Usr6 Posted February 15, 2014 Report Share Posted February 15, 2014 Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow account.The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods. Hackers were able to use the transaction malleability bug because the Silk Road used only transaction ID to confirm the transfer of bitcoins. You can read more about the problem here.They supposedly run an automated refund system for their vendors that relies on the TXID to verify transactions. Their claim is that six vendors colluded to exploit that system by ordering from one another and then submitting circular refund requests.Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.The site’s users are currently attempting to track down the thief. Writes Defcon:# Attacker 1: (Responsible for 95% of theft) Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively. ## Usernames used: narco93 ketama riccola germancoke napolicoke smokinglifeNews of the theft has driven the price of BTC down by about 50 points and it’s currently hovering at 600. We’ll post more information on the hack and the exploit as we get it. Defcon, for his part, is calling for further decentralization of online markets and currency.“No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize,” he wrote.Sursa: Silk Road 2 Hacked, Over 4,000 Bitcoin Allegedly Stolen | TechCrunch Quote Link to comment Share on other sites More sharing options...
kalinin Posted February 18, 2014 Report Share Posted February 18, 2014 concluzia :trust nobody .... Quote Link to comment Share on other sites More sharing options...
Elohim Posted February 18, 2014 Report Share Posted February 18, 2014 concluzia :trust nobody ....Ce cacat de concluze e asta? Asta ai inteles tu din articol ? Ca furtul s-a putut intampla datorita increderei ?V-au prostit legalele alea de tot.Nu mai degraba de un setup prost si o securitate slaba ?The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. Quote Link to comment Share on other sites More sharing options...
fjtr Posted February 20, 2014 Report Share Posted February 20, 2014 Increderii bo$$ si vezi ca ninja era forta! Quote Link to comment Share on other sites More sharing options...
kalinin Posted February 21, 2014 Report Share Posted February 21, 2014 But many skeptical Silk Road users are pointing their pitchforks at Silk Road administrators, accusing them of faking the hack and stealing the money themselves.Given the lack of regulation of Bitcoin, and given that the dark net operates more or less beyond the law, investigating and proving such charges would be tough.This is just another episode that points to how dangerous it can be to trust Bitcoins to exchanges that don't rate such trust.Even back in the early days of Bitcoin, they were tempting targets for thieves.*Silk Road 2.0 emptied out by a hole in its Bitcoin pocket | Naked SecurityAlleged Silk Road 2.0 Hacker Doxxed!?Is this real or just another attempt to spread disinformation to divert the attention from the real people who stole the money? You decide. (Our notes in red for those of you not familiar with all the names)=====Start Quote====*Mods please do not delete this, I don’t give a fuck about anti-doxxing policies and I’ve worked very hard, paid out of my pocket and have open myself to exposure to put this thieving fuck on blast*Everyone else: quote and take a screen shot immediately incase this gets taken down“Pritel” – real name: PXXXXX LuXXXXAddress: 6.XXXXX PXXXXX, ŽXXXXX – PXXXXX (XXXXX Republic)Hey XXXXX, hows it feel reading this? Panicky? I won’t ask you or enter a dialogue XXXXX, but I’m going to insist you contact Defcon (Silk road 2 admin) or one of the moderators and arrange to pay back the money. Or ask them for an address and if by magic the funds show up, you’ll probably live out the rest of your life relatively healthy. If not.. there’s people who’s money you’ve taken who will probably make you wish you were in hell. Understood XXXXX? Fuck you and your ratfuck thievery.I’m going to keep this short. Stexo (Known money launderer used to be active on SR1, suspected of being DPR2) had given laundering advice to some XXXXX during SR1, who were also shopping around code they “claimed” to have breached or obtained from Gox and Btc-E. Don’t know if they’re legitimate devs or just malicious fucks, and it’s irrelevant at this point. SR2’s initial back end and engine was coded by one of these guys on contract, “PXXXXX”. Libby had thought it would be useful to farm out some of the initial development of SR2 to one of the XXXXX devs and asked fucking stexo to make an introduction. Lib (Libertas – One of the arrested Silk Road forum moderators) introduced PXXXXX to Defcon in October, and he did whatever initial development he was paid for. Before the site went live his contract was up and Defcon and party took control of the admin stuff. Most likely this is the reason for the initial spotty site access in the initial days – Def just didn’t understand a lot of the code and kept fucking around with it.A VERY reliable source has confirmed to me unequivocally that PXXXXX (PXXXXX LUXXXXX) has been bragging that he hit Bitstamp, SR, and Gox with DDoS, flooded them with mutated transactions, and even made a fortune. TL;DR – XXXXX former contractor used the transaction malleability media hoopla (WHICH CAN NOT BE USED TO STEAL COINS) as a cloak to break in and steal. His initial development work probably worked as an advantage, or he kept a clone of the security methods, I don’t know – but PXXXXX LUXXXXX is now THOUSANDS OF BTC RICHER THEN HE WAS A WEEK AGO.Libertas should NOT have recommended this piece of shit solely because they were previous clients of stexo’s. And stexo is not an authority on developers or computer security just because he once advised him and his merry band of XXXXX bottom feeders on how to launder their BTC.All of this initial incompetence brings us to a hack/heist of millions of dollars. Un fucking believable, and un fucking acceptable.I’ve tried my best to present as much facts as I could obtain, and believe me I have spent my own time, energy and funds getting this information and putting the pieces together. IF THIS POST IS DELETED, I will REPOST IT FROM DIFFERENT ACCOUNTS EVERY HOUR OF EVERY DAY AD NAUSEUM.6.XXXXX PXXXXX, ŽXXXXX – PXXXXX (XXXXX Republic) .. how do you feel buddy? Didn’t expect this huh?Anybody in PXXXX or around this area.. I can’t advise you on what to do, but..use your imagination.Oracle=====End Quote====By the time we posted this, it was already published on the Silk Road Sub reddit as well and will probably gets deleted soon. some users were quick to react and offering to go and check the address for themselves:redditWe can only hope this will end well.Now we will still be following the forums as it was told by the Oracle that he will keep posting this again and again until all the stolen funds are returned. the most interesting question is if this will lead to some of the money being returned or now, we will update as we will have more information. Alleged Silk Road 2.0 Hacker Doxxed!? | Deep Dot WebSilk Road's new administrators said hackers exploited a Bitcoin glitch to steal funds. But in the days since the attack, it's become painfully clear that the Bitcoin system isn't to blame. Only two scenarios exist, says Andreas Antonopoulos an engineer at Bitcoin wallet service Blockchain: Silk Road's leaders were fooled into emptying all their accounts willingly, or they simply swindled their customers themselves. CNN: Bitcoin system not to be blame in Silkroad bitcoin theft : SilkRoad Quote Link to comment Share on other sites More sharing options...
Gilbert Posted February 23, 2014 Report Share Posted February 23, 2014 Ce cacat de concluze e asta? Asta ai inteles tu din articol ? Ca furtul s-a putut intampla datorita increderei ?V-au prostit legalele alea de tot.Nu mai degraba de un setup prost si o securitate slaba ?How long will a good security hold then? From my experience is that the best security only holds for 7 days, then it is hacked.But to devolep the best security, it can take up to a few years. So it is a lost race anyway, and still there are many people who dont want to admit that you cant secure what effer is put on the internet. The problem from that lays in the foundation from the devolepment from the internet. The used internet protocols where devoleped to let univercities exchange researche information. In that time nobody got the idea that the world become crazy to hang all on the internet. So that is why in the first years of the internet there was not thought about securing the data. With as result that it now isnt able at all any more to secure because of the mass of the network. Quote Link to comment Share on other sites More sharing options...
