Hackers are no longer caught by IP — but by forgotten darknet logins from five years ago.
Swiss cybersecurity company Prodaft has launched a new initiative called "Sell your Source", aimed at purchasing verified, long-standing accounts on hacker forums. The goal is to use these accounts for espionage within cybercriminal communities and to gather intelligence.
According to company representatives, Prodaft specializes in infiltrating the infrastructure of criminal groups, studying their behavior, tactics, and tools. This enables them to identify threats early and help prevent cyberattacks. Much of this research occurs on the darknet, in underground forums and shadowy marketplaces where conventional monitoring methods are ineffective. To bypass these limitations, Prodaft decided to buy access directly — through old user accounts.
The company is interested in accounts from platforms like XSS, Exploit.in, RAMP4U, Verified, and Breachforums. Moderator or admin-level accounts are especially valuable. However, there are strict requirements: the accounts must have been created before December 2022, must not have been involved in criminal activity, and must not be listed in law enforcement databases. If an account is flagged by the FBI or other agencies, it will not be purchased.
Prodaft claims the account transfer process is anonymous. While the company does pledge to inform authorities about the transaction itself, it promises not to disclose any sensitive information. Sellers can initiate contact via TOX or email, where they submit details for an initial review. Once approved, Prodaft makes a purchase offer based on forum, access level, and account activity. Payment is made in cryptocurrency — Bitcoin, Monero, or another of the seller’s choice.
Interestingly, Prodaft began advertising the program directly within criminal circles. They used an old account on the Russian-language XSS forum to spread the word about their account buyout campaign.
Prodaft is known for its aggressive infiltration tactics against cybercriminal groups. One notable case involved penetrating the infrastructure of the FIN7 hacker collective. Researchers gained access to an automated attack platform that exploited Microsoft Exchange vulnerabilities and SQL injections to breach corporate networks. As a result, they were able to alert over 8,000 potentially compromised organizations, helping to prevent the spread of ransomware and other malware.
Now, Prodaft appears to be expanding its capabilities: by using purchased darknet accounts, it aims to delve even deeper into the digital underground — and perhaps expose new criminal operations before they escalate into major threats.