Most cryptocurrency enthusiasts will remember the Shadow Brokers. The hacker collective has been making a lot of headlines over the past few months. Not too long ago, it started selling major exploits through a monthly subscription service, and appears to have made around US$90,000 from doing so. The information below comes from an anonymous researcher and should be taken with a grain of salt accordingly.


The Shadow Brokers are reaping the benefits of its monthly subscription service. Selling powerful exploits to criminals all over the world in exchange for a monthly contribution makes a lot of sense for all parties. So far, this venture has proven pretty lucrative for the group, although they had earlier struggled to auction off their exploits. This monthly subscription has resulted in close to US$90,000 in income so far. There was no guarantee of success when they originally announced their new business model.

The switch to this monthly service was announced in June of 2017. It involves distributing exploits for IoT devices, browsers, and operating systems, among other things. The cybercrime industry will continue to grow for quite some time to come. This is especially true now that criminals have an easier time getting their hands on different tools. This subscription service is not cheap by any means, but it seems plenty of people are willing to pay for it regardless.

According to information provided by an anonymous researcher, people are willingly paying for NSA malware. Such exploits and malware are potent and thus worth the coin. Indeed, they are one of the reasons why attacks such as BrickerBot and WannaCry have proven so successful. All of the money generated by this monthly subscription service has been paid in Monero, a far more anonymous currency compared to Bitcoin.

A total of five subscribers have been identified by the security researcher. He discovered five email addresses that had subscribed to the Shadow Brokers’ monthly service. He also successfully decoded the Monero payment ID for these users, which seemingly contains the email addresses in question. That is quite interesting, although it does not indicate that there is a way to link Monero user identities to transactions directly. Rather, subscribers had been asked to include a delivery email address when subscribing.

One of these five subscribers has written a blog post documenting this monthly dump service. As it turns out, the quality of exploits received in exchange for the money spent is not quite up to par. The user wrote that they felt “ripped off” and that it seemed the tools delivered were either fixed or no longer useful in general. If that is the case, this monthly subscription service will not be around for much longer. Then again, no other users have voiced any complaints to date.

Single reports such as this one always need to be taken with a healthy degree of skepticism. After all, one subscriber going public about the service to complain does not necessarily prove anything. The US$90,000 in revenue seems to hint at a proper service having been set up by the Shadow Brokers. There have always been a lot of questions regarding the validity of these exploits and the claims made by the hacker collective. It will be interesting to see whether or not they earn more money from this service in the coming months.