This was bound to happen sooner or later...
I have to admit I first heard of Bitcoin when I first found out about SR, had a look on SR, realised I can still get better weed for way cheaper within minutes/hours without the internet. And what if its shit? I like to check my stuff first Who the fuck wants to wait days possibly weeks to get their gear?
When I want my weed and I want my fucking weed delivered quick!
No, it was not hacked. The operator is using the malleability bug as an excuse to steal all that bitcoin. People running such marketplaces have no morale. The amount of money stolen is enough for someone to retire for the rest of their lives, if they're not too extragavant.
The operators wouldn't need to steal really. They money they make in fees makes it more profitable to keep running. Do you know for a fact it was an inside job?
Well, people who run black markets are not usually altruistic. They tend to be very egoistical and cynical, and have little concern for other people. It's all about personal gain and profit.
I read the statement he/they put up, and it was a lot of hoopla, and did not make any sense in the slightest. Therefore, the most rational and logical explanation is an insider job.
The transaction malleability issues could only be exploited if a customer withdraws bitcoins, the txid is changed, and the exchange resends the transaction automatically by default or upon customer complaint. The chance that the impementation is such that the entire hot wallet could be emptied this way is near to non-existant, and esp. so when no detailed technical explanation is made as to exactly how it happened. It's easy to hand wave and say it was some 'polymorphic code loaded to the database with some heuristic algorithms', and that might fool the average hollywood blockbuster viewer, but for anyone into tech, you need detailed explanations to prove that a certain thing happened. Same thing with the recent story about rampant
hacking in Sochi. Stories like those may fool the uninformed, but if you know a lot about computers, being a dev, engineer or the like, you know this was a hoax.
So the SR 2.0 admin(s) tried to take advantage of the current hysteria regarding the tx malleability issue, and attempted to set up a way much like law enforcement uses parallel construction to frame someone. You use the tools you have to construct a certain path of events that leads up to the desired outcome. So claiming all coins (4000) needed to be in hot storage for whatever reason, and then claiming the system to be designed in such a way that an adversary in fact could empty the hot wallet exploting the malleability issue, does not simply make sense.
There's not even a remote chance that this was the case. Firstly, who in their right mind would put 4000 bitcoins in a hot wallet? Esp. considering this was all they had. 5-10% og total amount of bitcoins in a hot wallet should be enough for any exchange. That way, if there's a successful attack, you will lose 5-10% of the coins, and not 100%.
This is a lot like the Bitcoinica debacle, where a password that unlocked (gave access to informations that led to control) bitcoins were a random unrelated string leaked in source code. Also highly unbelievable that somebody would actually take a random string from hundreds of line of source code, and this happens to be the right password. Fat chance..
So basically, putting 4K BTC in hot wallet, running an implementation of code that is so poor, that attacker(s) could empty all the bitcoins without interference, is highly unlikely. What adds to it being highly unlikely is that no fact is provided about exactly how the implementation was done, for example source code could've been released immediately containg the exploitable flaw, so that devs in the community could confirm the case. This has not happened, and thus the main suspect is the operator.
Now, people may ask, is it not better to run the site and make commission instead of stealing all the btc? Well, in an ideal world that is what would happen.
But if we look away from the ethical aspect, an operator getting away with 4K btc early on, might as well escape the long arm of the law completely. The longer you operate such a site, the bigger the risk of being caught by law enforcement, see what happened to SR.
So one one hand:
Run away with 4K btc, erase all tracks, keep a low profile until people start to forget about it, then mix the coins, so it's impossible to follow, cash out gradually and live the 'good life'.
On the other hand:
Run a successful black market constantly earning you great comission, but you constantly live in fear of being exposed, caught, jailed and facing years in prison. You would probably have your funds confiscated, and would live years behind bars, and even if you had a brain wallet or other means of storing the btc, who knows if btc would even exist, or if the format of the protocol had changed or anything else while you sat 10-15 years in prison.
Blaming everything on a hack means that there's a slight chance that the operator is actually telling the truth, and some users will believe this. However logic dictates that is someone who robbed their own bank.
I have no evidence to back this up, and in that regard this is all speculation. It has to be up to the operator(s) to prove that they're telling the truth. If it can't be proved, it must be assumed it is a lie, and thus an insider job.
