Users Track $100 Million in Stolen Bitcoin After Sheep Marketplace Hack
Published on December 3, 2013 at 11:23 BST
The closure of black market site Sheep Marketplace took a mysterious turn over the weekend, as users allegedly tracked nearly 100,000 stolen bitcoins, worth over $100m, through the block chain.
Black Market Reloaded announced its closure amid worries that Sheep Marketplace’s migrating users could overload the site.
Since then, claims have emerged suggesting far more coins were stolen, with many users saying the owners themselves have perpetrated the fraud.
The issues surrounding Sheep Marketplace began several days ago, when vendors and customers reportedly found themselves unable to withdraw coins from the marketplace’s escrow system.
Administrators told users they would be able to withdraw their funds after some organisational changes. Then, with many vendors and users still waiting for their funds, the Sheep Marketplace forums were shut down.
On Sunday, the site itself was closed: replaced with a message reporting that a vendor had stolen a large number of bitcoins. It read: “We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found [a] bug in system and stole 5400 BTC – your money, our provisions, all was stolen.”
In the days since, this message has been inaccessible.
Other reports refute the site’s claims – highlighting the administrators’ potential involvement in the heist. One site, Sheep Market Scam, has attempted to document the events of the last few days. It suggests that around 40,000 BTC was transferred from a bitcoin address rumoured to be associated with Sheep Marketplace.
“Look up your Sheep deposit addresses on Blockchain. Follow any outgoing money. It’s a mass exodus of BTC from Sheep addresses to external holding wallets.”
The redditor also pointed to the movement of around 40,000 bitcoins through this single address. The first transaction to the address took place on 8th November.
“I’m guessing that some amount of it is the Sheep commissions, but wildly guessing, no more than half,” said another redditor, researcher Gwern Branwen.
He had been tracking the coins, which he claimed were stolen, as they were sent to new wallet addresses. He sent 0.00666 BTC to each address he discovered, to mark them and let his target know he was watching.
This is an expensive statement – each of those deposits is worth over $6 and he sent them to tens of addresses.
“I think he’s asleep now in the Czech republic. When he awakes, he will see my 666 next to his 96,000 stolen, freshly-laundered bitcoins,” said the redditor, named sheeproadreloaded2, who didn’t respond to a request for comment from CoinDesk. “Along with lots of insults attached to fragments of bitcoins that I hope you are about to send here.”
The link sheeproadreloaded2 posted displays the blockchain.info page for the address holding the bitcoins he tracked. Yesterday, bitcoin users began sending notes to the bitcoin address using blockchain.info, which allows for messages to be sent along with bitcoin transactions.
“Give up, send the coins back,” said one such message, attached to a 0.000007 BTC transaction.
Others claim Czech resident Tomáš Jiřikovský was behind the scam (throwme1121 claimed Sheep Market’s owners were Czech in his original post).
The logic behind these allegations can be found in Branwen’s reddit post, and a document he uploaded on Pastebin. However Jiřikovský and his girlfriend both issued a statement yesterday to deny ownership of the site.
The website Black Market Reloaded has also closed, citing scalability worries. Operator Blackopy commented in a forum post:
“SR is down, The Black Flag ended up as a scam, Atlantis ended up as a scam and now The Sheep Market follows that dark path.”
Backopy had previously shut down the site in October, following a security scare where the site’s source code was published online. Now, Blackopy is promising a gradual shutdown of the site, pruning inactive accounts in the process. CPU load on the operator’s servers spiked to 60%, which caused errors and technical problems for the marketplace, the site’s operator said.
Silk Road 2.0 also suspended new registrations temporarily, as of Monday.
Scalability issues may affect the servers operated by each of these black market sites, but the Tor network on which they run is relatively small. According to Tor’s creator, Roger Dingledine, around 800,000 people use the network each day. He told CoinDesk:
“Most people use Tor to reach ordinary websites on the Internet, so one of the main constraints for most Tor users is the number and size of exit relays that volunteers around the Internet run.”
There are around 4750 relays on the Tor network. This powers a significant portion of the ‘dark web’ on which sites like Sheep and Black Market Reloaded operated.
“The media makes a big fuss about sites like these, but they make up a very small fraction of overall Tor use,” Dingledine added.
Fingerprint image via Shutterstock
BitPay Sees 6,260% Increase in Bitcoin Black Friday Sales
Bitcoin Talk Hacked Again, Members Urged to Change Passwords