Bitcoin Forum
October 13, 2024, 01:49:05 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Cannabis Road hacked despite using 3 levels of multi sig, 200 BTC hacked  (Read 2852 times)
iluvpie60 (OP)
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500


View Profile
August 26, 2014, 12:29:28 PM
 #1

So how does this happen then? Was their server where the main hot wallet was storing bitcoins not multisig for protection or how does that work? Things that make you go hmmm.

http://www.coindesk.com/black-market-cannabis-road-hacked-loses-100000-bitcoin/ 

Quote

Multisig employed

The success of the attack is particularly notable given that Cannabis Road had moved to integrate safeguards aimed at better protecting user funds through multi-signature technology, an evolution of the traditional wallet offering that introduces an arbitrator to the transaction process.

In a May interview with DeepDotWeb, Crypto indicated that Cannabis Road was using a hybrid version of multisig, however, in part to make the technology easier for its customers to use.

At the time, he indicated that Cannabis Road had added three levels of multisig in response to a rise in attacks against illicit websites, explaining:

    “All three levels start off the same, asking for public keys of the buyer, vendor and market to create the shared (multisignature) address. The buyer sends funds to the shared address. Once the buyer is happy, the buyer agrees to finalize the order, this is where the three levels are offered.”

Two more advanced levels were added on top of this service, both of which put restrictions on the situations in which users would be asked to send their private keys.

thisisthis
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
August 26, 2014, 12:31:27 PM
 #2

That hacker should be hired by some big company like google or microsoft (after some years in jail of course).
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
August 26, 2014, 12:46:30 PM
 #3

maybe its just a lie and they ran off with the money

BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1128



View Profile WWW
August 26, 2014, 12:46:42 PM
 #4

"hacked"


1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
bitkilo
Legendary
*
Offline Offline

Activity: 1638
Merit: 1010


https://www.bitcoin.com/


View Profile WWW
August 26, 2014, 12:57:17 PM
 #5

I would like to see some proofe of a hack before i just belive what they write.
My understanding is that multi-sig is very secure but they were using some hybrid version they said.
I belive i read somewhere that silk road 2 is also in the middle of implamenting multi-sig escrow, maybe they will have 2nd thoughts now.

Jamie_Boulder
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile WWW
August 26, 2014, 12:59:37 PM
 #6

1. Inside job
2. Company lied about their security
3. He's jesus

You decide.

EFS
Staff
Legendary
*
Offline Offline

Activity: 3878
Merit: 2172


Crypto Swap Exchange


View Profile
August 26, 2014, 01:01:52 PM
 #7

maybe its just a lie and they ran off with the money

Of course they ran off with the money. Who do you blame? Tell the police they stole my drug money! Roll Eyes

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Jesu
Full Member
***
Offline Offline

Activity: 166
Merit: 100


View Profile
August 26, 2014, 01:04:28 PM
 #8

maybe its just a lie and they ran off with the money

That's exactly what I thought as soon as I saw this. This is just yet another reason why we need decentralized Markets.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
August 26, 2014, 01:14:22 PM
 #9

maybe its just a lie and they ran off with the money
Guys, come on. We shouldn't accuse them of something. Maybe they were the honest, hard working kind of criminals?  Cheesy

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
montello
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
August 26, 2014, 01:34:18 PM
 #10

"hacked"



Is there a proof to this effect?

Bitcoinpro
Legendary
*
Offline Offline

Activity: 1344
Merit: 1000



View Profile
August 26, 2014, 01:44:14 PM
 #11

Sounds like it was a 2 of 3 multisig, so that means the vendor and market where the same person

though its was most probably a third party wallet so the market knew all three addresses anyway

WWW.FACEBOOK.COM

CRYPTOCURRENCY CENTRAL BANK

LTC: LP7bcFENVL9vdmUVea1M6FMyjSmUfsMVYf
Jesu
Full Member
***
Offline Offline

Activity: 166
Merit: 100


View Profile
August 26, 2014, 01:49:33 PM
 #12

"hacked"



Is there a proof to this effect?

Proof to what? Whether they were hacked or "hacked"? I'm sure some more details will become available soon. Have they provided the addresses where the funds were sent to?
bornil267645
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


AltoCenter.com


View Profile WWW
August 26, 2014, 01:50:55 PM
 #13

I think this is an inside job. Cool Cool

yayayo
Legendary
*
Offline Offline

Activity: 1806
Merit: 1024



View Profile
August 26, 2014, 01:56:26 PM
 #14

I think they've been "hacked" almost for sure. It's the same story over and over again.

Semi-legal and illegal entities that attract funds can easily run away with them, because nobody can persecute them without admitting morally questionable or illegal activity as well.

ya.ya.yo!

.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
bitkilo
Legendary
*
Offline Offline

Activity: 1638
Merit: 1010


https://www.bitcoin.com/


View Profile WWW
August 26, 2014, 02:02:18 PM
 #15

"hacked"


Is there a proof to this effect?

Proof to what? Whether they were hacked or "hacked"? I'm sure some more details will become available soon. Have they provided the addresses where the funds were sent to?
You can follow this link from the story, it show the address that the btc went to.
http://blockchain.info/address/1CatnMd3jsEKhwhSLUf8V862im8gBp3NDF
But this alone is not proof of a hack, just where some btc went.

iluvpie60 (OP)
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500


View Profile
August 26, 2014, 02:06:10 PM
 #16

Drug sites like the one in the OP should be expected to get hacked, they can't try to come after the person legally if they even know who it is and anyone dealing in this activity should have expected it as every one of these sites get hacked or taken by the feds.

interesting theory on that. while it could be quite true that they could run away with your coins because who is going to sue someone for a few thousand dollars of bitcoin when you are using it to buy illegal drugs?

probably no one.


"hacked" is probably a good way to put it.

i really do wonder though if it is possible to intercept the data going between somethinga nd actually grab the sigs then combine then for the multi sig then steal everything.

obviously whoever does that would have to be pretty good at doing that, but if just one person knows how to do it it would seem they are the same person who keeps hitting all these small exchanges also.

i lost like .2 btc on coinex.pw.... had some random mooncoins and small pieces of different coins and it got "hacked" too. but i can never really know.
Jesu
Full Member
***
Offline Offline

Activity: 166
Merit: 100


View Profile
August 26, 2014, 02:09:25 PM
 #17

"hacked"


Is there a proof to this effect?

Proof to what? Whether they were hacked or "hacked"? I'm sure some more details will become available soon. Have they provided the addresses where the funds were sent to?
You can follow this link from the story, it show the address that the btc went to.
http://blockchain.info/address/1CatnMd3jsEKhwhSLUf8V862im8gBp3NDF
But this alone is not proof of a hack, just where some btc went.

I know it's not proof, but people can follow where the money goes and possibly trace it back to someone, or at least it may provide some clues.
zeetubes
Sr. Member
****
Offline Offline

Activity: 371
Merit: 250


View Profile
August 26, 2014, 02:38:22 PM
 #18

I agree with a couple of others above that it was almost certainly an inside job. Just because they have multi sig capability doesn't mean they're actually using it, or at least using it properly. Also, they may have been using a lot of their own product and just forgot to do something.
sandykho47
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251

Knowledge its everything


View Profile
August 26, 2014, 03:02:55 PM
 #19

I doubt they really hacked, expect the one who hacked is highest-level hacker
I think someone inside the company created backdoor & hacked it (when they want)

Maybe they not use 3 level multi sig properly  Huh

But, looks like it "hacked" not hacked

Kemampuanku Tidak semua orang memiliki dan dapat melakukannya . Tidak memakan kaum sendiri . dan mempunyai kode etik yang tidak masuk akal.
CtrlAltBernanke420
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


View Profile
August 26, 2014, 03:20:52 PM
 #20

I agree with a couple of others above that it was almost certainly an inside job. Just because they have multi sig capability doesn't mean they're actually using it, or at least using it properly. Also, they may have been using a lot of their own product and just forgot to do something.

Wasnt there an announcement about 2-3 weeks ago TOR was potentially compromised. Potentially not causing any panic for users or vendors but rather the site operators became vulnerable to.... justice.

I am guessing a inside job considering other sites did shut down on this announcement. Causing a 'migration' of vendors and buyers to other market places. Well these other market places probably were scams from the beginning simply waiting to gain some serious coin, and or once they learned of the potential TOR compromise they decided it wasnt worth the risk any more, but rather than closing shop 3 weeks ago it was more like, wait.. wait. waait.. waaaiit... okay now kill the site, call it hacked, we're done.

Considering most 'hacks' up so far have all very likely been inside jobs, whether it was intentional or not to steal from the ppl, they are likely smashing/burning hard drives right now and destroying potentially incriminating evidence. They hacked you, to save themselves. But they probably didnt mean to let you down, TOR let them down which let the rest of the users down.

If i was the site owner, this probably would have been my logic.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!