- Everyone loves Q baby, the baby who apparently supports QAnon 5 Years Ago
- Thread about ‘depression meals’ is inspiring lots of relatable answers Today 9:36 AM
- How long is ‘Avengers: Infinity War’? Today 9:30 AM
- Rand Paul ripped for halting 9/11 Victim Fund re-authorization bill Today 9:18 AM
- Here’s what’s coming and going on Hulu in August 2019 Today 7:00 AM
- ‘Game of Thrones’ creators drop out of Comic-Con at last minute Today 6:38 AM
- Inside Britt McHenry’s war on women Today 6:30 AM
- The glorious highs and unexpected quirks of 4K streaming Today 6:00 AM
- Southwest Airlines passengers receive free Nintendo Switch consoles and Mario Maker 2 Wednesday 9:10 PM
- The Deplorable Choir drops diss track aimed at 4 congresswomen from Trump’s racist tweets Wednesday 8:09 PM
- Florida city is pushing homeless people out by playing ‘Baby Shark’ on a loop Wednesday 7:27 PM
- A ‘Gossip Girl’ reboot is coming to HBO Max–and fans are not happy with the casting details Wednesday 6:44 PM
- Beto can’t leverage his slave owner ancestry to gain Black voters’ trust Wednesday 5:51 PM
- Oakland to become the third U.S. city to ban facial recognition Wednesday 5:50 PM
- ‘Release the Snyder Cut’ billboards pop up outside of San Diego Comic-Con Wednesday 5:24 PM
Estimates of loses exceed $54 million USD.
The operators of Silk Road 2, an online Deep Web marketplace that can only be accessed through the anonymous web browsing system Tor, has been hacked. The attackers reportedly made out with millions of dollars worth of Bitcoins, all of the users’ funds that the site’s operators had been holding as part of transactions.
It’s been estimated that somewhere in the neighborhood of 88,000 bitcoins were stolen as a result of the attack. At the current market price, that haul is valued at approximately $54 million USD. However, Nicholas Weaver, a researcher at the International Computer Science Institute told Forbes that the amount of bitcoins stolen is likely closer to $2.6 million USD.
Silk Road 2 was launched last November, shortly after the original Silk Road was shut down by law enforcement authorities and its alleged mastermind, Ross Ulbricht, was arrested in San Francisco.
In an message posted to the Silk Road’s internal forum on Thursday, the site operator, who goes by the pseudonym Defcon, recounted the situation:
Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty….This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage. In retrospect this was incredibly foolish, and I take full responsibility for this decision.
The issue of transaction malleability is one that’s thrown the entire Bitcoin community into chaos in recent days. According to Coindesk, ?it’s an attack that lets someone change the unique ID of a bitcoin transaction before it is confirmed on the bitcoin network. The change makes it possible for someone to pretend that a transaction didn’t happen, if all the right conditions are in place.”
Conducted on a mass scale, as occurred earlier this week when an unknown entity used the technique to launch a coordinated denial of service attack on a number of Bitcoin exchanges around the world.
The attack caused MtGox, the single most high-profile Bitcoin exchange in existence, to temporarily halt all withdrawals until the issue of transaction malleability was dealt with. Others exchanges, such as the Slovenia-based Bitstamp, have followed suit.
In his or her note, Defcon admitted that the fault for the hack attack lays at the feet of the site’s operators. ?I have failed you as a leader, and am completely devastated by today’s discoveries,” Defcon wrote. ?I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.”
Defcon wrote that there are currently efforts underway to track down the thief.
Even so, there are some who question Defcon’s version of events. In a post to Reddit’s r/Bitcoin forum, wrote a post charging that, ?it is clear that Silk Road 2 funds were stolen by the operators.”
Online black markets like Silk Road 2 have long been targets for hackers. Last December, hackers who targeted the online wallets of Sheep Marketplace stole over $100 million in Bitcoin the days before the marketplace shut down entirely.
Illustration by Jason Reed
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.