Dark market web site Silk Road 2 has told customers that all of their bitcoins are gone after a massive hack, in which at least 4,476 bitcoins (worth over $2.6m at current prices) are believed stolen. Organizers at the site are blaming the compromise on the transaction malleability attack in the news this week.
"Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as "transaction malleability" to repeatedly withdraw coins from our system until it was completely empty," said a post from Defcon, one of the site's moderators, on a forum, located on the Tor network.
The post added that thieves attacked after the organizers of the site took too long to respond to widespread industry concern about the transaction malleability attack. "Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself," it said.
Generally, good security principles would have a bitcoin-based web site putting the bulk of bitcoins under management in cold storage (ie stored offline), so that they could not be stolen by online attackers. However, the post said that they were all stored online, because of back-end developments on the site.
"We were planning on re-launching the new auto-finalize and Dispute Center this past weekend," Defcon said in the post. The implementation of the two features would have bumped up the volume of orders being finalized, causing the site to make all of the bitcoins instantly available.
The post came with profuse apologies. "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand," Defcon said, before posting the fraudulent transactions, and asking for community help in bringing down the alleged thief.
The post suggested that the escrow wallets (which hold funds until goods have been delivered) were compromised. One thing that wasn't clear is whether users' personal wallets (holding funds that have been uploaded but not spent, or received from customers but not withdrawn) had been stolen.
Some postings on the forums suggested that they had also been compromised. "Appears so at least in my case. While only .1286 BTC (deposited last night) I can see a transcation on blockchain that has sent payment to an address and I have made no such transaction," said one user, calling himself 'UncleFester'.
"Blockchain showing my SR wallet emptied. So - escrow and wallets are all gone :-(," said another, 'meathead_420'.
Others suggested that all remaining coins may have been taken off the Silk Road 2 server while the situation was resolved.
How did it happen?
What is still unclear is just how a transaction malleability attack could have resulted in the complete emptying of an escrow account. The attack involves changing the ID of a bitcoin transaction, to make the sender think that it hasn't happened.
“I was slow to respond and too skeptical of the possible issue at hand.”
As we detailed earlier this week, simply changing the ID isn't enough to cause a coin to be stolen. The individual or organisation sending the bitcoins (in this case, Silk Road) would presumably have to resend the coins immediately and automatically in the event of a fraudulent customer complaint, and would have to notice that almost 5000 bitcoins were disappearing from its escrow accounts without raising an eyebrow.
"Sorry defcon but if mt gox and bitstamp had the hindsight to cancel withdraws while they dealt with the bug. Why did you not take the same measures?" asked 'Soloist'.
"Why did it take forever to move funds in and out of my wallet but every last bit of BTC disappears in the blink of an eye?" said 'garconSR2' in response to the Defcon post.
Technical experts were bemused, and sceptical. "Would criminals make dumb mistakes? Infinitely feasible. Most deep web sites like this are likely either honeypots or long-con scams," said core bitcoin developer Jeff Garzik.
Defon provided some details of the attack, explaining that someone, likely operating in France, used several vendor accounts to order from each other, to find and exploit the vulnerability. The primary account was named 'narco93', the post said.
Defcon offered to help those most at risk from the theft by using his own personal funds. At least one user, dimon114, seemed in need. "If my vendors didn't ship what I ordered, I am now in some serious physical danger," they said.
While many questioned the honesty of the story, others pounced on the evidence provided by Defcon to try and find more details. One user found a wallet online which they said could be a likely destination for the funds. This blockchain wallet appears to have received 8566 bitcoins over 60 transactions in the last two days. Just over half of them are still in there at the time of writing. There is no proof that this wallet was used by any alleged bitcoin thief at this stage.
Anonymous user image via Shutterstock