Home Business IT Security Millions of dollars lost in Bitcoin raid

Millions of dollars lost in Bitcoin raid Featured

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Two Australians are rumoured to be responsible for one of the biggest online heists in Internet history, with $3 million in Bitcoin missing from the second iteration of the Silk Road drug marketplace.

A statement from the website Silk Road 2 says 4400 Bitcoins, which is currently worth about US$2.6 million, were stolen from the site and its users via the 'transaction malleability' bug, which allows attackers to alter the unique ID of Bitcoin transactions before they are confirmed on the network.

The site's admin Defcon said in a post (viewable with an Onion browser at this link) that three users had exploited the recently-discovered bug to steal the Bitcoins, and Aussie users LethalWeapon and mrkermit were suspected of each stealing 2.5% of the total, with the remainder taken by a user known by at least six handles.

In an effort to track down the culrpits Silk Road's administrators released the usernames and transaction information of exactly what was stolen.

Silk Road 2 popped up after the original Silk Road, an online illegal drugs and weapons haven, was sensationally shut down by the FBI last year.

"I am sweating as I write this," Defcon said. "Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as transaction malleability to repeatedly withdraw coins from our system until it was completely empty."

"I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch."

"It is a crushing blow ... I am now fully convinced that no hosted escrow service is safe."

Meanwhile Reddit user LedLevee threw cold water on the 'hacking' claim, instead suggesting the entire operation was a scam by the site's administrators.

Check out the user's post in full below.

"Hacked"
Admins have been "post-poning" updates for months now, with delay after delay. No auto-finalization or resolution center with support means that literaly millions worth of Bitcoins are pilling up in escrow. Buyers and vendors were complaining about this but were told to shut up because the admins were working on it.
The supposed hack isn't possible. Defcon (the guy running SR2) has made a statement as to how it should have happened, except this is impossible. They point to a vulnerability that doesn't allow you to steal Bitcoins from a wallet. The supposed vulnerability was exposed in 2011 and it doesn't allow you to steal, only to hinder transactions being confirmed.
The "hack" is still going on (you can look up Bitcoins and bitcoinwallets in blockchain.info) even though the site is supposedly offline. They're still emptying out the place.
The admins either were planning to scam all along or realized halfway through they are in no way competent enough to run this ship and this was the best way to throw in the towel while still getting rich.
Edit: Lots of people commenting how this is devastating to Bitcoins. I doubt it is. Bitcoins have taken a lot of hits before, the most memorable being the SR1 bust (which was a much greater amount of coins) and most recently, the Chinese government blocking it. It's recovered from both, and if anything, gained in value (although I'll agree the $1000+ prices were a bubble perhaps). The same thing happened when SR1 got busted and they went up again afterwards, it's just the market's knee-jerk. Also, Silk Road ≠ the entire Bitcoin market.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun. He also writes for Junkee and Fasterlouder. You can email him at david.swan@itwire.com or follow him at twitter.com/mrdavidswan

Connect