• DPMC Moderators: thegreenhand | tryptakid
  • Drug Policy & Media Coverage Welcome Guest
    View threads about
    Posting Rules Bluelight Rules
    Drug Busts Megathread Video Megathread

Silk Road 2.0 'Hacked' Using Bitcoin Bug, All Its Funds Stolen

R

RTrain

Bluelighter
Joined
Mar 4, 2012
Messages
1,935
http://www.forbes.com/sites/andygre...acked-using-bitcoin-bug-all-its-funds-stolen/

Silk Road 2.0 'Hacked' Using Bitcoin Bug, All Its Funds Stolen
9 comments, 4 called-out
Comment Now
Follow Comments

The same bug that has plagued several of the biggest players in the Bitcoin economy may have just bitten the Silk Road.
Five Men Arrested In Dutch Crackdown On Silk Road Copycat Andy Greenberg Andy Greenberg Forbes Staff
Bitcoin Investors Ask For 'Safe Harbor' Exceptions In Proposed 'BitLicense' Regulations Andy Greenberg Andy Greenberg Forbes Staff

On Thursday, one of the recently-reincarnated drug-selling black market site’s administrators posted a long announcement to the Silk Road 2.0 forums admitting that the site had been hacked by one of its sellers, and its reserve of Bitcoins belonging to both the users and the site itself stolen. The admin, who goes by the name “Defcon,” blamed the same “transaction malleability” bug in the Bitcoin protocol that led to several of the cryptocurrency’s exchanges halting withdrawals in the previous week.

“I am sweating as I write this… I must utter words all too familiar to this scarred community: We have been hacked,” Defcon wrote. “Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.”

Just how many bitcoins were stolen wasn’t included in the post, although it listed a series of Bitcoin addresses that the Silk Road administrators believe to have been involved in the heist. Those transactions seem to point to a single Bitcoin address that contains 58,800 coins, worth more than $36.1 million at current exchange rates. But tracing Bitcoin’s pseudonymous transactions is always tricky–other estimates range from 41,200 by a Silk Road user and 88,000 by the Bitcoin news site.

Update: Nicholas Weaver, a researcher at the International Computer Science Institute, estimates the total theft of Silk Road’s bitcoins at a much lower number: just 4,400 or so coins, worth around $2.6 million.

Based on the Silk Road’s data about the attack, the site’s staff point to three possible attackers, two in Australia and one in France. “Stop at nothing to bring this person to your own definition of justice,” Defcon writes.

Silk Road’s users, predictably, didn’t take the announcement at face value, and many instead suspect that the site’s staff have used the “transaction malleability” bug as a scapegoat to cover their own incompetence–the site has been plagued with more pedestrian bugs since launching in November–or even that they’ve run off with the users’ bitcoins themselves. “Transaction malleability,” after all, has been a known issue with Bitcoin for two years, and is described by most Bitcoin security experts as more of a major nuisance than a real threat that would allow funds to be stolen.

“Something’s not correct: The bug…can’t be made responsable if bitcoins are missing now!” writes a user named pathfinder.

“Oh, this is rich. How many users called for the shutdown of SR2 to fix the problems? They were ignored,” writes a user named aqualung on the site’s forums. “Admins did this. Not some vendor.”

Defcon denied those accusations, but took full responsibility for allowing the theft. “I didn’t run with the gold,” he writes. “I have failed you as a leader, and am completely devastated by today’s discoveries…It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.”

The hack is just latest in a series of mishaps, crackdowns and scams that have roiled the “dark web” drug market since the shutdown of the original Silk Road anonymous drug site in October by the FBI. Among the more than half dozen sites that have sprouted to pick up Silk Road’s lucrative stream of Bitcoin-based drug transactions, at least three have run off with the users’ funds and two have shut down after being hacked. Several drug site administrators have also been arrested, including three former Silk Road staffers and five men in the Netherlands and Germany who launched their Silk Road copycat, Utopia, earlier this month.

Amidst that chaos, the relaunched Silk Road has been perhaps the most stable and popular marketplace for drugs and other contraband, with over 13,000 product listings at last count. And its hacking and sudden bankruptcy shakes the anonymous ecommerce community more than any of those other dark web eruptions.

While some Silk Road users wrote on the site’s forums that they planned to take their business to other marketplaces like Pandora and Agora, others declared the Silk Road model altogether dead. All the sites currently keep users’ bitcoins in “escrow” before a transaction is complete to prevent fraud, a model that often allows the funds to be stolen, seized.

Defcon ended his message to the site’s users by announcing that the Silk Road will no longer use an escrow, and will instead ask users to send money directly between buyers and sellers, a model that will no doubt lead to many more scams on the site. But he said that the site will move to so-called “multi-signature” transactions, a largely experimental use of Bitcoin that would require multiple users to “sign off” on a transaction before it’s made. That means a third party could serve as a trusted escrow with no way to steal a user’s funds. He promised a “generous bounty” to anyone who could help Silk Road to implement the change.

“Silk Road will never again be a centralized escrow storage,” Defcon writes. “Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.”
Click to expand...

And...........Boom goes the dynamite
 
Alot of comments flying around that it was an inside job and not relating to any vulnerability in the Bitcoin protocol at all. Of course I know nothing tho.

I find it hard to believe people still trust or use this site tho.
 
from a link off that article -

Five Men Arrested In Dutch Crackdown On Silk Road Copycat

The Silk Road anonymous black market for drugs thrived for two and a half years before it was taken down by the FBI and its alleged creator arrested in October. Its most recent copycat had a much shorter lifespan online: Nine days.

Prosecutors in the Netherlands have announced the arrest of five men in association with a Silk-Road style Bitcoin-based drug market called Utopia, in a case that reads like a replay of the Silk Road story in fast forward. Just over a week after its grand opening earlier this month, the Utopia site’s servers were seized in the German cities of Bochum and Dusseldorf. Three men in the Dutch cities of Enschede and Utrecht and the German city of Bad Nauheim were arrested in the past two days by Dutch and German police and accused variously of trafficking in drugs and weapons on Utopia and the longer-running but currently offline site Black Market Reloaded.

The fifth man, according to prosecutors, was arrested on his way to Germany in possession of cocaine, hashish ecstasy and amphetamines. And echoing the American case against alleged Silk Road creator Ross Ulbricht, he’s been accused of attempted murder as well, after prosecutors say he sent a deposit for a paid assassination to an undercover law enforcement agent. None of the men were named in the prosecutors’ statement.

The operation dubbed “Commodore” by prosecutors also seized about 900 bitcoins from suspects, worth about $596,000 at current exchange rates.

Like the Silk Road, both Black Market Reloaded and Utopia used the anonymity software Tor to hide both their location and their users, and accepted only Bitcoin to avoid evidence of financial transactions. “The illegal and highly accessible nature of these websites with digital payments in bitcoins makes them very socially undesirable and create a serious distortion of the law,” reads the prosecutors’ statement in Dutch. They call their operation “a clear message to anyone who thinks they may commit crimes with digital anonymity.”

Based on the prosecutors’ statement alone, it’s not clear which if any of the arrested suspects are administrators of Utopia or Black Market Reloaded, as opposed to mere vendors or buyers of contraband on those sites. According to the prosecutors’ statement, police have been tracking the suspects since early 2013, long before Utopia was created. Black Market Reloaded, by contrast, has been online for more than two years, but was taken down by its owner, who goes by the name Backopy, in early December.

I’ve reached out to the Dutch prosecutor’s office for more information, and I’ll update this post if I learn more.

Though the arrests represent another blow to the “dark web” of black markets pioneered by Silk Road, Utopia was only one of at least half a dozen similar sites that have sprouted in recent months, with names like The Marketplace, Agora and Pandora. The Silk Road 2.0, a direct sequel to the original Tor- and Bitcoin-based marketplace, is likely the most popular of those sites, with close to 13,000 mostly-illegal product listings.

Silk Road users were mostly nonplussed by the news. “Damn all this market closure is f–king annoying,” wrote one user on the Silk Road forums. “Never even heard of this one,” wrote another.

Cont -

http://www.forbes.com/sites/andygre...sted-in-dutch-crackdown-on-silk-road-copycat/
 
^Yeah that was just yesterday, apparently a newer site that must've been ran by some real amateurs because they got pinched pretty quick

There seems to be a lot of confusion regarding the whole silk road 2.0 story. Like a 50/50 split on people saying its what happened to Black Market Reloaded (hacker stole loads of bit coins) or what happened at Sheep Marketplace (the operators of the site emptied the accounts to themselves and closed up shop). Eventually I think it will be pretty clear as to what happened. They are not even really clear as to exactly how much money. Whether it was every penny form everyone's account, a large amount of people's accounts or just the money stuck in between accounts in escrow.

Well all I know is someone has a lot of bitcoin to launder right now.
 
On the whole BC bug - saw this before, made me laugh

http://www.crikey.com.au/2014/02/14/kim-coindashian-how-bitcoin-is-going-the-way-of-the-tulip/

Bitcoin has reached an important milestone. The digital currency is renowned, or rather infamous, for its dramatic speculator-driven price surges. Only this week, its value plunged from US$700 to US$540 when a key exchange discovered a software flaw that could allow thieves to withdraw twice the correct amount — and not that long ago it was up at the US$1200 mark. Well, now bitcoin has been linked to another notorious source of irrational speculation: tulips.

Thanks to a start-up flower-seller called BloomNation, you can now buy tulips with bitcoin. We’ve built the whole thing now, folks. We can all go home.
Click to expand...
 
Of course it has nothing to do with Bitcoin itself. There is no flaw in the protocol itself, it's 100% fault of the clowns who ran the new silk road.

It will take many years before there is a solid, trustworthy black marketplace again.
 
Question.. have they even figured out who created the BC.. if not then couldn't this flaw have been programmed in since its inception?
 
Yeah, its known who created btcs...i believe he is a japanese guy, but have no idea about this problem its having.

*edit* i apologize..he is unknown..he just goes by an alias...Satoshi Nakamoto
 
Could it be that "Satoshi Nakamoto" has a whole ton of "has a lot of bitcoins to launder right now"?. My bit coins are on this..

NSFW:
 
bluespeed said:
Of course it has nothing to do with Bitcoin itself. There is no flaw in the protocol itself, it's 100% fault of the clowns who ran the new silk road.

It will take many years before there is a solid, trustworthy black marketplace again.
Click to expand...

I believe if Backopy were to reopen a site it would be fine..i think he is an trustworthy person (as far as unknowns on the internet go) and has earned the respect of many.

As far as "Utopia" goes, its origin had some ties with some of the moderators from BMR.
 
bluespeed said:
Of course it has nothing to do with Bitcoin itself. There is no flaw in the protocol itself, it's 100% fault of the clowns who ran the new silk road.

It will take many years before there is a solid, trustworthy black marketplace again.
Click to expand...

What are you talking about? Mt. Gox just suffered the same kind of attack. Its perfectly possible. Its also very possible that it was an inside job. Right now nobody knows with any amount of certainty.
 
^My thinking is, if/when they open the site back up, its going to depend on whether everyone's accounts are basically cleaned out of btc or if not. Because if not a penny is left in anyone's account, I think it is the inside job. If just the money floating in the escrow system was taken, then the hack situation seems more plausible. It really seems unclear as to what the exact amount stolen was.
 
Yeah, can't really see an 'underground' drug marketplace on the deep web achieving success in the near future, ever since last October these sites have been fucking around big time...either they're getting pinched or unceremoniously taking the money from their customers and running...the irony is how much this sounds exactly like what happens in open air drug markets in the U.S., lol...except the internet's much more experimental.

The question for me is whether or not any of these drug marketplaces can have sustained success for a few years in a row like the original Silk Road did as long as drug prohibition is still being enforced internationally.
 
Who didnt see this one coming lol

Damn seems like tor markets are judt 100% unstable now. That being said atleast its not the custos being Locke up.

Bet it was an inside job as well seems a common theme now to start up a site wait till its running good and jump ship.
across the forum regulars saw this one coming as things were getting sketchy.

Fucking lame they put all the over still running markets on blast. This is definitely not the kind of attention any of these markets want.
 
You must log in or register to reply here.
Top