This is seriously the most hilarious thing I have read in a long time. Here we have a group of objectivist libertarians who believe that there should be effectively no laws other than the law of economics and self-interest who run an illegal website devoted to the pure greed of cashing in on contraband, and this is what they write:
"I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice." We need the government! Please, come find the guy who took all of our illegal drug money and give it back to us so we can continue to say you aren't necessary.
"Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward." Yes, you bad guy, you should do the right thing and think of the community not your self-interests by giving back your illegal gains back to the guy named Dead Pirate Roberts (that's totally his real name).
"Whoever you are, you still have a chance to act in the interest of helping this community." In the interest of the community?! Bwahahahaa!
"I will fight here by your side, even the greedy bastards amongst us." Like everyone on the site?!
"The only way to reverse a community’s greed is through generosity." Just like Ayn Rand said my brothers!
Then I come here and not a single person on here even notices the massive hypocrisy and lack of self-awareness. Amazing.
This is almost certainly hogshit, and anybody who has been paying even a little bit of attention over the last week can probably smell it.
The "hole" in MtGox's security was a social one. You could contact customer support and claim that you had not received your coins, and they could re-issue you new ones if they chose to. There is also no evidence that this ever happened.
This wasn't, and isn't, a flaw in the underlying architecture, it's just a way to convince a customer service rep that you weren't lying.
If SR was re-issuing coins automatically, it's because they were being intentionally stupid.
--
They're using this as a scapegoat. Either somebody ran off with the coins, or something otherwise hacked them and they're using this as an explanation.
Yeah. The moment I got to " a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability”" I was like "Riiiiight....".
It's not even 'recently discovered', and as far as I understand it it does not let anyone to drain other persons' wallet (if it did, that'd be a killer to entire bitcoin the moment it was discovered)
From my understanding of the malleability issue, couldn't you have vendor withdrawals that get sent, but then not verified by the Silk Road system? Where the original transaction gets rejected due to the modified one getting accepted by the network? So then the Silk Road internals would assume it just didn't go through and not deduct it from the vendor's internal balance, allowing the vendor to repeatedly withdraw as long as they just withdrew their whole balance and modified the transaction each time?
It's recently been suggested that it actually is possible to drain someone's wallet using transaction malleability, if they are not using the reference software. See below:
I thought the 'malleability' problem only resulted in miners being DDOS'd. The transactions themselves were supposedly still 'intact' - i.e., inputs, outputs, addresses were not modified.
So.... what are SR2 saying happened here?
- Is it a double spend using SR2 escrow bitcoins?
- How was the malleability introduced?
Given illegal nature of Silk Road 2, I can't help but be suspicious of this explanation of the hack. If someone's sufficiently willing to flaunt laws as to operate a site devoted to selling contraband, what stops them from taking advantage of their position of power and stealing from their users?
It's entirely possible to be in support of a free and peaceful drug trade, while at the same time being morally against theft. I don't know why you're lumping the two.
There is a huge moral difference between the sort of victimless-crime-contraband that is on SR (especially since SR1 at least, not sure about SR2, actively filtered out child porn, weapons, assassinations and all of the other truly scary things that you can potentially sell on an anonymous market), and stealing millions of dollars from people at least a few of whom are dependent on substances and desperately need the money to get them in time.
Also, it hasn't really happened yet, but vigilantes.
This is also the guy that just talked a bunch of trash about the last Dread Pirate Roberts, and how he was so much better about security. Jinxed yourself, bro.
Granted this was supposedly in the Bitcoin protocol itself, but for real, there's really never any need to stick your neck out to talk about how great your security is...
Given the latest news it is also very likely that the FBI with the help of some other government cyber-crime unit raided Silk Road 2. You will see it only when the thieves will try to sell or exchange the bitcoins.
The FBI won't do, and it will be in the news sooner and later.
On 1/31, a SR Forum user warned, "SR2 massive scam about to hit very soon"
>no Auto Finalize/no resolution center coins are pilling up massively
whitout anyone even realising what s coming .
>there is propably couple millions $$ just in escrow alone and
no one is fucking complaining.
>You guys really think it takes more than a month to implement
a resolution center?how dumb are you
>This is about to be the biggest scam in the history of the darkmarkets.
>Defcon postponing dates again and again,then annoucing that a fix
has been done when clearly it hasn t done shit ?(captcha)in this case.
>Can t you fucking see throught their bullshit and blatant lies that
the ship is about to go down the drain very soon??wake the fuck up .
Follow-up from today:
>well,I ve done what I could to warn you at least,next time you
call me a troll rethink maybe.
>my posts weren t really convincing because of the bad grammar
(not english) but the message was there for everyone willing to hear it.
>If you believe all this bullshit again from defcon ,then I am affraid
you d get scammed over and over again.SR isn t what it once was,
it is run by a greedy cunt.
>This was just so predictable,it doesn t take 2 fucking month to
implement a resolution center ,not having it was the main tool
of their scamming operation.
>The funniest thing in that story is that SR would still be up ,
means this scams could go on forever because people are
licking blindly these greedy mofo.
>don t be fooled by the green camel next time rant over/
Irony at its finest here. If you're going to go to the effort to use a decentralised currency that is difficult to track to a particular individual for a website selling illicit drugs and items served via a decentralised and anonymously run network, don't expect any sympathy when your Bitcoin goes missing... You go to the great effort of avoiding conventional means of currency (banking, trackable transactions to individuals) and yet you realise how the traditional banking system in many ways while not being perfect protects you from a lot of this type of activity. If an attacker hacks into your Internet banking or your credit card is stolen, you in most cases get the money back.
No monetary system is perfect, and I think these increasingly frequent scenarios where X amount of crypto-currency is "stolen" and cannot be recovered drive that point home. I strongly believe that crypto-currency has a bright future, I own a few Bitcoin myself and many other alternative crypto, but I don't entrust and never would entrust my coins in a drug-dealer exchange escrow wallet, I keep them on my computer and in cold storage. These kind of situations just keep driving BTC's price down further, we don't need a Silk Road for Bitcoin to succeed.
This whole situation really just makes me laugh. Some people have no faith in the traditional system of Government or currency, but for some reason have faith in a system and currency that is inherently insecure, unpredictable and when shit hits the fan, there's nobody to help you...
Your point about the traditional banking system is irrelevant since there's zero chance of successfully buying a kilo of coke with your Visa card.
So whether it's bricks of cash or shady darknet sites, the prohibition on drugs necessarily doesn't leave one with much recourse when transactions go wrong.
Well, actually, people don't trust these new markets either. So many have been hacked, or been scams, that those with the most to lose have been pretty careful or exited this online game altogether.
My favorite part of bitcoin is just how wild west it always feels. Real money, in very massive quantities is stolen, and there's no authorities who will do anything about it. Old school scams are new again. Crashes happen on a monthly basis. I'm staying out of it in any serious quantities because frankly i'm having too much fun watching it.
There are certainly fortunes to be made as well as lost. I probably would not put "serious" quantities into bitcoin myself either, but it definitely is more interesting to watch it when you have a small amount in it.
This is nonsense. The transaction malleability issue doesn't cause coins to be automatically resent. The simple explanation is that the owner ran off with everybody's money.
Sounds like Defcon got the excuse he needed to line his pockets with all of the Silk Road 2 money.
I don't run a marketplace, but I would assume that an alarm protocol would be implemented and triggered when thousands of bitcoins start to drain out of "hot storage".
Exploiting the transaction malleability bug wouldn't net you 4,500 BTC at once. It would take a lot of requests of broken transactions to drain the entire marketplace of thousands of BTC. Defcon and SR2 should have been on high alert for this kind of problem after the Mt. Gox announcement.
Anyone who runs a Bitcoin marketplace would not be "slow to respond and skeptical of the issue at hand", especially not when the entire balance of the marketplace is in such a vulnerable state.
Defcon has been around this business for years, he isn't an amateur. How could he make such a fundamental, incredibly ignorant error?
Even if we believe the "bad luck, terrible timing" explanation, Defcon's lack of caution and general awareness is simply inexplicable. There is no way he would be so nonchalant about any kind of fault in the Bitcoin protocol with everyone's money sitting out in the open, just waiting to be stolen.
I think the moral of this story is to not open an account with an anonymous exchange. Instead, open an account with a marketplace backed by some high-profile VC's who have some skin in the game. You can bet that Andreesen isn't going to be careless and ignorant enough to let the same thing happen to Coinbase. Not when he's got $25m and his invaluable image on the line.
... and things like this do to a point hilight why there is a lot of regulation around money and trying to create a new "freer" currency is actually really dangerous. I'm pretty sure his operating practice of keeping all the money in one place would be against regulations. Also usually there are big security standards. And finally high transaction fees do in some part support insurance so when my/your visa is stolen or what ever, the bank can just refund me, and take it out of its insurance. Because storing a lot of money for a lot of people is a big deal, but its a well looked at deal, and trying to start from scratch ignoring all of that... well... you just end up with people loosing money in ways that would never happen otherwise. :/
for anyone who sees bitcoin as a 'wild west' environment, this sort of thing is obvious and just moves the bitcoin economy forward. problems found now are fixed, and won't be as big of a deal later.
Either SR2 was hacked or someone ran off with the funds. Whatever the case may be, I do not see how the friction (or lack thereof) of Bitcoin has anything to do with this.
I'm still waiting to hear how they plan to scale Bitcoin to 50,000 transactions per second. To cover a part of the current financial system alone (but only in the U.S., not the rest of the world). 50,000 is a looong way from 7.
In the San Fran startup world where iphone taxi requesting and self-deleting video clips for 14 yr olds are the cusp of innovation, thank god for bitcoin and all the fun that comes with it.
Wow, it really is the wild west out there right now...
I wish that some of the "post-mortem" reports I've seen were this good and detailed with problem, explaination, resolutions. I don't have a horse in this race so people affected probably feel differently.
Not having very much knowledge about the financial industry - is this also an issue with marketplaces that deal with fiat monies?
i.e. Dwolla, Balanced, Stripe, Venmo, all serve as intermediaries for moving money - do these companies have bank accounts that hold onto massive sums of money? What protections would go into keep those accounts secure?
> our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.
As a bitcoin community leader, you have to stay informed with how other people got hacked in the past, and there are so many cases where all the bitcoins were foolishly kept out of air-gapped cold storage until an adventurous hacker plundered them. I guess history is doomed to repeat itself.
[+] [-] zedshaw|12 years ago|reply
"I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice." We need the government! Please, come find the guy who took all of our illegal drug money and give it back to us so we can continue to say you aren't necessary.
"Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward." Yes, you bad guy, you should do the right thing and think of the community not your self-interests by giving back your illegal gains back to the guy named Dead Pirate Roberts (that's totally his real name).
"Whoever you are, you still have a chance to act in the interest of helping this community." In the interest of the community?! Bwahahahaa!
"I will fight here by your side, even the greedy bastards amongst us." Like everyone on the site?!
"The only way to reverse a community’s greed is through generosity." Just like Ayn Rand said my brothers!
Then I come here and not a single person on here even notices the massive hypocrisy and lack of self-awareness. Amazing.
[+] [-] blhack|12 years ago|reply
The "hole" in MtGox's security was a social one. You could contact customer support and claim that you had not received your coins, and they could re-issue you new ones if they chose to. There is also no evidence that this ever happened.
This wasn't, and isn't, a flaw in the underlying architecture, it's just a way to convince a customer service rep that you weren't lying.
If SR was re-issuing coins automatically, it's because they were being intentionally stupid.
--
They're using this as a scapegoat. Either somebody ran off with the coins, or something otherwise hacked them and they're using this as an explanation.
[+] [-] pstrateman|12 years ago|reply
The reference client (github.com/bitcoin/bitcoin) does not resend transactions because of malleability.
The only way you can have double transfers due to malleability is if you are manually reviewing transfers and re-sending them yourself manually.
This seems like a very convenient scapegoat.
[+] [-] Mchl|12 years ago|reply
It's not even 'recently discovered', and as far as I understand it it does not let anyone to drain other persons' wallet (if it did, that'd be a killer to entire bitcoin the moment it was discovered)
[+] [-] natdempk|12 years ago|reply
[+] [-] Xdes|12 years ago|reply
[+] [-] dsuth|12 years ago|reply
https://anders.io/the-troublesome-history-of-the-bitcoin-exc...
[+] [-] deskamess|12 years ago|reply
So.... what are SR2 saying happened here? - Is it a double spend using SR2 escrow bitcoins? - How was the malleability introduced?
[+] [-] nullc|12 years ago|reply
Is if you replace the transaction without double spending it, which is unsafe.
[+] [-] jfasi|12 years ago|reply
[+] [-] aegiso|12 years ago|reply
[+] [-] vbuterin|12 years ago|reply
Also, it hasn't really happened yet, but vigilantes.
[+] [-] mscarborough|12 years ago|reply
Granted this was supposedly in the Bitcoin protocol itself, but for real, there's really never any need to stick your neck out to talk about how great your security is...
[+] [-] short_circut|12 years ago|reply
[+] [-] chrisBob|12 years ago|reply
[+] [-] rurban|12 years ago|reply
The FBI won't do, and it will be in the news sooner and later.
[+] [-] bhaumik|12 years ago|reply
[+] [-] DigitalSea|12 years ago|reply
No monetary system is perfect, and I think these increasingly frequent scenarios where X amount of crypto-currency is "stolen" and cannot be recovered drive that point home. I strongly believe that crypto-currency has a bright future, I own a few Bitcoin myself and many other alternative crypto, but I don't entrust and never would entrust my coins in a drug-dealer exchange escrow wallet, I keep them on my computer and in cold storage. These kind of situations just keep driving BTC's price down further, we don't need a Silk Road for Bitcoin to succeed.
This whole situation really just makes me laugh. Some people have no faith in the traditional system of Government or currency, but for some reason have faith in a system and currency that is inherently insecure, unpredictable and when shit hits the fan, there's nobody to help you...
[+] [-] aianus|12 years ago|reply
So whether it's bricks of cash or shady darknet sites, the prohibition on drugs necessarily doesn't leave one with much recourse when transactions go wrong.
[+] [-] girvo|12 years ago|reply
[+] [-] swalsh|12 years ago|reply
[+] [-] emhart|12 years ago|reply
[+] [-] jakejake|12 years ago|reply
[+] [-] dreamdu5t|12 years ago|reply
Anyone is free to attempt to investigate and go after this guy.
[+] [-] Meekro|12 years ago|reply
[+] [-] roymurdock|12 years ago|reply
I don't run a marketplace, but I would assume that an alarm protocol would be implemented and triggered when thousands of bitcoins start to drain out of "hot storage".
Exploiting the transaction malleability bug wouldn't net you 4,500 BTC at once. It would take a lot of requests of broken transactions to drain the entire marketplace of thousands of BTC. Defcon and SR2 should have been on high alert for this kind of problem after the Mt. Gox announcement.
Anyone who runs a Bitcoin marketplace would not be "slow to respond and skeptical of the issue at hand", especially not when the entire balance of the marketplace is in such a vulnerable state.
Defcon has been around this business for years, he isn't an amateur. How could he make such a fundamental, incredibly ignorant error?
Even if we believe the "bad luck, terrible timing" explanation, Defcon's lack of caution and general awareness is simply inexplicable. There is no way he would be so nonchalant about any kind of fault in the Bitcoin protocol with everyone's money sitting out in the open, just waiting to be stolen.
I think the moral of this story is to not open an account with an anonymous exchange. Instead, open an account with a marketplace backed by some high-profile VC's who have some skin in the game. You can bet that Andreesen isn't going to be careless and ignorant enough to let the same thing happen to Coinbase. Not when he's got $25m and his invaluable image on the line.
[+] [-] rglover|12 years ago|reply
[+] [-] jaekwon|12 years ago|reply
[+] [-] mapgrep|12 years ago|reply
[+] [-] pirateking|12 years ago|reply
1. Mine Plundered: $2300 in Nuggets Stolen! (439 points)
2. Gold Is Where You Find It (102 points)
3. Show RN: A Better Shovel (32 points)
4. WANTED: No good pickaxe thief, DoA (8 points)
[+] [-] CoachRufus87|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] thebiglebrewski|12 years ago|reply
[+] [-] aaronem|12 years ago|reply
[+] [-] mindstab|12 years ago|reply
[+] [-] Steko|12 years ago|reply
[+] [-] MarkPNeyer|12 years ago|reply
[+] [-] dispense|12 years ago|reply
[+] [-] mpyne|12 years ago|reply
[+] [-] dreamdu5t|12 years ago|reply
[+] [-] gwern|12 years ago|reply
[+] [-] aparadja|12 years ago|reply
[+] [-] gesman|12 years ago|reply
[+] [-] rqebmm|12 years ago|reply
[+] [-] riquito|12 years ago|reply
[+] [-] toasted|12 years ago|reply
[+] [-] atwebb|12 years ago|reply
I wish that some of the "post-mortem" reports I've seen were this good and detailed with problem, explaination, resolutions. I don't have a horse in this race so people affected probably feel differently.
[+] [-] theswan|12 years ago|reply
i.e. Dwolla, Balanced, Stripe, Venmo, all serve as intermediaries for moving money - do these companies have bank accounts that hold onto massive sums of money? What protections would go into keep those accounts secure?
[+] [-] bhouston|12 years ago|reply
[+] [-] primitivesuave|12 years ago|reply
As a bitcoin community leader, you have to stay informed with how other people got hacked in the past, and there are so many cases where all the bitcoins were foolishly kept out of air-gapped cold storage until an adventurous hacker plundered them. I guess history is doomed to repeat itself.