Pages:
Author

Topic: Silk Road 2.0 hacked through malleability, ~4000 BTC STOLEN - page 5. (Read 28439 times)

sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
Come on! How does a malleability attack steal their all coins 'SLOWLY' and they don't notice it until all of them are gone?
They stole the coins themselves and took advantage of the malleability situation as an excuse.

Ok, I'll bite.  In this scenario there are two ledgers.  One is the bitcoin block chain and the second is SR2 escrow service.

The interacton/use case goes like this:

1) Vendor A withdraws some money........
......What SR2 is talking about in the sad message)

Thanks for the detailed explanation. Much appreciated!
legendary
Activity: 1316
Merit: 1000
If you keep your BTC on an illegal goods website run by drug dealers you deserve to get your funds stolen...


what if you purchasing illegal drug for health benefits?
newbie
Activity: 3
Merit: 0
Link & googe cache went dead, but it smells like a scam:

http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Update 2: As the time passes there are more and more suspicions that this was in fact a SCAM by the Silk Road staff – and not a hack, we will post more details about it once, and if we get the full picture.

Update: The amount of BTC that was stolen was calculated by Nicholas Weaver @NCWeaver – Computer Security Researcher, to be around:  4474.266369160003BTC that are with the value of about $2.7 Million.

It was just announced in a post by Defcon the Silk Road administrator (this post will be updated as soon as we get more info) -
Yes, what seemed to be an imaginary situation until not long ago, just became true, the silk road2  – the site who counted to be the security fortress of the deep web just has been hacked with its bitcoin stolen.  as he announced on the sites forums,  we pasted his post here:

[EDIT: link does work again, screenshot removed]

sr. member
Activity: 335
Merit: 250
Come on! How does a malleability attack steal their all coins 'SLOWLY' and they don't notice it until all of them are gone?
They stole the coins themselves and took advantage of the malleability situation as an excuse.

Ok, I'll bite.  In this scenario there are two ledgers.  One is the bitcoin block chain and the second is SR2 escrow service.

The interacton/use case goes like this:

1) Vendor A withdraws some money from SR2 escrow
2) the SR2 escrow sends a payment to the bitcoin P2P network
3) SR2 escrow records the payment's txid in it's database
4) waits for confirm (a miner to include it in the block)
5) before it's confirmed, Vendor A changes the txid (using malleability)
6) Vendor A broadcasts this transaction to the bitcoin network
7) Since, the inputs are the same, bitcoin network code sees this as a double spend
8 ) bitcoin marks the orignal transaction as dead (no miners will include it in a block)
9) SR2 escrow receives notification that the oridinal txid is dead
Note: this where all the websites are changing their code base, like SR2 should have when the bug exploit was discovered>
10)  SR2 escrow credits the vendors account for the "dead" funds, believing they are still in the escrow wallet (escrow ledger is now out of synch)
11)  the malleability transaction gets confirmed by miners
12) Vendor A now owns those bitcoins
13) Vendor A now goes into the SR2 escrow service and requests payment again
14) Vendor A is now at step 1 again and continues until the escrow wallet is no longer able to fulfill withdraw requests
14a) Process complete: SR2 sends out a sad message about their wallet being empty


so yes you can lose BTC with transaction malleability.

How do you defeat this?  

There are several ways:
  • you send a request to the network for transactions on your wallet address and look to see if there are any between you and Vendor A on the network (check that the inputs aren't still in use)
  • Flag the account for human intervention/review when fraud conditions are met
  • Re-use the same inputs, so if there is another transaction (mutant) the network will not allow the double pay
or
  • use multi-sig transactions with the SR2 service acting as the "Oracle" (What SR2 is talking about in the sad message)

legendary
Activity: 2632
Merit: 1023
so this was an indirect gox'd

SR2.0 uses Goxing to use as excuse to get coins.

As far as I can make out malibility doesn't work that way.

Any where sr 2.0 users just got Proxy Gox'd
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
Christ, reading this it's like Occam came to bitcointalk and traded in his razor for a plastic spork.

I don't care what you say, I AM going to steal this quote and use it in the future
 Cheesy
legendary
Activity: 1176
Merit: 1005
Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?

You're basically asking "Why would someone run off with a couple million dollars?" 

Is it really that hard to understand?
full member
Activity: 220
Merit: 100
I've never understood ( assuming the admins do drugs ) why people would be shocked that drug users can't pull it together and run a site. I'm shocked!

People's ignorance and hypocracy about drugs is shocking.  The majority of business owners, entrepreneurs, successful people, drink alcohol at the very least.

Alcohol is a hard drug with a successful marketing machine behind it.

I suppose you're not a drug user at all?  You don't use alcohol, caffeine, nicotene?

Ya ya right ...thats why they all get hacked when your high on your supply shit happens.   Alcohol is not like meth or heroin sorry.

I've used all 3 you mentioned  but none compare to meth or heroin.

The most popular purchases for US Silk Road users are MDMA, LSD, and Marijuana, in that order.  All three of these drugs are less dangerous and addictive than alcohol:

http://qz.com/162021/the-most-popular-drugs-bought-with-bitcoin-on-silk-road/#162021/the-most-popular-drugs-bought-with-bitcoin-on-silk-road/

Meth and heroin didn't even make the list.  Silk Road gets used primarily by intelligent, tech-saavy young adults as a place to procure substances that are less dangerous than alcohol.

There you go . Include  MDMA ,LSD and yes Marijuana. Your fooling yourself if you don't think drugs play a part in the downfall of these sort of things.  All the drugs you mentioned are evenly addictive.  I'm not referring to the users, I'm speaking about the owners of the site and/or the vendors also. These vendors are morons if you ask me and def. high on their own supply. Some of the stuff they do is mind blowing stupid like that Ross Ulbert guy . He made so many mistakes its like amateur hour. You can brush this stuff off, but the reality is drugs FUCK YOUR MIND up.

Jesus christ, what are you 12 years old or something? Any mother fucker who has never done drugs is a fucking loser. Seriously, they are the biggest weirdos on the planet. It is in our nature to get a buzz. Kids spin in circles to do it. People who have done psychedelics have a better grasp/vision of how great and yet how meaningless life on this earth can be. Anybody who never has or never will divulge into a drug is a fucking robot.

But hey, I'll lighten up a bit, it's not your fault. You really had no choice, as your only doing what your brain told you to do (Just a theory of mine :-))
full member
Activity: 220
Merit: 100
Malleability? Hahahaha, the fucking admins stole all of it. What kind of idiot would put money into that website is beyond me.

Why would the already wealthy admins of a darknet site steal a measly 4000 BTC when running the site with its reputation intact would net you 1000+BTC per week?

You don't know how wealthy they are. Fuck, SR 2 has only been up for a short period of time. If 4000 BTC meant nothing to them they would have eaten the loss and not said a fucking word about it as to keep trust in the site.

Also, where the fuck do you get off thinking they make 1000+ BTC a week?
legendary
Activity: 3766
Merit: 5146
Note the unconventional cAPITALIZATION!
You know, the FBI and DEA etc etc would be KURAZY not to have a room full of the most talented savant/analyst/tech gurus just pounding away 24/7 on ways to do exactly what just happened...

I bet they are mad the owner beat them to it this time.

And some of you think he doesn't have an incentive to take the money and run.

LOL.
full member
Activity: 151
Merit: 100
Christ, reading this it's like Occam came to bitcointalk and traded in his razor for a plastic spork.

No shit.  And then tried to shave with it.  Is there seriously anyone here who believes this cock-and-bullshit story?

Also, there are still people out there stupid enough to treat an anonymous site exclusively operating for the purposes of criminal activity as a goddamn online wallet?  Are these people retarded?  How many times do they have to learn this lesson?

People believe what they want to believe, even though it isn't always reality or truth. Greed is also a strong motivator which I'm sure is a huge part of why people will continue to trust those places (though they should not).
legendary
Activity: 1176
Merit: 1005
Christ, reading this it's like Occam came to bitcointalk and traded in his razor for a plastic spork.

No shit.  And then tried to shave with it.  Is there seriously anyone here who believes this cock-and-bullshit story?

Also, there are still people out there stupid enough to treat an anonymous site exclusively operating for the purposes of criminal activity as a goddamn online wallet?  Are these people retarded?  How many times do they have to learn this lesson?
legendary
Activity: 3766
Merit: 5146
Note the unconventional cAPITALIZATION!
Christ, reading this it's like Occam came to bitcointalk and traded in his razor for a plastic spork.

Contender for best post in thread.
legendary
Activity: 1204
Merit: 1015
Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?

Because he can just make another site after this. His identity is unknown who said he got any "reputation"
Seriously, this site has been around for all of a few months. In my time here, I've seen plenty of people with that short of a reputation run away with a profitable business for much less.

I imagine that he got scared that he would be caught by the feds, so instead of taking the profit over time and risking his ass, he decided that he was much safer just stealing the funds all at once.
full member
Activity: 210
Merit: 100
Maybe it was DEA who raided the site.
In that case, it wasn't hacked, but confiscated.
full member
Activity: 224
Merit: 100
Come on! How does a malleability attack steal their all coins 'SLOWLY' and they don't notice it until all of them are gone?
They stole the coins themselves and took advantage of the malleability situation as an excuse.
agreed!
legendary
Activity: 1400
Merit: 1013
Shouldn't this thread be in Service Discussion?
hero member
Activity: 658
Merit: 500
Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?

Because he can just make another site after this. His identity is unknown who said he got any "reputation"

Ppl still find it hard to believe that mallebility doesnt simply mean stealing your coins ? Stupid as stupid does.

... No its not possible to steal your coins... you're an idiot for believing the story.
legendary
Activity: 1330
Merit: 1000
Bitcoin
I've never understood ( assuming the admins do drugs ) why people would be shocked that drug users can't pull it together and run a site. I'm shocked!

People's ignorance and hypocracy about drugs is shocking.  The majority of business owners, entrepreneurs, successful people, drink alcohol at the very least.

Alcohol is a hard drug with a successful marketing machine behind it.

I suppose you're not a drug user at all?  You don't use alcohol, caffeine, nicotene?

Ya ya right ...thats why they all get hacked when your high on your supply shit happens.   Alcohol is not like meth or heroin sorry.

I've used all 3 you mentioned  but none compare to meth or heroin.


The most popular purchases for US Silk Road users are MDMA, LSD, and Marijuana, in that order.  All three of these drugs are less dangerous and addictive than alcohol:

http://qz.com/162021/the-most-popular-drugs-bought-with-bitcoin-on-silk-road/#162021/the-most-popular-drugs-bought-with-bitcoin-on-silk-road/

Meth and heroin didn't even make the list.  Silk Road gets used primarily by intelligent, tech-saavy young adults as a place to procure substances that are less dangerous than alcohol.

There you go . Include  MDMA ,LSD and yes Marijuana. Your fooling yourself if you don't think drugs play a part in the downfall of these sort of things.  All the drugs you mentioned as evenly addictive.  I'm no referring to the users, I'm speaking about the owners of the site and/or the vendors also. These vendors are morons if you ask me and def. high on their own supply. Some of the stuff they do is mind blowing stupid like that Ross Ulbert guy . He made so many mistakes its like amateur hour. You can brush this stuff off, but the reality is drugs FUCK YOUR MIND up.

My main point is that it's extremely hypocritical to act like mdma, lsd, marijuana users are beneath you if you drink alcohol, which is a harder drug than the aforementioned three.

Fair enough. I'll concede you the point you are seeking to make but what about mine ? Good debate  Grin

I agree that if you are running a criminal enterprise, or even a low level criminal.  It is smart to stay completely sober and focused at all times.

Lol...... well played ... *shakes your hand*   till next time!
newbie
Activity: 13
Merit: 0
Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?
Pages:
Jump to: