Defcon, the moderator of Silk Road 2, wrote in a forum post that hackers have breached into the anonymous marketplace, TechCrunch reported. Defcon said that the hackers exploited a transaction malleability issue to get access to the marketplace. They were able to steal more than 4474.26 bitcoins with a value of $2,747,000 and cleaned out the contents of the site's escrow account, the report said.
To send bitcoins from buyers to sellers, Silk Road 2 utilized a central escrow service. The hackers took advantage of the transaction malleability bug to get all the contents of the wallet. The bug allows users to cover the transfers and then ask for the same number of BTC a number of times. This is also the same issue that compelled Mt. Gox to temporarily suspend withdrawals. However, average bitcoin wallets can withstand this sort of attack because of newer updates, the report said.
Silk Road 2 said that the hackers used its automatic transaction verification system to obtain orders from each other. They then asked for refunds for goods that were not shipped. They were able to use the transaction malleability bug to their advantage because the site only required a transaction ID to authorize bitcoin transfers. According to the site, they run an automated refund system for their vendors relying on the TXID to confirm transactions. Silk Road 2 claimed that six vendors schemed together to take advantage of the system by ordering from each other and then asking for circular refund requests, the report said.
Defcon asked the hackers to give back what they have stolen. He wrote, "Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward."
The price of the BTC has gone down by about 50 points as news of the theft broke, TechCrunch reported.
Join the Conversation