A large scale cyber-theft has drained the relaunched ‘online drug bazaar’ Silk Road 2.0 of nearly all of its Bitcoin reserves – estimated to be worth $33 million or even more. Site administrators blamed an insider, who used a recently discovered flaw to withdraw money repeatedly, before vanishing.
Site administrators believe that the attackers exploited the same flaw that hit the MtGox Bitcoin exchange this week, according to The Register’s report.
Site administrator DefCon said in a blog post that the attackers struck at a moment where the community’s entire balance was in hot storage – ie on computers connected to the internet. Large sums of Bitcoin are usually placed in “cold storage” – ie on disks disconnected from the internet – for security reasons, and having such a huge sum accessible online while upgrades were applied to the site, led rapidly to disaster, according to a post by site admin Defcon.
Defcon claims that the ‘heist’ was carried out by an insider – a ‘vendor’ who exploited the ‘transaction malleability’ vulnerability in Bitcoin, allowing users to make multiple withdrawals.
“I am sweating as I write this… I must utter words all too familiar to this scarred community: We have been hacked,” Defcon wrote. “Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty”
The South China Morning Post reports that the thieves stole 4,476 bitcoins, worth US$2.5 million at current market rates. Silk Road 2 is blaming “transaction malleability” – a vulnerability which afflicted several large Bitcoin markets this week, and contributed to a sharp decline in the currency’s value.
It’s still unclear how many bitcoins were stolen in Sheep Market raid, but Defcoin listed a series of Bitcoin addresses that admins believe were involved, which point to a single address containing 58,000 coins worth more than $36.1 million. Other estimates range from 41,200 bitcoins (from a Silk Road user) and 88,000 by Bitcoin News.
Forbes Magazine said that it was the latest in a series of hacks targeting ‘black market’ sites – and that of the half-dozen sites which sprung up in the wake of the closure of the original Silk Road, three shut down after insiders ran off with funds, and two after being hacked. Silk Road 2.0’s latest mishap was also due to an insider, the site admin believes.
Earlier this week week, Dutch ‘drug market’ site Utopia was shut down by police. Like Silk Road, Utopia was a ‘hidden site’ only accessible via the Tor browser, which allows web users to remain anonymous. Dutch authorities have not disclosed how they located and shut down the servers.
“Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty,” said a post from Defcon, one of the site’s moderators, on a forum accessible via the encrypted Tor network.
“This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.”
The Register’s report said that the “transaction malleability” flaw which led to Mt Gox’s closure, and the theft from Silk Road redux, had been known for several years, saying, “Experts say that sites and exchanges using best practices could eliminate the vulnerability from their bitcoin services.” In the case of Silk Road 2’s bitcoin reserves, attackers repeatedly used the vulnerability until the entire reserve was drained.
The theft has already had an impact on the price of bitcoins – already wobbling after the shutdown of MtGox. According to the STCMP, the Coindesk price index (a benchmark combining prices of Bitstamp and BTC-e) has fallen $70 in 24 hours, and customers fear that the 4,500 stolen bitcoins will flood the market.
Silk Road, a “drug market” which authorities claim shipped $45 million per year of drugs including heroin around the world was shut by authorities last year – but weeks later, a site styling itself Silk Road 2.0 appeared. Like the original, it is only accessible via the “anonymous” browser Tor, reported by We Live Security here.
Alleged founder Ross Ulbricht, 29, is now in custody awaiting trail on charges relating to alleged global sales of $1.2 billion in illegal drugs, but the new site’s owner has adopted his alleged pseudonym, Dread Pirate Roberts. Under the Twitter handle @DreadPirateSR, the new founder announced the launch in a Tweet, “20 minutes to go. You can never kill the idea of Silk Road”.
A site administrator said, “”It took the FBI two-and-a-half years to do what they did…but four weeks of temporary silence is all they got,” according to a report by Yahoo News.
The site was only accessible via the anonymized Tor network, and dealers sent packages via mail. Payment was made via the cryptocurrency Bitcoin. Due to the difficulty of tracing or identifying Tor users, the service is used widely by cybercriminals, and even to host botnets, as reported by We Live Security here.
The charges against the orginal Silk Road’s Ulbricht allege that the site generated sales totalling more than 9.5 million Bitcoins – a sum roughly equivalent to $1.2 billion.
The new site offered improved security, including the option to use PGP encryption keys as an added authentication measure, according to Tweets by the new Dread Pirate Roberts. While various high-profile ‘drug markets’ – and markets selling weaponry, marriages and hackers for hire – have been busted in past months, they are also springing up rapidly. Dealers simply move stock between the sites, and point to customer ratings from other sites as they relaunch.
One Dutch drug company said on its site, “After the shocking events on Silk Road yesterday we have accessed our Black Market Reloaded account (which we had made a few months ago for events like these). We are now adding a serious amount of listings and will go online ASAP.”
,
The post Silk Road 2.0 drug market hit by insider theft – entire $33m bitcoin reserve stolen appeared first on We Live Security.
Brought by: http://foodonia.com
ليست هناك تعليقات:
إرسال تعليق
اترك تعليقا .. http://foodonia.com