PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Silk Road 2 Loses $2.7M in Alleged Bitcoin Hack

Chloe Albanesius
 & Chloe Albanesius Executive Editor, News

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Bitcoins valued at approximately $2.7 million have gone missing from Silk Road 2, allegedly due to a hack.

Silk Road 2 is the reincarnation of the original Silk Road, an online black market for all things criminal that was shut down by the feds last year. The new site emerged in November and is only accessible to those who have an invite and sign in using the Tor anonymizing service.

But according to a Silk Road administrator known as Defcon, all is not well on the site. In a recent forum post, which was posted online by DeepDotWeb, Defcon said that Silk Road 2 had been hacked and its bitcoins stolen.

"Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as 'transaction malleability' to repeatedly withdraw coins from our system until it was completely empty," Defcon wrote.

According to CoinDesk, transaction malleability is "an attack that lets someone change the unique ID of a bitcoin transaction before it is confirmed on the bitcoin network. The change makes it possible for someone to pretend that a transaction didn't happen, if all the right conditions are in place."

As the International Business Times noted, transaction malleability has been around since at least 2011, but the topic made headlines recently when bitcoin exchange MtGox suspended all withdrawal transactions, citing transaction malleability.

In a Tuesday statement, the Bitcoin Foundation said "we (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It's important to note that DoS attacks do not affect people's bitcoin wallets or funds."

The bitcoin stash on Silk Road 2, meanwhile, was in "hot storage" (or online) rather than cold storage, Defcon said, because "we were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community's full balance in hot storage."

"In retrospect this was incredibly foolish, and I take full responsibility for this decision," Defcon wrote.

Given that Silk Road isn't exactly a reputable business - allegedly trafficking in drugs, guns, and other unsavory services - it's difficult to feel bad for those who might have lost money. But according to an update on DeepDotWeb, there's also the possibility that this "hack" is actually a scam so that Silk Road administrators can pocket the cash themselves.

"As the time passes there are more and more suspicions that this was in fact a SCAM by the Silk Road staff – and not a hack, we will post more details about it once, and if we get the full picture," DeepDotWeb wrote.

In the post, Defcon apologized profusely and urged the alleged hackers to return the bitcoin. "Whoever you are, you still have a chance to act in the interest of helping this community," he wrote. "Keep a percentage, return the rest. Don't walk away with your fellow freedom fighters' coins."

For more, check out PCMag Live in the video below, which discusses the heist.

About Our Expert

Chloe Albanesius

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio