Using the same transaction malleability bug in bitcoin’s protocol that led to bitcoin exchanges like Mt. Gox and BitStamp shutting down withdrawals, hackers cleaned out the bitcoin wallet belonging to Silk Road 2, an underground Internet black market that launched in October after the FBI shut down the original Silk Road.
The hackers made off with 4474.27 bitcoins, roughly the equivalent of $2.7 million.
Silk Road 2’s administrator, known by the username Defcon, said that because transaction malleability is a problem with bitcoin itself, none of its anti-hacking measures could prevent the hack. The only currency accepted on Silk Road 2 is bitcoin.
As it did when the original Silk Road was shut down, news of the hack drove down the cost of bitcoin (some believe the now-imprisoned founder of Silk Road had ties with the mysterious creator of bitcoin). This time, bitcoin tumbled $50 and is currently sitting around $600 per bitcoin.
Silk Road 2 used a centralized escrow service to send and receive bitcoins from buyers and sellers, and only used the bitcoin transaction ID to confirm the transfer. The transaction malleability bug allows nefarious users to mask the transaction ID and continually ask an account to deposit more bitcoins. Defcon alleged that six users colluded to exploit this bug with Silk Road 2’s automatic verification system to drain the entire centralized account of its bitcoins.
Defcon said that in hindsight, the bitcoin system was foolish, especially with news that hackers had started an organized attack against bitcoin exchanges using the transaction malleability bug.
“I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported,” Defcon wrote on a blog post, which Deep Dot Web re-posted here. “I was slow to respond and too skeptical of the possible issue at hand.”
In true Silk Road style, Defcon posted transaction logs that show the stolen coins and user information associated with them to encourage the Silk Road community to “use whatever means you deem necessary to bring this person to justice.” Ross William Ulbricht, the man charged with founding and running the original Silk Road, was accused by FBI agents for trying to assassinate a Silk Road user for trying to blackmail him.
Defcon also attempted to appeal to the emotions of the hackers to get them to return the stolen bitcoins.
“It takes the integrity of all of us to push this movement forward,” Defcon said. “Whoever you are, you still have a chance to act in the interest of helping this community.”
“Being a part of this movement might be the most defining thing you do with your entire life. Don’t trade that for greed, comrades.”
Apparently the Silk Road 2 admins are not familiar with the adage "no honor among thieves."