Cannabis Road is now offline after suffering from an attack that saw hackers abscond with 200 BTC or roughly $100,355 at press time.
Users who attempt to access the online marketplace dedicated to cannabis products are now presented with a message from lead developer 'Crypto' detailing the attack and the potential paths forward for the development team.
Crypto writes that he discovered the theft at roughly 10:15 AM UTC, after logging into Cannabis Road's bitcoin wallet and noticing the balance was near zero.
The developer goes on to reveal the bitcoin address allegedly holding the stolen funds, before asserting that he does not yet know how the money was stolen.
Crypto concludes his message by issuing an apology to site users while expressing his current uncertainty over whether the project will be able to continue, adding:
The success of the attack is particularly notable given that Cannabis Road had moved to integrate safeguards aimed at better protecting user funds through multi-signature technology, an evolution of the traditional wallet offering that introduces an arbitrator to the transaction process.
In a May interview with DeepDotWeb, Crypto indicated that Cannabis Road was using a hybrid version of multisig, however, in part to make the technology easier for its customers to use.
At the time, he indicated that Cannabis Road had added three levels of multisig in response to a rise in attacks against illicit websites, explaining:
Two more advanced levels were added on top of this service, both of which put restrictions on the situations in which users would be asked to send their private keys.
Crypto also promises Cannabis Road users that he will share information on the attack as it was discovered in order to provide more information to the broader deep web community.
Further, he estimates the damage of the attack to be significant for the online marketplace's brand, suggesting that whether it continues to exist will be up to the site's community.
Notably, the site had suffered an early hack under the care of a previous developer in February. Though no funds were stolen in this attack, the incident did result in a leadership change, with Crypto taking the role of lead developer for the site.
The setback is the latest for the deep web's illicit online marketplaces, which have been the target of a number of attacks so far this year.
Silk Road 2.0 suffered a significant hack in February during which it lost more than $2.6m in bitcoin in what was perhaps the community's most high-profile attack.
In his remarks, Crypto moved to separate his actions from those that were taken by Silk Road 2.0 at the time, noting that he would not blame "transaction malleability" for the issue and that he now sympathizes with the situation that the site's lead developer Defcon faced at the time.
Silk Road 2.0, however, has since been able to rebound from the event, revealing in late May that more than 80% of the customer funds stolen in the attack had been repaid.
Hat tip to DeepDotWeb
Cannabis image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.