Author

Topic: Silk Road Theft (Read 1550 times)

newbie
Activity: 54
Merit: 0
September 10, 2013, 07:45:30 PM
#9
You crazy if you think SR steal it.  millions of dollars a year, they not give any fuck about .5 BTC.  You credibility drop from this statement.
This is how I would have did it.

1.  Your info taken from hacking another site, and i log in and brute your 4 digit pin
2.  Put RAT on you PC ( remote access terminal )

chances of bad node, any MITM are too small.  Probably it was #2 because you say you were blocked for 10 minutes.
I dont care about how secure you THINK you pc is, nobody is 100% not even me.  many rat and malware are FUD ( fully un-detectable )

Download/run hijackthis and pm me log or post here, also copy of the host file.  Maybe run combofix after but you need wait.  combofix will delete bitcoin-qt folder including the wallet.dat.
sr. member
Activity: 322
Merit: 250
September 10, 2013, 07:22:31 PM
#8
I am curious.  Why does a person need to leave money with SR.  I always guessed the money went from buyer to seller directly.  I would have expected better from SR than this.  Now you have no legal recourse to get your money back.   Angry   SR is a hidden service and contracts involving banned substances are illegal themselves. 

Here in Argentina.  Someone bought something on the eBay equivalent and received instead an empty box package.



There is logical sense of why SR has an internal payment system - escrow system.

How would SR be anonymous if you sent the btc directly to the sellers btc address? lol.
legendary
Activity: 1736
Merit: 1029
September 10, 2013, 06:39:44 PM
#7
Could a botnet have been implemented on your computer?
sdp
sr. member
Activity: 469
Merit: 281
September 10, 2013, 06:02:16 AM
#6
I am curious.  Why does a person need to leave money with SR.  I always guessed the money went from buyer to seller directly.  I would have expected better from SR than this.  Now you have no legal recourse to get your money back.   Angry   SR is a hidden service and contracts involving banned substances are illegal themselves. 

Here in Argentina.  Someone bought something on the eBay equivalent and received instead an empty box package.

full member
Activity: 238
Merit: 100
September 09, 2013, 08:21:21 PM
#5
Tor traffic is all encrypted internally, it's more likely that he's running a windows botnet droned comp, or somebody brute forced his account because the password was password123 and his pin was 1234.

The MITM sniffing attacks happen when you try to SSL out of an exit relay, not access a .onion site. They also wouldn't happen if you were using chromium TLS stack or firefox with pinned SSL certs for whatever sites you are using.

No, I actually have a pretty large password database, and neither my password or pin are in it.  (Both are unique and complex.)
hero member
Activity: 899
Merit: 1002
September 09, 2013, 07:34:34 PM
#4
Tor traffic is all encrypted internally, it's more likely that he's running a windows botnet droned comp, or somebody brute forced his account because the password was password123 and his pin was 1234.

The MITM sniffing attacks happen when you try to SSL out of an exit relay, not access a .onion site. They also wouldn't happen if you were using chromium TLS stack or firefox with pinned SSL certs for whatever sites you are using.
legendary
Activity: 966
Merit: 1000
September 09, 2013, 07:17:46 PM
#3
What about a bad node now?

For the tech illiterate please... what is it how can it be prevented?
sr. member
Activity: 322
Merit: 250
September 09, 2013, 07:13:58 PM
#2
I would suspect you've been sniffed via a bad TOR node.

This has been happening a bit more often as people are running more and more rogue nodes on the tor network.

Your basic login info gets sniffed out on the tor relay node, they get your login details in plain text basically.
full member
Activity: 238
Merit: 100
September 09, 2013, 05:08:59 AM
#1
Hey guys,

Just wanted to post a quick word of warning.  A couple of days ago I had BTC0.5 stolen from my Silk Road account.  I post this because for such a thing to happen the thief would need my username, password, and pin.  The username and password are scattered around a bit (I know, my bad.) but I can only think of a few websites which I have used my pin on.

I have since changed all my passwords and pin numbers.

Also note that I am very vigilant about keeping my computer free of keyloggers and such, and also am keen on staying away from phishing sites.

Please note that I am not saying the operators of any of these websites actually took my money, only that they are the only ones that would have had access to my Silk Road pin.

http://feathercoin.is-a-geek.com/

http://gld.vircurpool.com/

http://gld.cryptocoinmine.com/

The only other thing I can think of is Silk Road themselves stealing it.  Customer support would not give me the address it was sent to, only that it had been taken.

Please don't respond telling me I screwed up.  I already know that.   Roll Eyes

Here is how it happened:

I sent BTC0.5 to my Silk Road address.

The money shows up in my account, but I get a message from silk road support telling me the money was sent to an "archived address."  (Which was not the case, I was using my current address.)

Then silk road stops loading for about ten minutes.  When I finally get back, all my money has been taken.  I know for a fact that the url was always correct and I had not been phished.

Someone must have known all my log in information, and also been waiting for me to deposit.  I am unsure though how they would have prevented me from loading the site, though.

I also don't want to discuss the moral implications of using the Silk Road.  I will only say that the items I buy from there are not for illegal or malicious use.

Has this happened to anyone else?
Jump to: