Pages:
Author

Topic: silk road 2 hacked - page 2. (Read 4651 times)

legendary
Activity: 2156
Merit: 1018
Buzz App - Spin wheel, farm rewards
February 13, 2014, 07:24:22 PM
#32
Re the malleability issue ,  with Gox publishing it so ...publicly, I bet these kind of attacks went up....oh maybe 10,000% ?
sr. member
Activity: 378
Merit: 250
February 13, 2014, 05:14:35 PM
#31

gotta say that occurred to me too  ..... all the hints he was dropping  ....
legendary
Activity: 896
Merit: 1000
February 13, 2014, 05:09:00 PM
#30
no one believes it was an outside job from what I'm reading on the web. These guys better pray they can't be tracked

Even if they did steal it and their identities were published, I don't think any harm will come to them.  Lots of empty threats and that's about it.

If they are identified they wont last a few months.
legendary
Activity: 1153
Merit: 1000
February 13, 2014, 04:54:18 PM
#29
no one believes it was an outside job from what I'm reading on the web. These guys better pray they can't be tracked

They were operating an illegal website, who is going to contact the authorities to track them down.

That is what made the real SR so unique, it was run for a long time without the operator running away with everyone's coins the first chance he got. DPR could have quietly disappeared after 1 year with >100,000 coins, but instead he stuck around and continued to run the service.

In the end this is why DPR got caught as the smart thing to do when running a website where the entire US government is after you is to cut out after making enough and run. The operators of SR 2.0 seemed to have learned the lesson well.
legendary
Activity: 1414
Merit: 1000
February 13, 2014, 04:51:33 PM
#28
Leaving btc on an exchange run by criminals dealing in illegal wares - what could go wrong?
sr. member
Activity: 280
Merit: 250
February 13, 2014, 04:48:10 PM
#27
no one believes it was an outside job from what I'm reading on the web. These guys better pray they can't be tracked

Even if they did steal it and their identities were published, I don't think any harm will come to them.  Lots of empty threats and that's about it.
full member
Activity: 230
Merit: 100
February 13, 2014, 04:43:50 PM
#26
no one believes it was an outside job from what I'm reading on the web. These guys better pray they can't be tracked
legendary
Activity: 1946
Merit: 1006
Bitcoin / Crypto mining Hardware.
February 13, 2014, 04:05:43 PM
#25
wait a second - how the hell would this vulnerability allow withdrawing unlimited amount of bitcoins?

if you withdraw coins and dupe the TX with a wrong hash you are not getting double coins in any way and why would a marketplace then refund the customer? it doesn't make any sense.

if you deposit coins and dupe the TX with a wrong hash then you may see "unconfirmed" coins under your balance that will never get any confirmations.

explain me if I misunderstand anything here
I'm guessing it happened with mutating the tx ids.

User requests withdrawal
Wallet sends funds, user mutates tx
wallet checks tx, cant find it, resends funds or credits user's account.
rinse/repeat

Just a guess, no clue how viable that really would be.
this. but i cannot believe there's no accounting code in the bkground doing daily checks.
hero member
Activity: 1106
Merit: 500
Life is short, practice empathy in your life
February 13, 2014, 04:00:33 PM
#24
So my bitcoin just got rarer now ?

Hackers are not hodlers, but sodlers.
sr. member
Activity: 644
Merit: 250
February 13, 2014, 03:56:32 PM
#23
So my bitcoin just got rarer now ?
sr. member
Activity: 423
Merit: 250
February 13, 2014, 03:51:24 PM
#22
Oh yeah, let's use malleability problem we never heard of before to steal your coins Cheesy

We might hear few of these more.
Cheesy
sr. member
Activity: 280
Merit: 250
February 13, 2014, 03:51:08 PM
#21
legendary
Activity: 1414
Merit: 1000
February 13, 2014, 03:45:11 PM
#20
Maybe it was Steve?
hero member
Activity: 1106
Merit: 500
Life is short, practice empathy in your life
February 13, 2014, 03:41:56 PM
#19
sr. member
Activity: 280
Merit: 250
February 13, 2014, 03:40:43 PM
#18
Wow...
legendary
Activity: 861
Merit: 1010
February 13, 2014, 03:40:08 PM
#17
Reddit users speak about 88,000 coins. Seems serious money got hacked.

http://www.reddit.com/r/Bitcoin/comments/1xtv92/breaking_silk_road_2_hacked_over_88000_bitcoins/
newbie
Activity: 28
Merit: 0
February 13, 2014, 03:37:59 PM
#16
wait a second - how the hell would this vulnerability allow withdrawing unlimited amount of bitcoins?

if you withdraw coins and dupe the TX with a wrong hash you are not getting double coins in any way and why would a marketplace then refund the customer? it doesn't make any sense.

if you deposit coins and dupe the TX with a wrong hash then you may see "unconfirmed" coins under your balance that will never get any confirmations.

explain me if I misunderstand anything here

It wouldn't. However in mtgox's case they had their wallet set to auto approve these requests and were just giving people bitcoins out of their hot wallet that they didn't own. Basically they were giving people attempting to fraud them other people's bitcoins.
sr. member
Activity: 644
Merit: 250
February 13, 2014, 03:36:24 PM
#15
What if Mt.Gox also has no coins ? Maybe that guy just stole all the coins and wants to get out.
hero member
Activity: 1302
Merit: 502
February 13, 2014, 03:34:14 PM
#14
wait a second - how the hell would this vulnerability allow withdrawing unlimited amount of bitcoins?

if you withdraw coins and dupe the TX with a wrong hash you are not getting double coins in any way and why would a marketplace then refund the customer? it doesn't make any sense.

if you deposit coins and dupe the TX with a wrong hash then you may see "unconfirmed" coins under your balance that will never get any confirmations.

explain me if I misunderstand anything here
I'm guessing it happened with mutating the tx ids.

User requests withdrawal
Wallet sends funds, user mutates tx
wallet checks tx, cant find it, resends funds or credits user's account.
rinse/repeat

Just a guess, no clue how viable that really would be.

This.
legendary
Activity: 2268
Merit: 1278
February 13, 2014, 03:32:57 PM
#13
Most people are not tech savvy. They see "flaw in bitcoin!" in the news or hear it from their friends, and scammers like this SR guy use that as a pretext to steal peoples coins, hoping to get away with it.
Pages:
Jump to: