Submit News All Crypto News

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Category: General

I am sweating as I write this.
Christmas brought grave news. I cannot adequately express how deeply honored I was by your unconditional support of my staff.
I do not expect the same reaction to today’s revelations. This movement is built on integrity, and I feel obligated to be forthright with you.
I held myself to a high standard as your leader, yet now I must utter words all too familiar to this scarred community:
We have been hacked.
Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.
Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.
This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.
In retrospect this was incredibly foolish, and I take full responsibility for this decision.
I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.
I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice. More details will emerge as we continue to investigate.
Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward.
It takes the integrity of all of us to push this movement forward. Whoever you are, you still have a chance to act in the interest of helping this community. Keep a percentage, return the rest. Don’t walk away with your fellow freedom fighters’ coins. DPR2 returned the cold storage. I didn’t run with the gold. But two people alone cannot move us forward. It takes an entire community committing to integrity – and though this crushing blow will not stop us, it sure is a testament to how greedy some bastards truly are.
Being a part of this movement might be the most defining thing you do with your entire life.
Don’t trade that for greed, comrades.
I will fight here by your side, even the greedy bastards amongst us.
This community has suffered great financial loss over and over again, and I am devastated that it has happened again under my watch.
Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.
The only way to reverse a community’s greed is through generosity. Our true character is revealed during trying times.
If this financial hardship places you at risk of physical harm, contact me directly and I will do my best to help you with my remaining personal funds.
Now what.
Never again store your escrow bitcoins on a server.
Silk Road will never again be a centralized escrow storage.
This week has shown the collateral damage we can cause by being a huge target and failing in just one unforeseen area.
I am now fully convinced that no hosted escrow service is safe.
If I cannot trust myself to keep a hosted escrow solution safe, I cannot trust anyone.
Multi-signature transactions are the only way this community will be protected long-term.
I am aggressively tasking our devs on building out multi-sig support for commonly-used bitcoin clients. Expect a generous bounty if you have the skill to implement this.
Until then.
1. We will never again allow ourselves to be a single point of failure. We will never again host your Escrow wallets.
2. Vendor registration is closed while we regroup.
3. All listings on Silk Road are now No-Escrow (Finalize-Early) for 1-2 months while we implement multi-signature transactions and lobby for mainstream Bitcoin client multi-sig support.
4. All unshipped orders have been cancelled.
5. Vendors may link to other marketplaces on a trail basis until we launch multi-sig, then we will re-evaluate based on community input. We do not want to be a centralized point of failure, but we also do not want to lead our buyers into dangerous waters.
6. From this point forward DO NOT trust markets with centralized escrow. Use multi-signature transactions whenever possible, with trusted third parties as escrow providers.
Everything will be offline for 24-48 hours to minimize variables as we continue to investigate. The evidence we have below will be expanded based on our findings.
- ——————
No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize.
We are relieved that our security procedures protected user identities, and that no servers were compromised. This was not a worst-case scenario: nobody will be getting arrested from this. Financial loss is terrible, but will not put all of us behind bars.
The details we have on the hacker are below. Stop at nothing to bring this person to your own definition of justice.
Humbled and furious,
Defcon
- ——————
# Attacker Intel as of 2014-02-13 18:00:00 UTC
We normally do not doxx anyone, and hold user information sacred. But this is an extreme situation affecting our entire community, and all three users who have exploited this vulnerability are very much at risk until they approach us directly to assist with any information.
Do not reveal any details of the attack. This will jeopardize your reward. Contact us directly.
If anyone has purchased or sold to these usernames, expect generous bounties for any information you can contribute which leads to identification.
# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:
narco93
ketama
riccola
germancoke
napolicoke
smokinglife
Transactions listed at bottom of this file. Finding Attacker 1 is top priority.
# Attacker 2: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
LethalWeapon – Australia – “stumbled upon” large amount of BTC
# Attacker 3: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
mrkermit – Australia
# Theft Withdrawal Transactions and historical withdrawals by Attacker 1
address,txid_cleaned
{Here some big list of withdrawal addresses with the stolen bitcoins}
=====End Quote====


Contact
more info:
http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/
Share on Facebook Share on Twitter Share on Whatsapp Share on Reddit


Cryptocoin News RSS


Heads Up Investors! The Pre ICO Sale Of Pieta is Live: Join & Buy Tokens Now
Pieta, which is the world’s first coin that seeks customer’s interest more than its own interest, is proud to announce the first official sale of its tokens. Pieta’s mission is to increase the use of clean solar energy in blockchain mining to reduce the cost of mining and make it more feasible and a

Started From 15 January, Pieta (PITC) ICO (Pre-sale) Is Live (Running Successfully)
The pre-sale of Pieta token (PITC) which started from 15 January is now running successfully. In just 5 days, a major part of the target fund has been raised and most of the tokens have already been sold. It is obvious that Pieta project has instantly become famous in the industry and among the pote

Pieta (PITC) Pre Sale is Live Now: The Earlier You Buy Pieta Coins, The More Benefits You Get
Pieta (PITC) Pre Sale is Live Now. 100,000 PITC tokens are for sale during this one month long Pre Sale period which ends on Feb 14, 2019. The price for one Pieta Token during the Pre-sale period has been pegged at $2. Dogecoin, Bitcoin are two acceptable payment methods. Pieta is a blockchain ecosy

Important things you need to know (and understand) about DCI
One of the DCI, or DigitalCryptoInvest primary objectives is to allow new start-ups, existing businesses seeking for investment to connect with investors in an open and transparent ecosystem accessible by all its users. One important thing you should know and understand about the DCI ecosystem is

NXT-ID (NASDAQ: $NXTD) Subsidiary FitPay® to Begin Shipments of Flip - a Contactless Payment Device for Bitcoin
Crypto News: NXT-ID (NASDAQ: $NXTD) Subsidiary FitPay® to Begin Shipments of Flip - a Contactless Payment Device for Bitcoin Contactless payment instrument funded with value exchanged from cryptocurrency shipping February 13 SEBASTIAN, Florida - January 11, 2019 – (Investorideas.com Newswire)

Airtoto End Of Pre Sale | Just One Day Left To Earn Big!
One of the most famed ICOs this year, Airtoto is renowned for its unique blockchain-based lottery system which allows users to play lottery games in a fair and transparent way. The Airtoto tokens first up went on sale in December 2018 which turned quite successful in a bid of investment. In its n

Introducing Era Swap Wallet: A Secure Platform for storing your Digital Assets
Any digital asset may have been introduced as a highly secure digital currency but that doesn’t make it immune to hacking. In fact, digital assets are being constantly haunted by hacks and scams ever since they were introduced a decade ago. To note about digital asset hacking is that hackers targ

Introducing Blocklogy - A Comprehensive E-learning Platform for Blockchain Enthusiasts
Summary: Blocklogy is a dedicated blockchain e-learning platform on the Era Swap ecosystem that is designed in collaboration with Kmpards, the organization behind the funding of Era Swap. Blocklogy is a blockchain e-learning platform on the Era Swap ecosystem that is designed in collaboration wit

Airtoto Pre-ICO Running Successfully. Invest Now to reach your Goals!
The pre-ICO sale of Airtoto has started with a bang and now successfully running in its fourth day. The first three days of the sale were quite fulfilling as we move towards achieving our funding goal while helping investors reach their own investment goals. Do you also have a goal to earn big by in

Airtoto Pre Sale is Live Now: Buy Now To Get Amazing Benefits
The first official sale of Airtoto tokens (ATT) has started now. The ICO I stage (private + pre sale) will be held from 15 December 2018 to 29 December 2018. To attract new buyers and speed up the sale process, the company is offering a limited-time bonus of 20% along with a discount on the price fo

Contact: daniel@coincrunch.com Submit News RSS