Silk Road 2 loses $2.7m in bitcoins in alleged hack

by | February 16, 2014 12:00 am



The anonymous online marketplace Silk Road 2 says it has been hacked resulting in the loss of all its customers’ bitcoins.

An administrator for the site said hackers had manipulated computer code enabling them to withdraw $2.7m (£1.6m) worth of the virtual currency.

It follows similar attacks on two exchanges that trade in bitcoins earlier in the week.

Silk Road 2 is known for selling drugs and other illegal items.

The site is only accessible through Tor, a network that allows users to browse anonymously online. The virtual currency Bitcoin is often used in transactions as it also grants users a degree of anonymity.

The original Silk Road site was shut down by the FBI in 2013 but those behind it said they would start a new site and shortly afterwards Silk Road 2 appeared online.

Completely empty
In a statement posted on Silk Road 2 forums, the administrator of the site, known as Defcon, said: “We have been hacked.”

“Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.

“Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty,” he said.

Transaction malleability involves someone changing the cryptographic code – known as a transaction hash – used to create an ID for the exchange of funds before it is recorded in the blockchain – a database of every transaction carried out in the currency.

This method can result in the system thinking a transaction has not been carried out when it has and therefore repeatedly paying out bitcoins.

The two exchanges hit by attacks earlier in the week, MtGox and Bitstamp, had suspended transactions to prevent it happening again.

Defcon admitted that Silk Road 2 should have done the same.

BBC

Tags: