Silk Road 2.0 hacked through malleability, ~4000 BTC STOLEN

[adicted]

Just a rumors from what i see

[1714466483]

1714466483

[1714466483]

1714466483

[vqp]

Can anyone explain how this transaction malleability bug can be exploited to steal coins from a Bitcoin address? I thought it can only happen if you are an exchange, like Gox or Stamp, and people are making withdrawals.

loop:
deposit btc
withdraw btc
generate a new txid for the same transaction
get the new tx mined before the original
hope SR system has a bug and keep your balance intact if the original tx is not mined
go loop

[j3steven]

Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.

Does Coinbase fall in this category?  I create the address using Coinbase, where is my private key??

Curious about this same question as to does Coinbase fall under this? 

[jongameson]

4000 BTC is a lot.  hopefully we'll have free withdrawals next Silk Road 3.0 runaround

[Stevets]

Someone needs to make a movie about Bitcoin.

[farlack]

4000 BTC is a lot.  hopefully we'll have free withdrawals next Silk Road 3.0 runaround

4000 BTC isn't a lot when the potential to make 2x that monthly in profit is available..

[the_poet]

@OP 4,000? TechCrunch talks about a whopping 88,000 BTC!

http://techcrunch.com/2014/02/13/silk-road-2-hacked-88000-bitcoin-allegedly-stolen/

[kazzy]

It's going down because bitcoin is now vulnerable to hackers.

Is this why the BTC price is rocketing downwards atm? Because the thief is dumping all the stolen coins?

[raskul]

It's going down because bitcoin is now vulnerable to hackers.

Is this why the BTC price is rocketing downwards atm? Because the thief is dumping all the stolen coins?

agreed, however, I don't believe for a minute that the malleability issue has been the cause of this theft. I think it's more to do with $44million in the hands of the people who run silk road, and they'll simply bring the marketplace back up, and do it all over again. The same thing happened with BMR (Black Market Reloaded) and also Sheep... way before the excuse of the malleability was proffered.

[Frost000]

If you keep your BTC on an illegal goods website run by drug dealers you deserve to get your funds stolen...

I wouldn't say they deserve it, but they should at least not be too surprised.

[4appetite]

Does anybody think that this article is a spoof?

[misternanyte]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

[Frost000]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

No. I think it's between the site developers or a hacker (or group of) that found a vulnerability.

[Noisskal]

Now at least they are not stupid to let the gorverment have the bitcoin . it must be backup 

[thethingis]

Thread title is wrong.

SR2 was not 'hacked'. This was theft from a pool of money about as secure as a blind busker's tophat.

[cr1776]

Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.

Does Coinbase fall in this category?  I create the address using Coinbase, where is my private key??

Curious about this same question as to does Coinbase fall under this? 

Coinbase and many other sites are reputable, but no one is perfect. SR 2 (unless they are crooks) made a dumb error and lost a lot of coins. Ditto Gox. Ditto others. Ditto some of the pools.  Has coinbase been hacked? Not yet that we know of.  Have people lost coins at coinbase? People say yes, probably through Trojans, key loggers, and the like.

The best practice is to use cold storage for coins you don't intend to use soon, where you have the private key(s) created using the bitcoin wiki process.

Think about it like this: you send your coins to me, and I'm holding them for you. You have to trust me, trust everyone who works with me, trust everyone who has access to our network (even the NSA can screw up there) and everyone who has access to the private keys.  You also have to trust each of those people to not accidentally screw up by getting malware or just making a mistake in coding. Hopefully most of coinbase's coins are offline in cold storage, but you are trusting them. They are well funded, so probably are okay, but it is pretty easy to move your coins out of there if you intend to keep them for a long while, so even if the chance of them having a problem is low, why not protect yourself?

[misternanyte]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

lol. this sums up this community's logic.

it has to be the tooth fairy or santa claus.

because it couldn't possibly be the DOUCHEBAG WHO RUNS THE SITE.

No one is saying it isn't the idiots who run the illegal site. I'm pointing out ANOTHER *POSSIBILITY* that everyone else seems to be overlooking, however. We know full and well the NSA and FBI have the computing abilities to steal our fucking bitcoins. Whose to say they haven't been practicing for years?

[jongameson]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

why can't they use their bitcoin power to hash at 100 PH/s

[misternanyte]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

why can't they use their bitcoin power to hash at 100 PH/s

Because a quantum computer is an ANALOG computer, not a digital one, you can literally program them to do anything, even hash bitcoin. Whose to say they haven't been doing that?

[Frost000]

look guys. The FBI and NSA and probably CIA already have quantum computers that can completely wipe out bitcoin. The bitcoin developers KNOW this and talked about it recently. Isn't it conceivable that THEY stole the money? That THEY are responsible for the DDoS attacks?

lol. this sums up this community's logic.

it has to be the tooth fairy or santa claus.

because it couldn't possibly be the DOUCHEBAG WHO RUNS THE SITE.

No one is saying it isn't the idiots who run the illegal site. I'm pointing out ANOTHER *POSSIBILITY* that everyone else seems to be overlooking, however. We know full and well the NSA and FBI have the computing abilities to steal our fucking bitcoins. Whose to say they haven't been practicing for years?

because the history of thefts have always been exchnages, and site owners, and script kiddies.

stop pulling conspiracy shit out of your tinfoil hat. it's the usual suspects.

Exactly. People just want it to be the government so they can continue saying that governments are bad...