So-called Silk Road 2, the sequel to the Internet’s most notorious black market, has been hit with a theft of bitcoins worth millions. Some reports put the amount stolen at nearly $3 million.
Hackers reportedly emptied Silk Road 2’s bitcoin wallet using the same “transaction malleability bug” in bitcoin’s protocol that apparently led to bitcoin exchanges such as Mt. Gox and Bitstamp shutting down withdrawals.
But was it hackers or an inside job? Conjure throughout bitcoin land points to operators of the site.
An administrator of Silk Road 2 who identified himself as “Defcon” explained on the site’s forums what had happened:
“Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
“Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.
“Despite our hardening and pen-testing procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.”
The full post can be read at DeepDotWeb.
Defcon denied that he was involved in the theft.
He said: “I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported.”
With the malicious DDoS attacks on various bitcoin exchanges this week, along with this latest theft report, bitcoin’s price has been dropping, nearing $500 Thursday, before recovering somewhat closer to $600 on most exchanges early Friday
Silk Road 2 launched in October after the FBI shut down the original Silk Road.