. Bulletproof hosting providers are known for ignoring abuse complaints, making them a favored infrastructure choice for cybercriminal operations. The provider has also been the subject of an ICANN compliance notice related to phishing-related domain abuse, and its marketing materials reportedly emphasize permissive content policies, which is precisely the kind of environment dark web operators seek out. The IP address associated with Darkhub has not always been stable. Historical data shows it changed multiple times before settling at its current value as of January 12, 2026. Whether those changes reflect provider migrations or operational adjustments remains unclear. Organizations monitoring dark web threats should treat any traffic linked to this infrastructure with serious caution. Type Indicator Description Onion URL 7comssbegmmbxdi7nu7obids2urmkqnmxao5ojbesga3hxmns2yjnxqd.onion Darkhub hacking-for-hire Tor hidden service address IP Address 38.127.***.*** Public IP address associated with Darkhub backend infrastructure ASN AS44259 Autonomous System Number for ULTAHOST, the identified hosting provider Email darkhubhackers@protonmail.com Operator contact email advertised on the Darkhub platform Telegram Handle @DarkHubs0 Operator Telegram contact advertised on the Darkhub platform Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM. Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Tushar Subhra Dutta Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics. Trending News WordPress Plugin Hacked Since 2020 to Inject Malicious Code Silently Bluekit Phishing Kit Automates Domains, 2FA Lures, and Session Hijacking in One Panel Remus Infostealer Uses Lumma-Style Browser Key Theft and Application-Bound Encryption Bypass New MajorDoMo RCE Vulnerability Exposes Servers to Code Execution Attacks Critical Weaver E-cology RCE Vulnerability Actively Exploited in Attacks Latest News Cyber Security News QLNX Targets Developers With Credential Theft Designed for Supply Chain Compromise Cyber Security News Member of Prolific Russian Ransomware Group Sentenced to 102 Months in Prison Cyber Security News Argo CD’s ServerSideDiff Vulnerability Enables Kubernetes Secret Extraction Cyber Security News Taiwan High Speed Rail Hacked Using Radio Signal Spoofing Attack That Halted Three Trains Cyber Security News New MajorDoMo RCE Vulnerability Exposes Servers to Code Execution Attacks