More Bad News for Bitcoin: Silk Road II Hacked, Bitcoin Stolen

So reports Andy Greenberg of Forbes
, the reporter so
tied in that original Silk Road operator Dread Pirate Roberts or
someone pretending to be him
actually talked to him

On Thursday, one of the recently-reincarnated drug-selling black
market site’s administrators posted a long announcement to the Silk
Road 2.0 forums admitting that the site had been hacked by one of
its sellers, and its reserve of Bitcoins belonging to both the
users and the site itself stolen. The admin, who goes by the name
“Defcon,” blamed the same “transaction malleability” bug in the
Bitcoin protocol that led to several of the cryptocurrency’s
exchanges halting withdrawals in the previous week.

“I am sweating as I write this… I must utter words all too
familiar to this scarred community: We have been hacked,” Defcon
wrote. “Our initial investigations indicate that a vendor exploited
a recently discovered vulnerability in the Bitcoin protocol known
as “transaction malleability” to repeatedly withdraw coins from our
system until it was completely empty.”

Just how many bitcoins were stolen wasn’t said in the post,
although it listed a series of Bitcoin addresses that the Silk Road
administrators believe to have been involved in the heist. Those
transactions seem to point to a single Bitcoin address that
contains 58,800 coins, worth more than $36.1 million at current
exchange rates. But tracing Bitcoin’s pseudonymous transactions is
always tricky–other estimates range from 41,200 by a Silk Road user
and 88,000 by the Bitcoin
news site

Update: Nicholas Weaver, a researcher at
the International Computer Science Institute, estimates the total
theft of Silk Road’s bitcoins at a much lower number: just 4,400 or
so coins, worth around $2.6 million.

In a public announcement perhaps less than circumspect given
that Ross Ulbricht, in jail for allegedly being the original
manager of Silk Road, is facing charges or arranging murders (that
never happened):

Based on the Silk Road’s data about the attack, the site’s staff
point to three possible attackers, two in Australia and one in
France. “Stop at nothing to bring this person to your own
definition of justice,” Defcon writes.

Some wonder if the new Silk Road people aren’t covering for
their own problems:

Silk Road’s users, predictably, didn’t take the announcement at
face value, and many instead suspect that the site’s staff have
used the “transaction malleability” bug as a scapegoat to cover
their own incompetence–the site has been plagued with more
pedestrian bugs since launching in November–or even
that they’ve run off with the users’ bitcoins themselves.
“Transaction malleability,” after all, has been a known issue with
Bitcoin for two years, and is described by most Bitcoin security
experts as more of a major nuisance than a real threat that would
allow funds to be stolen.

Reason on Silk Road, and
on Bitcoin

The cryptocurrency has been so shaken by this news and other
recent problems that it has
only more than tripled in value
in the past five months, for
some perspective on the past week’s USD price dive.

from Hit & Run

Leave a Reply

Your email address will not be published.