Silk Road 2.0 falls victim to Bitcoin protocol flaw
Source: Craig Manning
Silk Road 2.0, the second incarnation of a well-known and extremely controversial black market website, was hit with a major bombshell on Thursday.
According to a report from Tech Crunch, the website was besieged on Thursday by hackers hoping to take advantage of its bitcoin transactions. Defcon, one of the site’s administrators, revealed in the Silk Road forums that the hackers had managed to take advantage of a “transaction malleability exploit” to break into the site. After that, the hackers’ target was the Silk Road 2.0 central escrow account, which was reportedly emptied of about 4,400 bitcoins, or $2.7 million.
Apparently, the transaction malleability bug is a common problem with Bitcoin-related services. Just last week, similar attacks befell Mt. Gox and Bitstamp, two of the most widely used Bitcoin exchange services on the web, causing both to halt service and cease transactions until they could find a solution to the problem. Halted exchanges didn’t stop hackers from going after black market sites like Silk Road, however. On Silk Road 2.0, the central escrow account is used to send payments from buyers to sellers and to essentially serve as the middle man that makes transactions difficult to track. Since Silk Road traffics in drugs, criminal services, and other illegal commodities, buyers and sellers on the site are especially concerned with the traceability of their transactions.
The Silk Road escrow account also plays another role, however, and that is to issue refunds to buyers for unshipped transactions. Supposedly, this is the concept that hackers exploited to empty the escrow account, setting up vendor accounts on the site, ordering from one another, and then requesting refunds for the unpaid transactions. Using this circuitous method, the hackers were able to quickly drain the escrow account and make off with millions of dollars in bitcoin.
Precisely what’s next for Silk Road 2.0 remains to be seen. Several users of the site were up in arms over the hack and were theorizing that market administrators could have manufactured the hack and stolen the money themselves. After all, other bitcoin marketplaces have fallen prey to greedy administrators in the past. However, it is more likely that hackers have simply been making the rounds of online Bitcoin services since the transaction protocol flaw was revealed.
| }
|