Home Business IT Security Millions of dollars lost in Bitcoin raid

Millions of dollars lost in Bitcoin raid Featured

Two Australians are rumoured to be responsible for one of the biggest online heists in Internet history, with $3 million in Bitcoin missing from the second iteration of the Silk Road drug marketplace.

A statement from the website Silk Road 2 says 4400 Bitcoins, which is currently worth about US$2.6 million, were stolen from the site and its users via the 'transaction malleability' bug, which allows attackers to alter the unique ID of Bitcoin transactions before they are confirmed on the network.

The site's admin Defcon said in a post (viewable with an Onion browser at this link) that three users had exploited the recently-discovered bug to steal the Bitcoins, and Aussie users LethalWeapon and mrkermit were suspected of each stealing 2.5% of the total, with the remainder taken by a user known by at least six handles.

In an effort to track down the culrpits Silk Road's administrators released the usernames and transaction information of exactly what was stolen.

Silk Road 2 popped up after the original Silk Road, an online illegal drugs and weapons haven, was sensationally shut down by the FBI last year.

"I am sweating as I write this," Defcon said. "Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as transaction malleability to repeatedly withdraw coins from our system until it was completely empty."

"I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch."

"It is a crushing blow ... I am now fully convinced that no hosted escrow service is safe."

Meanwhile Reddit user LedLevee threw cold water on the 'hacking' claim, instead suggesting the entire operation was a scam by the site's administrators.

Check out the user's post in full below.

"Hacked"
Admins have been "post-poning" updates for months now, with delay after delay. No auto-finalization or resolution center with support means that literaly millions worth of Bitcoins are pilling up in escrow. Buyers and vendors were complaining about this but were told to shut up because the admins were working on it.
The supposed hack isn't possible. Defcon (the guy running SR2) has made a statement as to how it should have happened, except this is impossible. They point to a vulnerability that doesn't allow you to steal Bitcoins from a wallet. The supposed vulnerability was exposed in 2011 and it doesn't allow you to steal, only to hinder transactions being confirmed.
The "hack" is still going on (you can look up Bitcoins and bitcoinwallets in blockchain.info) even though the site is supposedly offline. They're still emptying out the place.
The admins either were planning to scam all along or realized halfway through they are in no way competent enough to run this ship and this was the best way to throw in the towel while still getting rich.
Edit: Lots of people commenting how this is devastating to Bitcoins. I doubt it is. Bitcoins have taken a lot of hits before, the most memorable being the SR1 bust (which was a much greater amount of coins) and most recently, the Chinese government blocking it. It's recovered from both, and if anything, gained in value (although I'll agree the $1000+ prices were a bubble perhaps). The same thing happened when SR1 got busted and they went up again afterwards, it's just the market's knee-jerk. Also, Silk Road ≠ the entire Bitcoin market.

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun.

Connect