Bitcoin Forum

This hack was possible because of a bug/oversight in their implementation...

More info here: http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/
http://www.reddit.com/r/DarkNetMarkets/comments/1xtqty/sr_has_been_hacked/
http://www.reddit.com/r/Bitcoin/comments/1xtsrq/silk_road_got_hacked_all_funds_stolen_cheap_coins/

EDIT: Looks like the summed balances of all the addresses given is 4083BTC.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I am sweating as I write this.
Christmas brought grave news. I cannot adequately express how deeply honored I was by your unconditional support of my staff.
I do not expect the same reaction to today’s revelations. This movement is built on integrity, and I feel obligated to be forthright with you.
I held myself to a high standard as your leader, yet now I must utter words all too familiar to this scarred community:
We have been hacked.
Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.
Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.
This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.
In retrospect this was incredibly foolish, and I take full responsibility for this decision.
I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.
I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice. More details will emerge as we continue to investigate.
Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward.
It takes the integrity of all of us to push this movement forward. Whoever you are, you still have a chance to act in the interest of helping this community. Keep a percentage, return the rest. Don’t walk away with your fellow freedom fighters’ coins. DPR2 returned the cold storage. I didn’t run with the gold. But two people alone cannot move us forward. It takes an entire community committing to integrity – and though this crushing blow will not stop us, it sure is a testament to how greedy some bastards truly are.
Being a part of this movement might be the most defining thing you do with your entire life.
Don’t trade that for greed, comrades.
I will fight here by your side, even the greedy bastards amongst us.
This community has suffered great financial loss over and over again, and I am devastated that it has happened again under my watch.
Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.
The only way to reverse a community’s greed is through generosity. Our true character is revealed during trying times.
If this financial hardship places you at risk of physical harm, contact me directly and I will do my best to help you with my remaining personal funds.
- —————-
Now what.
- —————-
Never again store your escrow bitcoins on a server.
Silk Road will never again be a centralized escrow storage.
This week has shown the collateral damage we can cause by being a huge target and failing in just one unforeseen area.
I am now fully convinced that no hosted escrow service is safe.
If I cannot trust myself to keep a hosted escrow solution safe, I cannot trust anyone.
Multi-signature transactions are the only way this community will be protected long-term.
I am aggressively tasking our devs on building out multi-sig support for commonly-used bitcoin clients. Expect a generous bounty if you have the skill to implement this.
- —————–
Until then.
- —————–
1. We will never again allow ourselves to be a single point of failure. We will never again host your Escrow wallets.
2. Vendor registration is closed while we regroup.
3. All listings on Silk Road are now No-Escrow (Finalize-Early) for 1-2 months while we implement multi-signature transactions and lobby for mainstream Bitcoin client multi-sig support.
4. All unshipped orders have been cancelled.
5. Vendors may link to other marketplaces on a trail basis until we launch multi-sig, then we will re-evaluate based on community input. We do not want to be a centralized point of failure, but we also do not want to lead our buyers into dangerous waters.
6. From this point forward DO NOT trust markets with centralized escrow. Use multi-signature transactions whenever possible, with trusted third parties as escrow providers.
Everything will be offline for 24-48 hours to minimize variables as we continue to investigate. The evidence we have below will be expanded based on our findings.
- ——————
No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize.
We are relieved that our security procedures protected user identities, and that no servers were compromised. This was not a worst-case scenario: nobody will be getting arrested from this. Financial loss is terrible, but will not put all of us behind bars.
The details we have on the hacker are below. Stop at nothing to bring this person to your own definition of justice.
Humbled and furious,
Defcon

allow me to translate:

"i took your coinz lol!"

What a load of shit from a faceless, petty prick in a long line of them.

How can you possibly withdraw coins due to Transaction Malleability exploit?

I mean, exploit or shitty implementation ?

If you keep your BTC on an illegal goods website run by drug dealers you deserve to get your funds stolen...

You need to code you wallet in a really shitty way (as in: much worse than Gox) to allow people to continuously withdraw in this manner.

Or... The guy saw an opportunity to run with the money by making use of the widespread confusion about the transaction malleability issue and took it.

The later. How stoopid does he think users are?

This is sad  :(

Good question. That would only be possible if they had automated their dispute resolution system and given their vendors free-for-all access to exploit without limits.

does this mean i'm not getting my new james bond identity and 30000 kalashnikovs, stuffed full of the purest columbian white powder?

http://3.bp.blogspot.com/_tafXqu5xBBE/TQeqYBU943I/AAAAAAAAAY4/HXHPgE0eeJo/s400/AwShucks-1.gif

Am I missing something here? The coins are still there...

https://blockchain.info/address/1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX

Guess this explains why the price dipped a bit.

Glad we got that out of our system.

And yeah, agreed that this is likely just a convenient excuse to make a run for it.

either we are looking a system crash, or fraud

$18million, who wouldn't be tempted to steal that amount from a litter of junkies?

Ouuuu comeOn! They robbed themselves. Don't be fool :)

Whatever happened to the good ol days of just calling up your local drug dealer/pot head to get your drug fix.  These online black markets really seem unsafe.

together with me and babay break the chains of lOOOVOE!!

Is this why the BTC price is rocketing downwards atm? Because the thief is dumping all the stolen coins?

Yes, those are the Silk Road coins seized by the FBI.  This guy is talking about Silk Road 2.

i don't think so, I just think it's meant to be, doesn't phase me personally... up, down, round and round. Bitcoin has many many many moons ahead of it.
panic ye not.

Those are the wrong coins. This is SR 2.0 not SR.

Not sure onthe amount of coins stolen, but I don't think it's over 500ish or so based on the withdrawal addresses they disclosed.

These money are belong to FBI.
They were taken from SilkRoad 1.0 by FBU with the next wallet
https://blockchain.info/address/1FfmbHfnpaZjKFvyi1okTjJJusN455paPH
But the topic is about SilkRoad 2.0
I don't know anything about their bitcoin-address.

Ah ok, that makes more sense. Thanks.

Bullshit story. The admins took it.

Can anyone explain how this transaction malleability bug can be exploited to steal coins from a Bitcoin address? I thought it can only happen if you are an exchange, like Gox or Stamp, and people are making withdrawals.

Thank you for the most common sense thing ever said on this topic!  This should be a 'sig'

I can't explain it to you, because it cannot happen.  This is a blatant lie, the OP stole everyone's coins and, as the other poster said, anyone stupid enough to leave coins on a hosted site dedicated to selling illegal products deserves to have their bitcoins stolen.

I think there is a good chance this was an inside job, but that doesn't matter for the point I'm going to make.

Do not ever leave all coins open to hot withdrawal. That is just stupid. Incredibly stupid.

If you're building or running a service please take note of this. It doesn't matter how good you think your security is. It only takes one hole. Just one to result in disaster. That's irresponsible.

Services: The majority of coins should always be kept in some secure cold storage. As any auto/hot wallet runs low then move funds into it. If customers complain of delays screw them, they'll appreciate not losing their coins more.

Customers: Check that a service stores the majority of their coins safely offline. Leave if they don't or don't complain when they say they lost everything.

Sounds like someone took the coins and is blaming it on a "transaction malleability" hack...

lol, just lol.

Also for what it is worth, there are far better markets out there if you are into that sorta thing.

Then again anyone who is smart enough already knows this. ;)

maybe we need a better system, where we send the dealer the bitcoins directly

or open a Medical Marijuana Clinic in florida



i need it for Depression/Anxiety/Insomnia

It can happen if withdrawals are automatic, requests for re-tries are automatic, and SR 2 used a transaction ID to confirm withdrawals were successful.  E.g.
1. A withdraws 10 BTC, tx ID 1
2. A successfully changes tx ID 1 to tx ID 1a (malleability)
3. A tells SR 2 that tx ID 1 never arrived
4. SR 2 checks and sees tx ID 1 is not in the block chain so reissues it.  (At least MtGox had a human at this step, but they fell for it too).
5. Goto step 1 until the wallet is drained.

Very poor programming since nothing is final until it is confirmed (including the tx id), and this should not have been automated.

Did this happen or did they take it?  Don't know.

Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.

Run with few million now, or  sit back and wait for feds to bust down your door while you make a bigger paycheck.

I'll take the few million now

How about getting a big fat paycheck before getting caught? And eventually they would.

Does Coinbase fall in this category?  I create the address using Coinbase, where is my private key??

Release the source code and prove the bug is real and exploitable.

That cracked me up.  :D

Hmm... billion dollar source code.. free... hmm... no

Seeing as 1.0 made the owner over 125k bitcoin in little to no time, I'm doubting the guy who owns 2.0 stole the coins, unless... the value is extremely high. Do the math, ruining your business for $2M when it can make you 100M in 2 years, if he needed money all he had to do was remove coins from the server that he cant back up if everyone at once wanted to withdrawal.

Now if there was like $50m on the server, yeah, I see it.


This only makes sense if
1. They're located somewhere the government cares.
2. They made the same foolish mistakes 1.0 did, such as use the same usernames on a website linked to your name, and your drug site at the same time.
3. 2.0 shuts down.

This, and also +1

Just a rumors from what i see

loop:
deposit btc
withdraw btc
generate a new txid for the same transaction
get the new tx mined before the original
hope SR system has a bug and keep your balance intact if the original tx is not mined
go loop

Curious about this same question as to does Coinbase fall under this? 

4000 BTC is a lot.  hopefully we'll have free withdrawals next Silk Road 3.0 runaround

Someone needs to make a movie about Bitcoin.

4000 BTC isn't a lot when the potential to make 2x that monthly in profit is available..

@OP 4,000? TechCrunch talks about a whopping 88,000 BTC!

http://techcrunch.com/2014/02/13/silk-road-2-hacked-88000-bitcoin-allegedly-stolen/

It's going down because bitcoin is now vulnerable to hackers.

agreed, however, I don't believe for a minute that the malleability issue has been the cause of this theft. I think it's more to do with $44million in the hands of the people who run silk road, and they'll simply bring the marketplace back up, and do it all over again. The same thing happened with BMR (Black Market Reloaded) and also Sheep... way before the excuse of the malleability was proffered.

I wouldn't say they deserve it, but they should at least not be too surprised.

Does anybody think that this article is a spoof?

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

No. I think it's between the site developers or a hacker (or group of) that found a vulnerability.

Now at least they are not stupid to let the gorverment have the bitcoin . it must be backup  ::)

Thread title is wrong.

SR2 was not 'hacked'. This was theft from a pool of money about as secure as a blind busker's tophat.

Coinbase and many other sites are reputable, but no one is perfect. SR 2 (unless they are crooks) made a dumb error and lost a lot of coins. Ditto Gox. Ditto others. Ditto some of the pools.  Has coinbase been hacked? Not yet that we know of.  Have people lost coins at coinbase? People say yes, probably through Trojans, key loggers, and the like.

The best practice is to use cold storage for coins you don't intend to use soon, where you have the private key(s) created using the bitcoin wiki process.

Think about it like this: you send your coins to me, and I'm holding them for you. You have to trust me, trust everyone who works with me, trust everyone who has access to our network (even the NSA can screw up there) and everyone who has access to the private keys.  You also have to trust each of those people to not accidentally screw up by getting malware or just making a mistake in coding. Hopefully most of coinbase's coins are offline in cold storage, but you are trusting them. They are well funded, so probably are okay, but it is pretty easy to move your coins out of there if you intend to keep them for a long while, so even if the chance of them having a problem is low, why not protect yourself?

No one is saying it isn't the idiots who run the illegal site. I'm pointing out ANOTHER *POSSIBILITY* that everyone else seems to be overlooking, however. We know full and well the NSA and FBI have the computing abilities to steal our fucking bitcoins. Whose to say they haven't been practicing for years?

why can't they use their bitcoin power to hash at 100 PH/s

Because a quantum computer is an ANALOG computer, not a digital one, you can literally program them to do anything, even hash bitcoin. Whose to say they haven't been doing that?

Exactly. People just want it to be the government so they can continue saying that governments are bad...

Where there is a will there is a way. You think bitcoin isn't derail-able, but it is. I don't care what the histories are, as people can mask who they truly are. You can have someone setup a false website and he will let the FBI in on everything he's doing because he's a paid actor, and walla they can do a brute force attack and shutter the markets. There can be a lot of people that can hurt bitcoin, all they need to do is work together. What i'm saying is though, people can be paid off by the government with it's useless fiat greenbacks, to allow them to access certain sites and their secure data. That's what I think happened here. It's also entirely possible that the encryption was cracked by a quantum computer, to an extent.

While the government can't just straight up hack the entire bitcoin network without us knowing about it, they can certainly find people who own sites like Silk Road who will co-operate.

That's because they are bad. You people think the government regulating bitcoin is a GOOD thing?

I don't but between regulation and saying that governments are fully bad... That's a huge stretch. Do they do bad things? Sure. But they do benefit your life in some ways whether you like it or not.

Newsflash. Bad people aren't good. Therefore they do not do good things. Wow, go figure. Also, this just in. THE GOVERNMENT ISN'T A PERSON BUT RATHER A BODY OF PERSONS. That means if the government DOES produce something good (Rand Paul fillibustering and running for president, eh hemm, he's a senator therefore part of the government but not representative of most of it, most of it being bad), it's not because of the bad people within the government.

Go ahead though, bend over and suck the dicks of hitlerian politicians such as Arnold Schwarzenegger and gun grabbing maniac Mayer Bloomberg. Because you liked The Running Man, didn't you? Better suck Arnie's cock then. (As if arnold controlled the entire production of the running man, and that Jesse Ventura is just as bad as Arnold because he was also in the movie with him)

This is hilarious.

Yes because all people criticizing the government and the horrible things Arnold has done to Calee-forn-eeeaah's economy all come from watching the Alex Jones show. You can't understand anything about arnold schwarzenegger, form your own opinion about the really tyrannical shit he's pulled in California and not be an alex jones fan.

I remember when this used to be a thread about BTC and SR2, ohh the good ol days

Well you see, men have penises. Women have vaginas. Did that clear things up for ya?

now it's about SR3 and Howard Jones

You hurt yer what ?

Wow. You love assuming things, huh? All I see is tinfoil hat BS.

WOW you said tin foil hat, YOU said it.... YOU, the guy who thinks the government is one whole person. I'm SO ashamed of myself. You obviously win the argument because you said TIN FOIL HAT.

Moving on back on topic as I don't enjoy conversing with parasites...

The fbi has without a doubt planted quite a few people who run websites LIKE silk road. It's entirely plausible that they have already used their plant as a rat so they could extract BTC from the site's users. I'm sure this happens all the time. It's called... being a criminal. Not that hard to understand.

Oh fuck it... I'll offer my advice here as well, regardless of what I think of the situation.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Exactly - it bears repeating :-)

Malleability? Hahahaha, the fucking admins stole all of it. What kind of idiot would put money into that website is beyond me.

Christ, reading this it's like Occam came to bitcointalk and traded in his razor for a plastic spork.

The good news is nobody had their Bitcoins stolen.   The site now long has the means to repay the bitcoin IOUs it issued (because of the alleged and possibly made "hack", but if you don't have the private key for "your coins" guess what?  You never had any bitcoins.

Not sure how many thousand more of these hacks and "hacks" it will take before that concept sinks in.

+1000

Then again, what do we expect from junkies smoking pots and doing drugs?....

yes cos drugs make you evil. You can't be evil and then do drugs, because that just crosses the line of just how evil you can be. You don't be THAT evil. You have to BECOME evil even though the definition of a good person wouldn't allow it... for it to be acceptably evil.

Bad rebuttal there.

All those people are evil.

+1

and the bad attempt to blame malleability as the cause for the silk road owner to profit at others expense is the second part of why i laugh at silk road news.

I've never understood ( assuming the admins do drugs ) why people would be shocked that drug users can't pull it together and run a site. I'm shocked!

well silk road admits the coins will never get returned.. but MTGox still says that the coins are available. so he is either playing the pirate@40 long con, stringing people along as you say. or the coins will be returned.. we still dont know 100% what mtgox drama will develop.

but the silk road drama, is just comedy to me. what do they expect when using silk road as a bank (store of value). even with paypal i only deposit fiat the day i wish to buy something. or if i sold an item on paypal, id withdraw the money the day its available. drug dealers deserve it as they know they cant simply inform the police of the theft. thus they should have been more careful when handling money.

Ya ya right ...thats why they all get hacked when your high on your supply shit happens.   Alcohol is not like meth or heroin sorry.

I've used all 3 you mentioned  but none compare to meth or heroin.

There you go . Include  MDMA ,LSD and yes Marijuana. Your fooling yourself if you don't think drugs play a part in the downfall of these sort of things.  All the drugs you mentioned are evenly addictive.  I'm not referring to the users, I'm speaking about the owners of the site and/or the vendors also. These vendors are morons if you ask me and def. high on their own supply. Some of the stuff they do is mind blowing stupid like that Ross Ulbert guy . He made so many mistakes its like amateur hour. You can brush this stuff off, but the reality is drugs FUCK YOUR MIND up.

Fair enough. I'll concede you the point you are seeking to make but what about mine ? Good debate  ;D

Come on! How does a malleability attack steal their all coins 'SLOWLY' and they don't notice it until all of them are gone?
They stole the coins themselves and took advantage of the malleability situation as an excuse.

Why would the creator of Silk Road 2.0 sabotage his business like that by stealing all the money from the marketplace? Wouldn't he have made more money from the business long term instead of just taking the money and running, if he even took it in the first place?

Lol...... well played ... *shakes your hand*   till next time!

Because he can just make another site after this. His identity is unknown who said he got any "reputation"

Ppl still find it hard to believe that mallebility doesnt simply mean stealing your coins ? Stupid as stupid does.

... No its not possible to steal your coins... you're an idiot for believing the story.

Shouldn't this thread be in Service Discussion?

agreed!

Maybe it was DEA who raided the site.
In that case, it wasn't hacked, but confiscated.

Seriously, this site has been around for all of a few months. In my time here, I've seen plenty of people with that short of a reputation run away with a profitable business for much less.

I imagine that he got scared that he would be caught by the feds, so instead of taking the profit over time and risking his ass, he decided that he was much safer just stealing the funds all at once.

Contender for best post in thread.

No shit.  And then tried to shave with it.  Is there seriously anyone here who believes this cock-and-bullshit story?

Also, there are still people out there stupid enough to treat an anonymous site exclusively operating for the purposes of criminal activity as a goddamn online wallet?  Are these people retarded?  How many times do they have to learn this lesson?

People believe what they want to believe, even though it isn't always reality or truth. Greed is also a strong motivator which I'm sure is a huge part of why people will continue to trust those places (though they should not).

You know, the FBI and DEA etc etc would be KURAZY not to have a room full of the most talented savant/analyst/tech gurus just pounding away 24/7 on ways to do exactly what just happened...

I bet they are mad the owner beat them to it this time.

And some of you think he doesn't have an incentive to take the money and run.

LOL.

You don't know how wealthy they are. Fuck, SR 2 has only been up for a short period of time. If 4000 BTC meant nothing to them they would have eaten the loss and not said a fucking word about it as to keep trust in the site.

Also, where the fuck do you get off thinking they make 1000+ BTC a week?

Jesus christ, what are you 12 years old or something? Any mother fucker who has never done drugs is a fucking loser. Seriously, they are the biggest weirdos on the planet. It is in our nature to get a buzz. Kids spin in circles to do it. People who have done psychedelics have a better grasp/vision of how great and yet how meaningless life on this earth can be. Anybody who never has or never will divulge into a drug is a fucking robot.

But hey, I'll lighten up a bit, it's not your fault. You really had no choice, as your only doing what your brain told you to do (Just a theory of mine :-))

You're basically asking "Why would someone run off with a couple million dollars?" 

Is it really that hard to understand?

I don't care what you say, I AM going to steal this quote and use it in the future
 :D

so this was an indirect gox'd

SR2.0 uses Goxing to use as excuse to get coins.

As far as I can make out malibility doesn't work that way.

Any where sr 2.0 users just got Proxy Gox'd

Ok, I'll bite.  In this scenario there are two ledgers.  One is the bitcoin block chain and the second is SR2 escrow service.

The interacton/use case goes like this:

1) Vendor A withdraws some money from SR2 escrow
2) the SR2 escrow sends a payment to the bitcoin P2P network
3) SR2 escrow records the payment's txid in it's database
4) waits for confirm (a miner to include it in the block)
5) before it's confirmed, Vendor A changes the txid (using malleability)
6) Vendor A broadcasts this transaction to the bitcoin network
7) Since, the inputs are the same, bitcoin network code sees this as a double spend
8 ) bitcoin marks the orignal transaction as dead (no miners will include it in a block)
9) SR2 escrow receives notification that the oridinal txid is dead
Note: this where all the websites are changing their code base, like SR2 should have when the bug exploit was discovered>
10)  SR2 escrow credits the vendors account for the "dead" funds, believing they are still in the escrow wallet (escrow ledger is now out of synch)
11)  the malleability transaction gets confirmed by miners
12) Vendor A now owns those bitcoins
13) Vendor A now goes into the SR2 escrow service and requests payment again
14) Vendor A is now at step 1 again and continues until the escrow wallet is no longer able to fulfill withdraw requests
14a) Process complete: SR2 sends out a sad message about their wallet being empty


so yes you can lose BTC with transaction malleability.

How do you defeat this?  

There are several ways:

• you send a request to the network for transactions on your wallet address and look to see if there are any between you and Vendor A on the network (check that the inputs aren't still in use)
• Flag the account for human intervention/review when fraud conditions are met
• Re-use the same inputs, so if there is another transaction (mutant) the network will not allow the double pay

or

• use multi-sig transactions with the SR2 service acting as the "Oracle" (What SR2 is talking about in the sad message)

Link & googe cache went dead, but it smells like a scam:

http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Update 2: As the time passes there are more and more suspicions that this was in fact a SCAM by the Silk Road staff – and not a hack, we will post more details about it once, and if we get the full picture.

Update: The amount of BTC that was stolen was calculated by Nicholas Weaver @NCWeaver – Computer Security Researcher, to be around:  4474.266369160003BTC that are with the value of about $2.7 Million.

It was just announced in a post by Defcon the Silk Road administrator (this post will be updated as soon as we get more info) -
Yes, what seemed to be an imaginary situation until not long ago, just became true, the silk road2  – the site who counted to be the security fortress of the deep web just has been hacked with its bitcoin stolen.  as he announced on the sites forums,  we pasted his post here:

[EDIT: link does work again, screenshot removed]

what if you purchasing illegal drug for health benefits?

Thanks for the detailed explanation. Much appreciated!

That is the seized Silkroad 1 bitcoins.

I don't believe that Silkroad 2.0 was hacked at all I believe the person/persons running it did a scam and took all escrow money as it sits in there own little nest egg until the buyer recieves there order then releases it.

There where a lot of legal (not controlled) medications on Silkroad at fairly cheap prices. Sometimes much cheaper than the prices in USA especially.

Even seen on there valium 10mg tablets x 30 $22USD including post. The genuine thing not cheap generic.

I quit reading about five lines into this guy's letter. Does not come across as genuine to me. That's all I know about this issue.

Indeed, certainly didn't read like he was "sweating" whilst typing it up.

"I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue "

the excuse of the day, take one pass it down to the next exchange ...

Sweating with excitement about all the free coins he's just got, or maybe out of fear if he gets caught  :D. He seems like a hypocrite too, he slammed DPR for allegedly ordering hits now he essentially says do what you want to the people if you find them.

Think its related to Tx Maleability, BlockChain.info do not shows correct balance on my cold wallet... Checked locally, all fine..  AFAIK, it should resolved itself overtime @ blockchain.info.. Is this correct ?

And who said they were not? SR 1.0 made 125k BTC in a year.

The new SR is no where as popular or as respectable as the old one.

Get hacked and loses coins..
blames transaction malleability.

Oh lord..... How did I miss this thread.

Misleading thread title.

Should at a minimum be "SR2 admins allege "hack", ~4000 BTC stolen".

This could be Inputs.io v2.0
All these (alleged) hacks..

Yup, and it's so easy... And some people are so gullible, too.

Tought about it.. It is because blockchain.info dont know that the address were the change has been sent belong to the wallet... I just look @ a BTC the address I use to deposit in the cold storage.  It's not a blockchain.info wallet.

sorry for this missleading tought, and wrong thread btw !

/\ya rinse and repeat lmao

That does not make it respectable or trustworthy. They just cashed in on the old name with the hopes of making some serious cash. Before DPR1's arrest these guys were making 4k a month each. Now they are pulling in close to 100k a month to split between themselves.

You really need to stop looking at this with rose tinted glasses.

anything that's drug related is generally bad. It needs to be peer 2 peer instead of site based. And you need to be able to trust your guy. Basically, you only do transactions with people you trust.

Don't worry, this could never happen with the upcoming Silk Road 3.0 because you see government regulation of businesses is bad

More bad news, when does it get better?

Very original..

Why does the network invalidate the original transaction and confirm the second? Does that happen every time, the newer transaction with the same inputs wins? That does seem like a flaw in the protocol if that is the case.

bitcoin is like the homosexual to currency (don't get my wrong 1000 BTC is good, but peercoin is the way to go long term)

bitcoin is a baby out there ! so we shall be very carefull
also if someone is dealing with bad things like drugs etc should be ready to take its chances

dark coin marketplace will be opened soon by Satan himself i've heard

Silk road wasnt hacked. The owners took off with the coins, were duly exposed and now the forum is awash with thread after thread of distraught memmbers who are understandably after his blood. admin and mods tried to blame transaction malleability and  alleged the entire funds had been stolen under their noses.

you know, I really hate it when people come on here and start threads without checking the facts first.

Yes, and 90% of SR1's life Bitcoin was worth less than $15, and 50%+ Bitcoin was worth less that 5$ each. That would definitely make it easy to rack up a large number of coin in a year, eh??

Just for reference, 75%+ of SR2's life Bitcoin has been worth more than $600/coin. See the difference??

Wow, a member for less than a month, and already complaining about people not checking facts!!  ::)

Think they just saw it as a way to easily blame a hack because the coins they had was a nice chunk of change and running with it now means less likely to get caught. At end of the day the guy who ran it for years that never stole any coins ended up in a cell & his 100k BTC aren't much use there.

I can't see how this would of happened any other way than the admins taking the funds. Why would it of been setup with an automated system to check stuck transactions rather than have a human look at it. They also claim they knew about exchanges having issues & knew what the issue was so surely if they had an automated system that can re-send funds when it thinks the transaction didn't go through surely he would of shut it down or turned it off.

I'm sure most people in his position would take the money & run.

Lol. Er, yeah, I have been a member of bitcoin forum for less than a month and that means I'm automatically wrong about something I post does it? Maybe you should check your own facts before you write or people might start thinking you're a complete idiot. ;)

Except, they did get caught. dpr2 and defcon has run off with members' coins, are being slammed around their own forum, no wait, Ross's forum --  and they are pissed. Guess the lesson is don't deal with a darknet, especially one with a bad track record. As for all these idiots pretending to know what they are talking about based on number of posts, it's getting really boring. Maybe hit the gym a bit. :)

Well thanks to this and sheep I'm sure no one will trust a market place where admins have access to all the coins

3 Signatures on a transaction vendor / buyer / escrow and 2 signatures needed to release funds is the only way to go now & if site gets taken down no coins will be lost and vendor can still get the money.

I won't believe that one guy was able to hack silk road 2.0 ! Maybe he had help.
Many states don't like bitcoins, so i can imagine that he got "governmental help" to destroy reputation of Bitcoin in the world

It'd be nice if a mod would change this stupid subject line, which is a complete lie.  SR2 was not hacked.  You morons just got your money stolen, which was entirely predictable, you stupid dope fiends.

Well this is the explanation they gave and how it was reported. Only time will tell what truly happened.

So is the jury out wether this was a hack or inside job yet?


What the hell does that mean?

I think, attempting to translate the poster's original comments, that it means "I am really dumb." 

I could be wrong, though.

I took it as the silk road 2 owner seen what was going on with exchanges and TM issue with the bit coin source then thought "Hmm if I claim I got hacked because of the TM issue" then I can steal people's coins and get away with it easily.

VOILA.

I wish Silk road 1.0 and 2.0 never exists.

Alleged hack, yes.

Of course. I mean, given how often this happens- its hard to understand why someone would deposit funds on these things.

it begs the question, which is more trustworthy - the dealer or the market.
I'd say the dealers are far more trusting, and if you want to buy your goods, always FE because there is less risk in FE than letting the market hold escrow for you. it's probably already been said.

Neither. You can't trust anyone - it's the nature of the business.

'self-respecting thief'? That's an interesting concept.

It's hard to understand why someone would pay someone to send them illegal drugs through the U.S. mail, often to their actual physical home address, turning what would otherwise be a minor possession misdemeanor into a major federal felony subjecting them to following a state jail term with a trip to Club Fed.  

What conceivably makes this look like a good idea?  People are stupid, I guess.

Likely because they realize that very little of the actual mail is checked and they feel that means it won't happen to them. Companies like FedEx and UPS have their own contracted Customs agents to check a random sampling of about 0.02% of all packages unless something suspicious is reports. USPS checks some as well but only international and reported packages from my understanding.

Vendor A (the attacker) sends the cloned tx to a different node in the network, before that node sees the original tx. There are now two txs in the network, and there is no way to tell which one is newer (because the timestamps are exactly the same). There is some luck involved, as the attacker can't guarantee that his cloned transaction will be confirmed in a block (or seen by more nodes) before the original tx, but the attacker can just keep trying with multiple withdrawals.

After Massive Hack, It’s Pay Back Time for Silk Road 2.0


http://www.coindesk.com/pay-back-silk-road-2-0/

Also receiving and signing for an un-opened package at your door is not against the law. Unless someone can prove that you ordered illegal drugs online they have nothing to charge you with. 

Yeah keep telling yourself that.  If you don't think there are plenty of people behind bars for much less you are literally retarded.

They claim to intended to pay it all back, wow, that will take a while!

QFT ROFL!

How many times are people going to get burned by Silk Road before they learn their lesson?

yep, best of luck to anyone with moneys in there!

http://www.coindesk.com/pay-back-silk-road-2-0/

To prove what exactly? If the police cannot catch them why in the world do they care what others think?
Bitcoin has become internet crime's biggest toy in ages. It is the perfect thing for them. Like a kid in a candy store. Every bad guy, hacker, con man, etc is working night and day to rip all of us. And more then likely get away with it to.

Is anyone surprised. I mean i smoke some pot. Definitely dont buy it online tho.

People who deal with those kinds of things are shady!!!

I think this admin is so dumb he thought he could get away with this malleability lie. Drugs have rotted his brain. hahaha

Interesting. Not sure if they'll live up to that promise though. Maybe just buying time or attempting to take  the heat off.

Haha, 4000 BTC says they won't!

You can say that to all scummers :)
Why would they do a good deals and earn money? :) why they want to steal your money?
:)

the answer to that is simple - it's not a long term business.

Yeah, plus the operators of these will probably get caught sooner or later. Maybe it's better to run with a few million and live your life in relative comfort than have to deal with the astounding stress and constant paranoia of running something so dangerous.

They aren't behind bars for receiving a package. They are behind bars for providing a pattern of behavior proving a criminal activity. There was an incident involving an otherwise upstanding citizen receiving a package in the mail. He brought it inside, and LEs swarmed into his home later. Turns out it was a drug dropoff that he had no knowledge of. He didn't get charged.

I've said this before, and I'll keep saying it - if it were a crime to receive a package containing illicit materials, you could send anyone you had a grudge against away pretty easily thanks to the wonders of internet contraband purchasing. I could literally send a package of coke to your house, and make sure to tip off the DEA about it when it ships. They would trap the package, probably GPS it, and storm you when you open it.

Plausible deniability is the cornerstone of of the internet drug market. This fails when they put a hook into you. Once you establish a pattern of criminal behavior, you're done. Then every package received or seized CONTRIBUTES to that pattern of behavior. THEN you do fed time.

But anyway. The thread was about ~4000 BTC being "stolen" from SR 2.0, not the debates over the "intelligence" of running a mail-order drug empire.

The very nature of the business speaks for itself as to the wisdom of treating it as some kind of online wallet.  Of course, even an "honest" online wallet is a crap shoot, and the only place to keep BTC (you don't mind losing) is under your own control in your own wallet (and even there taking it offline into cold storage is preferable).

Come on, silkroad 3.0!

Haha. I'm sure the next market to thrive will be decentralised in nature. SR will have to implement a better escrow system like some other marketplaces are doing.

Silk Road will die.  primarily cause i have to enter the login captcha code like 12 times before it will let me in.

and that whole "we recommend laundering money" thing ticks me off.

i'm not a fucking criminal why should i launder BTC i legally paid for

Works for me usually, but I can't browse the site for long without getting a message about updating servers which I'm sure is just BS.

Silk Road needs to die along with Gox.

I imagine that he got scared that he would be caught by the feds, so instead of taking the profit over time and risking his ass, he decided that he was much safer just stealing the funds all at once.

it is Like Silk Gox :)

or MtRoad :)

should make that fusion ?:D

Nobody in their right mind would risk a mandatory minimum life sentence to deal drugs for any amount of money.

HAHAHA DOPECOINS.com (http://DOPECOINS.com) BRING on silk 3.0!!

Call me back when they do something other than SAY they're going to pay everyone back.  You know, like when they actually DO pay everyone back.  I seem to remember pirateat40 saying he was going to pay everyone back, too.  And at least half the other scammers who waltzed off with other people's money.

same branches of people behind this are the same people behind mtgox, silk road 1 and utopia its not a total blind guess either, they have a penchant

for drugs and ponzi's ultimately they will attack the network itself that's why you should acquire hard assets as part of your portfolio,

http://en.wikipedia.org/wiki/Opium_Wars

http://en.wikipedia.org/wiki/2007%E2%80%932012_global_financial_crisis

You are doing it wrong. It goes on the top of your head.

http://pad1.whstatic.com/images/thumb/5/52/Make-a-Mask-out-of-Tin-Foil-and-Tape-Step-2.jpg/670px-Make-a-Mask-out-of-Tin-Foil-and-Tape-Step-2.jpg

They get paid out of the fee for listings being bought, regardless of what those listings are. If someone sells a pair of shoes on SR, the site gets paid a fee. The problem is that the admins see that silly money being tossed around and choose to get involved in the illicit sale of illegal material.

But to blanket SR admins with "They are drug dealers" isn't accurate at all. If I ran a shadow market, I wouldn't give two damns what people were selling. And I sure wouldn't be a drug dealer. I would just take my fee for each listing, not know or care what it was for, and be happy to provide a free market for ANY type of goods.

I'm sure anyone from SR2/3/4/5/whatever will raise similar arguments if they're ever in front of a jury.  The track record of success of such arguments is pretty mixed, and the penalties draconian when they lose.

I think it got stolen coz they/him/she got hold of the private key/s to the wallet/s
coz the server(nutin to do with BTC net) security hole. Or it was simply the Admin 2.0.

Hope u did not lose too much coke money.

morons.

FIFY.

Drug dealers really aren't the people you want to owe money to.  I'd be sweating to if I was that little punk.

Have fun 6 feet under, idiot.

I wouldn't say they're drug dealers, but they're certainly facilitating sales and profiting from it.

It's one of those distinctions very few people in the real world will care about.  It reminds me of Walt in Breaking Bad insisting that he was a drug "manufacturer" and not a dealer as if this were a moral or even legal distinction.