Home Business IT Security Millions of dollars lost in Bitcoin raid

Millions of dollars lost in Bitcoin raid Featured

Two Australians are rumoured to be responsible for one of the biggest online heists in Internet history, with $3 million in Bitcoin missing from the second iteration of the Silk Road drug marketplace.

A statement from the website Silk Road 2 says 4400 Bitcoins, which is currently worth about US$2.6 million, were stolen from the site and its users via the 'transaction malleability' bug, which allows attackers to alter the unique ID of Bitcoin transactions before they are confirmed on the network.

The site's admin Defcon said in a post (viewable with an Onion browser at this link) that three users had exploited the recently-discovered bug to steal the Bitcoins, and Aussie users LethalWeapon and mrkermit were suspected of each stealing 2.5% of the total, with the remainder taken by a user known by at least six handles.

In an effort to track down the culrpits Silk Road's administrators released the usernames and transaction information of exactly what was stolen.

Silk Road 2 popped up after the original Silk Road, an online illegal drugs and weapons haven, was sensationally shut down by the FBI last year.

"I am sweating as I write this," Defcon said. "Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as transaction malleability to repeatedly withdraw coins from our system until it was completely empty."

"I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch."

"It is a crushing blow ... I am now fully convinced that no hosted escrow service is safe."

Meanwhile Reddit user LedLevee threw cold water on the 'hacking' claim, instead suggesting the entire operation was a scam by the site's administrators.

Check out the user's post in full below.

Admins have been "post-poning" updates for months now, with delay after delay. No auto-finalization or resolution center with support means that literaly millions worth of Bitcoins are pilling up in escrow. Buyers and vendors were complaining about this but were told to shut up because the admins were working on it.
The supposed hack isn't possible. Defcon (the guy running SR2) has made a statement as to how it should have happened, except this is impossible. They point to a vulnerability that doesn't allow you to steal Bitcoins from a wallet. The supposed vulnerability was exposed in 2011 and it doesn't allow you to steal, only to hinder transactions being confirmed.
The "hack" is still going on (you can look up Bitcoins and bitcoinwallets in blockchain.info) even though the site is supposedly offline. They're still emptying out the place.
The admins either were planning to scam all along or realized halfway through they are in no way competent enough to run this ship and this was the best way to throw in the towel while still getting rich.
Edit: Lots of people commenting how this is devastating to Bitcoins. I doubt it is. Bitcoins have taken a lot of hits before, the most memorable being the SR1 bust (which was a much greater amount of coins) and most recently, the Chinese government blocking it. It's recovered from both, and if anything, gained in value (although I'll agree the $1000+ prices were a bubble perhaps). The same thing happened when SR1 got busted and they went up again afterwards, it's just the market's knee-jerk. Also, Silk Road ≠ the entire Bitcoin market.

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.




VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!


David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities