Deja Vu: Aussie hackers loot Silk Road 2 of $2.6 million in bitcoins

Barely a few months after the infamous online black market Silk Road was taken down, only to rise like a phoenix from the ashes as Silk Road 2, the site has been hacked.

Hackers have made off with approximately 4,400 bitcoins worth $2.6 million from Silk Road 's escrow account. The site's administrators blamed a "transaction malleability" or a vulnerability in the virtual currency itself. The bitcoins belonging to Silk Road 2 staff and users were temporarily vulnerable when the site was being upgraded.

"We have been hacked. Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker. Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as "transaction malleability" to repeatedly withdraw coins from our system until it was completely empty. Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself," wrote moderator Defcon on the Silk Road forum per DeepDotWeb.

According to Defcon, two Australians (going by the handle LethalWeapon and mrkermit) and a French national, who used six vendor accounts (narco93, ketama, riccola, Germancoke, napolicoke and smokinglife), may have hacked the site by exploiting the bug to empty Silk Road 2's escrow account of the funds. The two Aussies are suspected of stealing 2.5 percent of the total bitcoins, whereas the French user is believed to have made off with the remainder. The three suspected hackers allegedly knew each other.

While Silk Road 2 administrators say that thieves have taken advantage of the bug in the virtual currency, others opine that the hacking may have been an inside job.

Defcon, however, is optimistic and hopes that the hackers will return the bitcoins.

"Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward," wrote the moderator.

Silk Road 2 seems to have learned a lesson the hard way and Defcon revealed that the site will implement stringent measures to counter future vulnerabilities.

"Multi-signature transactions are the only way this community will be protected long-term. I am aggressively tasking our devs on building out multi-sig support for commonly-used bitcoin clients," he said.

After news of the hacking on Thursday, February 13, the price of BTC dived by 50 points.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics