Home Business IT Security Millions of dollars lost in Bitcoin raid

Millions of dollars lost in Bitcoin raid Featured
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Two Australians are rumoured to be responsible for one of the biggest online heists in Internet history, with $3 million in Bitcoin missing from the second iteration of the Silk Road drug marketplace.

A statement from the website Silk Road 2 says 4400 Bitcoins, which is currently worth about US$2.6 million, were stolen from the site and its users via the 'transaction malleability' bug, which allows attackers to alter the unique ID of Bitcoin transactions before they are confirmed on the network.

The site's admin Defcon said in a post (viewable with an Onion browser at this link) that three users had exploited the recently-discovered bug to steal the Bitcoins, and Aussie users LethalWeapon and mrkermit were suspected of each stealing 2.5% of the total, with the remainder taken by a user known by at least six handles.

In an effort to track down the culrpits Silk Road's administrators released the usernames and transaction information of exactly what was stolen.

Silk Road 2 popped up after the original Silk Road, an online illegal drugs and weapons haven, was sensationally shut down by the FBI last year.

"I am sweating as I write this," Defcon said. "Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as transaction malleability to repeatedly withdraw coins from our system until it was completely empty."

"I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch."

"It is a crushing blow ... I am now fully convinced that no hosted escrow service is safe."

Meanwhile Reddit user LedLevee threw cold water on the 'hacking' claim, instead suggesting the entire operation was a scam by the site's administrators.

Check out the user's post in full below.

"Hacked"
Admins have been "post-poning" updates for months now, with delay after delay. No auto-finalization or resolution center with support means that literaly millions worth of Bitcoins are pilling up in escrow. Buyers and vendors were complaining about this but were told to shut up because the admins were working on it.
The supposed hack isn't possible. Defcon (the guy running SR2) has made a statement as to how it should have happened, except this is impossible. They point to a vulnerability that doesn't allow you to steal Bitcoins from a wallet. The supposed vulnerability was exposed in 2011 and it doesn't allow you to steal, only to hinder transactions being confirmed.
The "hack" is still going on (you can look up Bitcoins and bitcoinwallets in blockchain.info) even though the site is supposedly offline. They're still emptying out the place.
The admins either were planning to scam all along or realized halfway through they are in no way competent enough to run this ship and this was the best way to throw in the towel while still getting rich.
Edit: Lots of people commenting how this is devastating to Bitcoins. I doubt it is. Bitcoins have taken a lot of hits before, the most memorable being the SR1 bust (which was a much greater amount of coins) and most recently, the Chinese government blocking it. It's recovered from both, and if anything, gained in value (although I'll agree the $1000+ prices were a bubble perhaps). The same thing happened when SR1 got busted and they went up again afterwards, it's just the market's knee-jerk. Also, Silk Road ≠ the entire Bitcoin market.

ITWIRE SERIES - REVENUE-CRITICAL APPS UNDERPERFORMING?

Avoid War Room Scenarios and improve handling of critical application problems:

• Track all transactions, end-to-end, all the time and know what your users experience 24/7

• View code level details with context and repair problems quickly

• Fix problems in minutes before they wreak havoc

• Optimize your most important applications, Java, .NET, PHP, C/C++ and many more

Start your free trial today!

CLICK FOR FREE TRIAL!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Swan

joomla statistics

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the tender age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun. You can email him at david.swan@itwire.com or follow him at twitter.com/mrdavidswan

Connect