Topic: Silk Road 2.0 hacked through malleability, ~4000 BTC STOLEN - page 5. (Read 28429 times)

Thanks for the detailed explanation. Much appreciated!

what if you purchasing illegal drug for health benefits?

Link & googe cache went dead, but it smells like a scam:

http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Update 2: As the time passes there are more and more suspicions that this was in fact a SCAM by the Silk Road staff – and not a hack, we will post more details about it once, and if we get the full picture.

Update: The amount of BTC that was stolen was calculated by Nicholas Weaver @NCWeaver – Computer Security Researcher, to be around:  4474.266369160003BTC that are with the value of about $2.7 Million.

It was just announced in a post by Defcon the Silk Road administrator (this post will be updated as soon as we get more info) -
Yes, what seemed to be an imaginary situation until not long ago, just became true, the silk road2  – the site who counted to be the security fortress of the deep web just has been hacked with its bitcoin stolen.  as he announced on the sites forums,  we pasted his post here:

[EDIT: link does work again, screenshot removed]

Ok, I'll bite.  In this scenario there are two ledgers.  One is the bitcoin block chain and the second is SR2 escrow service.

The interacton/use case goes like this:

1) Vendor A withdraws some money from SR2 escrow
2) the SR2 escrow sends a payment to the bitcoin P2P network
3) SR2 escrow records the payment's txid in it's database
4) waits for confirm (a miner to include it in the block)
5) before it's confirmed, Vendor A changes the txid (using malleability)
6) Vendor A broadcasts this transaction to the bitcoin network
7) Since, the inputs are the same, bitcoin network code sees this as a double spend
8 ) bitcoin marks the orignal transaction as dead (no miners will include it in a block)
9) SR2 escrow receives notification that the oridinal txid is dead
Note: this where all the websites are changing their code base, like SR2 should have when the bug exploit was discovered>
10)  SR2 escrow credits the vendors account for the "dead" funds, believing they are still in the escrow wallet (escrow ledger is now out of synch)
11)  the malleability transaction gets confirmed by miners
12) Vendor A now owns those bitcoins
13) Vendor A now goes into the SR2 escrow service and requests payment again
14) Vendor A is now at step 1 again and continues until the escrow wallet is no longer able to fulfill withdraw requests
14a) Process complete: SR2 sends out a sad message about their wallet being empty


so yes you can lose BTC with transaction malleability.

How do you defeat this?  

There are several ways:

• you send a request to the network for transactions on your wallet address and look to see if there are any between you and Vendor A on the network (check that the inputs aren't still in use)
• Flag the account for human intervention/review when fraud conditions are met
• Re-use the same inputs, so if there is another transaction (mutant) the network will not allow the double pay

or

• use multi-sig transactions with the SR2 service acting as the "Oracle" (What SR2 is talking about in the sad message)

so this was an indirect gox'd

SR2.0 uses Goxing to use as excuse to get coins.

As far as I can make out malibility doesn't work that way.

Any where sr 2.0 users just got Proxy Gox'd

I don't care what you say, I AM going to steal this quote and use it in the future
 

You're basically asking "Why would someone run off with a couple million dollars?" 

Is it really that hard to understand?

Jesus christ, what are you 12 years old or something? Any mother fucker who has never done drugs is a fucking loser. Seriously, they are the biggest weirdos on the planet. It is in our nature to get a buzz. Kids spin in circles to do it. People who have done psychedelics have a better grasp/vision of how great and yet how meaningless life on this earth can be. Anybody who never has or never will divulge into a drug is a fucking robot.

But hey, I'll lighten up a bit, it's not your fault. You really had no choice, as your only doing what your brain told you to do (Just a theory of mine :-))

You don't know how wealthy they are. Fuck, SR 2 has only been up for a short period of time. If 4000 BTC meant nothing to them they would have eaten the loss and not said a fucking word about it as to keep trust in the site.

Also, where the fuck do you get off thinking they make 1000+ BTC a week?

You know, the FBI and DEA etc etc would be KURAZY not to have a room full of the most talented savant/analyst/tech gurus just pounding away 24/7 on ways to do exactly what just happened...

I bet they are mad the owner beat them to it this time.

And some of you think he doesn't have an incentive to take the money and run.

LOL.

People believe what they want to believe, even though it isn't always reality or truth. Greed is also a strong motivator which I'm sure is a huge part of why people will continue to trust those places (though they should not).

No shit.  And then tried to shave with it.  Is there seriously anyone here who believes this cock-and-bullshit story?

Also, there are still people out there stupid enough to treat an anonymous site exclusively operating for the purposes of criminal activity as a goddamn online wallet?  Are these people retarded?  How many times do they have to learn this lesson?

Contender for best post in thread.

Seriously, this site has been around for all of a few months. In my time here, I've seen plenty of people with that short of a reputation run away with a profitable business for much less.

I imagine that he got scared that he would be caught by the feds, so instead of taking the profit over time and risking his ass, he decided that he was much safer just stealing the funds all at once.

Maybe it was DEA who raided the site.
In that case, it wasn't hacked, but confiscated.

agreed!

Shouldn't this thread be in Service Discussion?

Because he can just make another site after this. His identity is unknown who said he got any "reputation"

Ppl still find it hard to believe that mallebility doesnt simply mean stealing your coins ? Stupid as stupid does.

... No its not possible to steal your coins... you're an idiot for believing the story.

Lol...... well played ... *shakes your hand*   till next time!

Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?