- ‘Zola’ is a surreal and wild tale of a road trip gone wrong 5 Years Ago
- Sebastian Gorka blocks pundit over Fleshlight joke Today 1:56 AM
- Woman slammed for trying to put UPS driver on blast Sunday 5:23 PM
- Twitter users are sharing which celebrities have blocked them Sunday 4:43 PM
- Conspiracy theorists are already taking advantage of Kobe Bryant’s death Sunday 4:14 PM
- Adam Driver returns to ‘SNL’ as Kylo Ren to reprise role in ‘Undercover Boss’ parody Sunday 3:46 PM
- White men are raging over ‘SNL’s’ white male rage skit Sunday 3:05 PM
- Kobe Bryant dead at 41 Sunday 2:24 PM
- Pete Buttigieg mocked over ‘staged’ walking photo Sunday 12:22 PM
- Louise Linton deletes pro-Greta Thunberg Instagram post Sunday 10:58 AM
- ‘Crip Camp’ shows how a radical summer camp was monumental to the disability rights movement Sunday 9:08 AM
- How to live stream the 2020 Grammy Awards Sunday 7:00 AM
- Technology created deepfakes—does it have a way to stop them, too? Sunday 6:30 AM
- SESTA-FOSTA is ‘detrimental’ to sex workers’ safety, study confirms Sunday 6:00 AM
- Jeff Bezos’ girlfriend allegedly sent his nudes to her brother, who then leaked them Saturday 6:38 PM
Laziness and profits trump security on the Dark Net
They didn’t have to lose $12 million.
The victims of the biggest Dark Net theft in recent history didn’t have to lose $12 million.
This week, the owners of Evolution Market took every bitcoin in the black market’s systems and ran. Drug dealers are owed, drug users are out, and what was once the heart of the online black markets is now a smokey crater.
The vendors and buyers could have easily prevented the heist. But they didn’t.
The technology to prevent such a theft exists. It’s called multi-signature transactions, and it means that no single person can steal bitcoins without consent. The Daily Dot first wrote about it in 2013, before Evolution existed. After the death of Evolution, the biggest Dark Net market is now Agora. It’s doing millions of dollars of business in the drug trade thanks to thousands of customers. It doesn’t offer multi-signature transactions.
Over the past few years, numerous Dark Net marketplaces have enabled the safeguard, including Evolution. Problem was, Evolution made multi-signature transactions entirely voluntary. Vendors and buyers would have to agree to use the system, which requires two out of three parties—buyer, seller, and market owner—to approve a transaction before any money changes hands.
The added security also added an extra step to the process of buying and selling on these black markets—a minor security speed bump that, despite the Dark Net’s long history of multi-million-dollars thefts and seizures, few Evolution users put even an inch above profits or sheer laziness.
Dark Net theft was born on Silk Road, once the largest black market the Internet had ever seen.
In 2012, one year after Ross Ulbricht created Silk Road, a drug dealer named Tony76 pulled off a grand caper that still gets talked about today. On 4/20, the weed holiday, Tony advertised a sale with massive savings. Tony was already the most successful vendor on Silk Road, so the first-ever Silk Road sale meant a firehose of cash flew his way from customers excited to get high on the cheap.
No one is sure exactly how much Tony stole in just a few short days in April 2012, but the number could have hit $250,000.
And thus, Tony invented the “exit scam.”
The con is simple on Dark Net markets because the same anonymity that protects legitimate buyers and sellers from police also protects thieves from repercussions.
The exit scam goes like this: An anonymous drug dealer or black market owner sells masses of product, building up trust and big business. Trust is everything on the Dark Net. With trust comes money.
At some point, they stop delivering the product but continue to accept the cash. When someone finally figures out the jig is up, it’s only a matter of time before the scammer disappears with a fat Bitcoin wallet and little chance of being caught by anyone.
It’s easy and tempting, which is why it’s happened over and over again. When police seized millions from Silk Road in 2013 (and its sequel in 2014), the same thing happened from a technical perspective. Were multi-signature transactions in place, however, Tony, the FBI, or the owners of Evolution would have been unable to make off with the digital loot.
Multi-signature was first implemented after another multi-million dollar heist in 2013, which led to the beginning of its slow adoption. However, it’s never been mandatory on the major markets, so everyone tends to skip it because it’s just another step they’d rather avoid. Having the patience to go through strong and tedious security protocol every day is beyond most of us, including even Dark Net drug dealers, apparently.
Easy beats secure every time.
And yet, the tides may be changing. OpenBazaar, a decentralized and censorship-resistant marketplace currently in development, might solve the problem through requiring multi-signature transactions. The developers there have recognized how crucial this feature is since development began a year ago.
Someone will find a new way to steal—but it likely won’t be quite so easy.
Image via Colin Davis (CC BY 2.0) | Remix by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.