Bitcoin Forum
October 14, 2024, 06:17:55 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 »  All
  Print  
Author Topic: Silk Road 2.0 hacked through malleability, ~4000 BTC STOLEN  (Read 28413 times)
codro (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
February 13, 2014, 08:20:59 PM
 #21

Am I missing something here? The coins are still there...

https://blockchain.info/address/1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX

Those are the wrong coins. This is SR 2.0 not SR.

Not sure onthe amount of coins stolen, but I don't think it's over 500ish or so based on the withdrawal addresses they disclosed.
checker
Sr. Member
****
Offline Offline

Activity: 340
Merit: 252



View Profile
February 13, 2014, 08:24:23 PM
 #22

Am I missing something here? The coins are still there...

https://blockchain.info/address/1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX
These money are belong to FBI.
They were taken from SilkRoad 1.0 by FBU with the next wallet
https://blockchain.info/address/1FfmbHfnpaZjKFvyi1okTjJJusN455paPH
But the topic is about SilkRoad 2.0
I don't know anything about their bitcoin-address.

Xoчeшь oтблaгoдapить - кинь биткoинoв, cкoлькo нe жaлкo- бyдy paд!
(If u want to say me thanx - give me some bitcoins Smiley )
1NXsbppu1B2exLUY8i5cYbQxbc2zWtiTAY
g27wr
Full Member
***
Offline Offline

Activity: 221
Merit: 100


I like guns.


View Profile
February 13, 2014, 08:27:03 PM
 #23

Am I missing something here? The coins are still there...

https://blockchain.info/address/1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX

Yes, those are the Silk Road coins seized by the FBI.  This guy is talking about Silk Road 2.

Ah ok, that makes more sense. Thanks.

Gamer67
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250

тσ ¢σιи σя иσт тσ ¢σιи?


View Profile
February 13, 2014, 08:39:36 PM
 #24

Bullshit story. The admins took it.


"I am not Dorian Nakamoto."
rezilient
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
February 13, 2014, 08:49:20 PM
 #25

Can anyone explain how this transaction malleability bug can be exploited to steal coins from a Bitcoin address? I thought it can only happen if you are an exchange, like Gox or Stamp, and people are making withdrawals.

You don't pay enough.
jratcliff63367
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
February 13, 2014, 08:50:01 PM
 #26

If you keep your BTC on an illegal goods website run by drug dealers you deserve to get your funds stolen...


Thank you for the most common sense thing ever said on this topic!  This should be a 'sig'
jratcliff63367
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
February 13, 2014, 08:51:24 PM
 #27

Can anyone explain how this transaction malleability bug can be exploited to steal coins from a Bitcoin address? I thought it can only happen if you are an exchange, like Gox or Stamp, and people are making withdrawals.

I can't explain it to you, because it cannot happen.  This is a blatant lie, the OP stole everyone's coins and, as the other poster said, anyone stupid enough to leave coins on a hosted site dedicated to selling illegal products deserves to have their bitcoins stolen.
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
February 13, 2014, 08:52:06 PM
 #28

I think there is a good chance this was an inside job, but that doesn't matter for the point I'm going to make.

Do not ever leave all coins open to hot withdrawal. That is just stupid. Incredibly stupid.

If you're building or running a service please take note of this. It doesn't matter how good you think your security is. It only takes one hole. Just one to result in disaster. That's irresponsible.

Services: The majority of coins should always be kept in some secure cold storage. As any auto/hot wallet runs low then move funds into it. If customers complain of delays screw them, they'll appreciate not losing their coins more.

Customers: Check that a service stores the majority of their coins safely offline. Leave if they don't or don't complain when they say they lost everything.
whtchocla7e
Full Member
***
Offline Offline

Activity: 392
Merit: 116


Worlds Simplest Cryptocurrency Wallet


View Profile
February 13, 2014, 08:52:24 PM
 #29

Sounds like someone took the coins and is blaming it on a "transaction malleability" hack...

Quote
▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂
World's Simplest and Safest Decentralized Cryptocurrency Wallet!
▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
Gamer67
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250

тσ ¢σιи σя иσт тσ ¢σιи?


View Profile
February 13, 2014, 09:00:30 PM
 #30

Bullshit story. The admins took it.



Bullshit.  The admins aren't dumb enough to damage a multi-billion dollar brand over a relatively small amount of money.



lol, just lol.



"I am not Dorian Nakamoto."
Gamer67
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250

тσ ¢σιи σя иσт тσ ¢σιи?


View Profile
February 13, 2014, 09:02:19 PM
 #31

Also for what it is worth, there are far better markets out there if you are into that sorta thing.

Then again anyone who is smart enough already knows this. Wink

"I am not Dorian Nakamoto."
jongameson
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
February 13, 2014, 09:08:18 PM
Last edit: February 13, 2014, 09:47:15 PM by jongameson
 #32

maybe we need a better system, where we send the dealer the bitcoins directly

or open a Medical Marijuana Clinic in florida



i need it for Depression/Anxiety/Insomnia

cr1776
Legendary
*
Offline Offline

Activity: 4186
Merit: 1312


View Profile
February 13, 2014, 09:11:16 PM
 #33

Can anyone explain how this transaction malleability bug can be exploited to steal coins from a Bitcoin address? I thought it can only happen if you are an exchange, like Gox or Stamp, and people are making withdrawals.

I can't explain it to you, because it cannot happen.  This is a blatant lie, the OP stole everyone's coins and, as the other poster said, anyone stupid enough to leave coins on a hosted site dedicated to selling illegal products deserves to have their bitcoins stolen.

It can happen if withdrawals are automatic, requests for re-tries are automatic, and SR 2 used a transaction ID to confirm withdrawals were successful.  E.g.
1. A withdraws 10 BTC, tx ID 1
2. A successfully changes tx ID 1 to tx ID 1a (malleability)
3. A tells SR 2 that tx ID 1 never arrived
4. SR 2 checks and sees tx ID 1 is not in the block chain so reissues it.  (At least MtGox had a human at this step, but they fell for it too).
5. Goto step 1 until the wallet is drained.

Very poor programming since nothing is final until it is confirmed (including the tx id), and this should not have been automated.

Did this happen or did they take it?  Don't know.

Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.

dope
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
February 13, 2014, 09:15:18 PM
 #34

The SR leaders are filthy filthy rich already.  They're not about to steal a few million and forgo billions in future earnings.


Would you rather rip some people off for a few million?

Or sit back collecting a fat daily paycheck that amounts to billions of dollars after several years.

Run with few million now, or  sit back and wait for feds to bust down your door while you make a bigger paycheck.

I'll take the few million now
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
February 13, 2014, 09:16:48 PM
 #35

The SR leaders are filthy filthy rich already.  It would not make economic sense for them to steal a few million and forgo billions in future earnings.


Would you rather rip some people off for a few million and have them switch over to competing sites?

Or sit back collecting a fat daily paycheck that amounts to billions of dollars after several years?

How about getting a big fat paycheck before getting caught? And eventually they would.
rezilient
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
February 13, 2014, 09:19:06 PM
 #36

Quote
Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.

Does Coinbase fall in this category?  I create the address using Coinbase, where is my private key??

You don't pay enough.
fluidjax
Hero Member
*****
Offline Offline

Activity: 750
Merit: 601



View Profile
February 13, 2014, 09:21:56 PM
 #37

Release the source code and prove the bug is real and exploitable.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
February 13, 2014, 09:28:21 PM
 #38


allow me to translate:

"i took your coinz lol!"
That cracked me up.  Cheesy

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
February 13, 2014, 09:32:45 PM
 #39

Release the source code and prove the bug is real and exploitable.



Hmm... billion dollar source code.. free... hmm... no

Seeing as 1.0 made the owner over 125k bitcoin in little to no time, I'm doubting the guy who owns 2.0 stole the coins, unless... the value is extremely high. Do the math, ruining your business for $2M when it can make you 100M in 2 years, if he needed money all he had to do was remove coins from the server that he cant back up if everyone at once wanted to withdrawal.

Now if there was like $50m on the server, yeah, I see it.

The SR leaders are filthy filthy rich already.  They're not about to steal a few million and forgo billions in future earnings.


Would you rather rip some people off for a few million?

Or sit back collecting a fat daily paycheck that amounts to billions of dollars after several years.

Run with few million now, or  sit back and wait for feds to bust down your door while you make a bigger paycheck.

I'll take the few million now

This only makes sense if
1. They're located somewhere the government cares.
2. They made the same foolish mistakes 1.0 did, such as use the same usernames on a website linked to your name, and your drug site at the same time.
3. 2.0 shuts down.
blaaaaacksuit
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Who cares?


View Profile
February 13, 2014, 09:34:03 PM
 #40

The SR leaders are filthy filthy rich already.  They're not about to steal a few million and forgo billions in future earnings.


Would you rather rip some people off for a few million?

Or sit back collecting a fat daily paycheck that amounts to billions of dollars after several years.

Run with few million now, or  sit back and wait for feds to bust down your door while you make a bigger paycheck.

I'll take the few million now

This, and also +1
Pages: « 1 [2] 3 4 5 6 7 8 9 10 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!