Unknown hackers were able to steal all the bitcoins that belonged to the online store of drugs Silk Road 2.0. The head of the site reported this on the forum, Forbesreports .
Administrator Silk Road 2.0, hiding under the pseudonym Defcon, said that the attackers managed to steal all the bitcoins that belonged to both the online store and its users. As a result of the internal investigation it was established that behind the attack there are three people: two from Australia and one from France. The Frenchman is responsible for 95 percent of the stolen funds.
Do not stop at anything to bring this person to your own understanding of justice. Defcon
How many bitcoins were stolen, Defcon did not specify. First, estimates of 80,000 virtual currency units appeared in the media, but then Nicholas Weaver of the International Institute for Computer Research estimated the leakage at 4,400 bitcoins. At the current exchange rate it is about 2.7 million dollars.
According to the administration of the site, the funds were stolen by using a vulnerability in the Bitcoin protocol, called “transaction flexibility.” Because of it a few days before the incident, several large bitcoin-exchanges suspended operations. By itself, “transaction flexibility” is a feature of the protocol that prevents two identical transactions – if in a short period of time there are two operations with the same requisites, the earlier one is rejected by the system.
As explained by TechCrunch , the attackers mimicked the transaction through Silk Road 2.0, and then filed an automatic application for a refund for the undelivered goods. When refunding, they used “transaction flexibility”, generating exactly the same operation as the system. The latter checked only the transaction ID, so for it everything looked as if the bitcoin transfer did not take place. And since the online store used a centralized bitcoin-purse, the money was refunded from it, and after repeating the operation many times, the hackers managed to empty the storage.
However, not all users of Silk Road 2.0 have believed in the explanations of the administration of the service. Some noted that the “flexibility of transactions” has been known for two years, and most experts on bitcoin claim that it is not applicable in real conditions. From this they concluded that the said vulnerability was used by Defcon as an excuse for its incompetence. Others reminded that the site’s leadership was repeatedly urged to turn off the forum for a while and start to patch the security holes.
There were also users who directly accused the administration of the service of lying and hand-stealing the accumulated bitcoins. Defcon rejected these charges, but took responsibility for what happened.
I did not run away with gold. I made a mistake as a leader, and I am completely overwhelmed by today’s discoveries. This is a crushing blow. Defcon
Shop Silk Road 2.0 appeared shortly after law enforcement authorities closed the “original” forum and arrested its owner Ross Ulbricht. Forbes notes that the “revived” online store until recently was the most stable and popular place to buy drugs and included 13 thousand items.