Bitcoin Forum
June 25, 2024, 12:58:54 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Cannabis Road hacked despite using 3 levels of multi sig, 200 BTC hacked  (Read 2808 times)
EndlessStory
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
August 26, 2014, 04:13:13 PM
 #21

200 BTC, that's shit load of money. The hacker really is millionaire now!!

Another drawback of BTC..^^
giveBTCpls
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 26, 2014, 04:28:10 PM
 #22

Yeah it could have been an inside job. So another 200 BTC that are about to get dumped?

marcotheminer
Legendary
*
Offline Offline

Activity: 2072
Merit: 1049


┴puoʎǝq ʞool┴


View Profile
August 26, 2014, 04:32:33 PM
 #23

maybe its just a lie and they ran off with the money

Which is the case with most """hacks"""
bitcoinstarter
Hero Member
*****
Offline Offline

Activity: 484
Merit: 500



View Profile
August 26, 2014, 04:32:49 PM
 #24

Yeah it could have been an inside job. So another 200 BTC that are about to get dumped?

My guess it was an inside job for sure.
Hasher99
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
August 26, 2014, 05:09:48 PM
 #25

I wonder what the hacker would have done with those money..

Also was the security flawed that hacker got into?
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1004


Core dev leaves me neg feedback #abuse #political


View Profile
August 26, 2014, 07:50:30 PM
 #26

I wonder what the hacker would have done with those money..
 

probably buy some weed  Cheesy

hhanh00
Sr. Member
****
Offline Offline

Activity: 467
Merit: 266


View Profile
August 27, 2014, 01:13:15 AM
 #27

It is certainly not using multi-sig for their customer accounts. Maybe once they initiate a purchase, the system puts the money in escrow with a multi-sig transaction but before that, the money sits in at an address protected with a single key.

If you want to see why, follow the link they provided to blockchain.info
https://blockchain.info/address/1CatnMd3jsEKhwhSLUf8V862im8gBp3NDF

There are 4 transactions that totalled 50 BTC each. Click on any of them. They have lots of small inputs and a single output. Every input corresponds to a customer account.
Click on any of them. Look for the address in the output side. It's the transaction that funded that account. Follow that transaction. The output script looks like OP_DUP OP_HASH160 xxxxxx OP_EQUALVERIFY OP_CHECKSIG which is a standard pay-to-hash transaction.

Basically, their system has an inherent flaw. When a custom funds his account, he does a normal transaction. They have a script that collects everything from all the deposits and moves it to their own address. From there they can do the multi-sig stuff.

The developper of the website gave the tool to the hacker himself. The hacker just had to change one parameter, the target address and he was done.

Honestly, this looks like very shabby work and also shows once again that we shouldn't believe the marketing crap. Multi sig ... right

RomertL
Sr. Member
****
Offline Offline

Activity: 470
Merit: 250



View Profile
August 27, 2014, 08:46:50 AM
 #28

If they use multisig like Bitgo does, which I'm using, the hacker would have to compromise both the users computer AND the website of the drug-market. Unlikely but not impossible. Since the majority are not using multusig yet I would choose and easier target if I was a hacker I guess...


░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░▄████▀
░░░░░░░░░░░░░░░░▄███████▀
░░░░░░░░░░░░░░█████████▀
░░░░░░░▄████░░████████▀
░░▄█████████████████▀
░░░████████████████▀
░░░░██████████████▀
░░░░░██████░░█████▀
░░░░░░██████████▀
░░░░░░░████████▀
░░░░░░░░██████▀
░░░░░░░░░████▀
░░░░░░░░░░█▀


























▄████████████▀▀█▄
████▀▀▀▀▀░░░▄ ░██
██▄░░░░░░░▄▀░░███
████▄░░░▄▀░░░████
██████▄█░░░░█████
████████░▄░██████
▀███████████████▀
▄████▀▀▀█▀▀▀████▄
████░▄▀▀▀▀▀▄░████
██▀░░░░░░░░░░░▀██
█▀░░░█▀█░█▀█░░░▀█
█░░░░▀▀▀░▀▀▀░░░░█
█▄░░▀▄░░░░░▄▀░░██
▀██▄▄▄█████▄▄▄██▀

▄█▀███████▀▀████▄
██░░▀███▀░░░░▀▄██
███░░░░▀░░░░░░▄██
████░░░░░░░░░░░██
█████▄░░░░░░░░▄██
██▄░░░░░░░░░▄████
▀███▄▄▄▄▄▄▄█████▀

▄███████████████▄
█████▀░▀▀▀▀░▀████
████░░░░░░░░░░███
████▄░░░░░░░░▄███
█▀████▄▄░░▄▄█████
██▄▀▀▀▀░░░░██████
▀██████▄▄▄▄█████▀

▄████▀▀▀▀▀▀▀▀▀▀█▄
███▀▀▀▀▀▀▀▀▀██░██
██░▄███████▄░█░██
██░█▄▄▄▄▄███░█░██
██░▀███████▀░████
███▄▄░░░▄▄▄▄█████
▀█████▄█████████▀


▄████▀▀▀▀▀▀▀████▄
███▀░▄▀█▀██▄░▀███
██░▄█▀░▀░▀▀██▄░██
██░███░▀▀▀ ▀██░██
██░███░████░██░██
██▄░█▄░▄░▄▄▄▀░▄██
▀███▄▄▄▄▄▄▄▄▄███▀

dKingston
Hero Member
*****
Offline Offline

Activity: 482
Merit: 500


LAUNDER BITCOIN: https://BitLaunder.com


View Profile WWW
August 27, 2014, 08:51:24 AM
 #29

Quote
Hahaha nice Smiley

That's probably just fake hack, never trust criminals! (Exept for Ross William Ulbricht)

LAUNDER & ANONYMIZE YOUR BITCOIN:
https://www.BitLaunder.com/?aid=41
pajrinn
Full Member
***
Offline Offline

Activity: 234
Merit: 100



View Profile
August 27, 2014, 09:50:16 AM
 #30

if this news is true ,
should we be carefull  Smiley
Frscott
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
August 27, 2014, 09:51:49 AM
 #31

Another company that says it got hacked how very convenient.
Mars not Moon
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
August 27, 2014, 09:56:09 AM
 #32

200 bitcoins, now that's what real money means. Probably the real owner got indebted or something, I also wonder how the heck did he manage to get into after such a tight security.
itsAj
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
August 27, 2014, 11:00:25 AM
 #33

"hacked"


I think nails it right on the head. Over the past year there have been several illegal TOR drug related sites that have claimed to have gotten hacked at a time when they have reached their peak of amount of deposits from customers. The fact that the owners attempt (and generally are successful) to be anon it will be very difficult for anyone to figure out who had stolen their bitcoin.

For all anyone knows, all of the illegal drug sites that have their coins stolen are all run by the same person/group of people.
Swordsoffreedom
Legendary
*
Offline Offline

Activity: 2800
Merit: 1115


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
August 27, 2014, 11:15:09 AM
 #34

maybe its just a lie and they ran off with the money

That sounds about right, you  can't have multisig transactions hacked unless they all came from the same PC using the same core wallets which defeats the purpose of having a multi-signature wallet.

Where each key is generated independently on separate systems, the only way this would fail is if someone compromised all the computers and the keys or they were stored in a digital server cache like dropbox.
In other words it didn't happen someone either is lying or they really did something stupid to mess that up so badly.

Whatever if it did really get hacked legitimately I look forward to the code audit some core developers will have a field day on this one if it was real ^^. (Something wrong in the ECDSA when generating more than one protection key kid Tongue)

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1004


Core dev leaves me neg feedback #abuse #political


View Profile
August 27, 2014, 12:11:25 PM
 #35

it makes sense also that it was inside job because who wants the risk of running it indefinitely? they have to have an exit strategy and this one gives them a nice pay day.... especially considering it is hard to sell the business as you could do more easily with a legal operation.

realdope
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
August 27, 2014, 12:42:30 PM
 #36

I wonder where are these 200 BTC by now.
BitcoinBarrel
Legendary
*
Offline Offline

Activity: 1961
Merit: 1020


Fill Your Barrel with Bitcoins!


View Profile WWW
August 27, 2014, 04:40:11 PM
 #37

Why would anyone use a Computer to buy illegal narcotics? It just boggles the mind...  Lips sealed



        ▄▄▄▄▄▄▄▄▄▄
     ▄██████████████▄
   ▄█████████████████▌
  ▐███████████████████▌
 ▄█████████████████████▄
 ███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
 ██████████████████████▀
 ▀████████████████████▀
  ▀██████████████████
    ▀▀████████████▀▀
.
.....
.....
.....
.....
.....
.....





Ron~Popeil
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250



View Profile
August 27, 2014, 05:07:22 PM
 #38

With such a robust security supposedly in place I would have to think this was an inside job as well. Unfortunately there is no real recourse for people that lost money in an illegal business. The BTC drug market seems to be destroying itself.

franky1
Legendary
*
Online Online

Activity: 4256
Merit: 4532



View Profile
August 27, 2014, 05:15:14 PM
 #39

maybe its just a lie and they ran off with the money

cha ching, this guy gets it.

as if the customers are now going to go to the cops or try to get a court order saying that their drug money had been stolen.
when dealing with people that handle illegal stuff, assume its them that you cannot trust and that they will be the ones to stab you in the bck first, because they know the customer cant do a damn thing about it.

then assume that they will come up with some cunning excuse to shift the blame to then repeat the same scam again

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1004


Core dev leaves me neg feedback #abuse #political


View Profile
August 27, 2014, 05:17:58 PM
 #40

the "we can't recover from this so we need to shut down" is bogus. it costs next to nothing to run a tor hidden service.  run and pay back the customers , didn't sr2 do that ?

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!