Free Dread Pirate Roberts

Saturday, March 22, 2014

Pandora Marketplace Hacked: Losing $250,000 in BTC

Important: Do not send any coins into this market at this time withdraws are still disabled!
We had a quiet couple of weeks but now a claim from the Pandora Marketplace  admin (Alice) was published stating that guess what…. the market was hacked, losing around 50% of all the BTC totaling at around $250,000 value (somewhere around 425BTC at the current rate), we know this drill very well by now with all the hacks and scams that we have witnessed, Alice posted a very detailed post on the pandora forums explaining what happened, and how the market admins intend to sort this issue out and return the lost funds by collecting higher commissions from the vendors and repaying everyone within the time frame of a month or so.
This is the post from the Pandora admin Alice (you can read the original one here: http://bl3j73taluhwidx5.onion/index.php?topic=6629.0) with some formatting fixes:
===Quote===
First of all sorry, but i didn`t had to much for choice if i didn`t wanted to close pandora market and hope at least some of you will understand situation, but i know i am going to burn and lost all of my karma, but there is whole truth with my plan.
What happened:
1) Last week pandora market got shaved of large portions of BTC by 2 vendors used to be small-time scammers, they were able to steal about 1/2 of BTC pandora total holdings (basically everything, that was not on cold storage), they found the leak in system.
2) I stopped all withdrawals, found leak and fix the bug in system and also were checking any signle money operation programming, that is the reason why everyone withdrawals were stopped for about 12 hours.
What were my options back then, when i found bitcoin lost:
1) I could make market to disapear and just close it down, everyone will think then, i scammed oll of you.
2) I will apply solution to cover losses and continue operations.
3) I choose number 2)
Why I didn`t told truth before:
1) That would probably lead only to instant panic and market closure week before that day. All money would be probably lost – all vendors and customers money.
2) I didn’t informed and pandora were able to make withdrawals of more than 1000BTC since steal of bitcoins discovered to vendors -  all of that would not be possible if i would not take this drastic measurements.
3) All my actions was made to safe pandora market and continue operation, time will tell if that was good move.
4) Only what i am sure about is if i didn`t made this drastic measurements, i can only close down the market and be remembered as scammer.
Current situation:
1) I partly covered loss from my profits (this is probably very stupid move from me as everybody will probably blame me, i should closed market i think now) – i covered about 1/3 of losses from my own money (hard decision for me).
2) Market and almost all BTC will be recovered during this week by applying very high tax on all transactions.
Actions made:
1) Currently only max 2/10 pandora holdings are held on main server so possible loss is limited to 2/10 of total pandora holdings.
2) Many security updates to the system, leak fixed.
3) If pandora will survive that, in future if that ever happen again, loss is limited to 2/10 of BTC holdings.
Facts:
1) Pandora market processing withdrawals for vendors and over 1000BTC were sent to vendors during last week.
2) All transaction must be taxed with scheme below to complete recovery.
3) Pandora will start processing withdrawal for all users by 23.3. (withdrawal fee for customers will aply from that day until 23. + 14 days)
4) Pandora will be recovered in less than 10 days from now.
5) For those thinking about closing shops at pandora:
5.1.) I really do understand that, but think about this:
5.2.) Small market might (i mean person behind the market) might not be ready for inflow of money and he might scam you anyway.
5.3.) Think again, how much you made with pandora market existence and how much you are going to make in future and without this market, you would may not be able to make money that you did there.
5.4.) I didn’t had many options to safe market and this loss is temporary and will be repaid back.
Recovery scheme & Buyback:
1) For save pandora market i had to make very drastic measurements – commission (operating tax) of 24% during 23.3.
1.2) commission paid from all transaction scheme:
1.3) 24% by 23.3. (16% recovery tax if your item have add commission to item instead of deduct)
1.4) 16% 23.3. – 31.3. (8% recovery tax if your item have add commission to item instead of deduct)
1.5) 8% from 31.3. until 1.4.
1.6) If you have option to add commission to item price as vendor, you are not charged full 24% but customer pay commission of 8% and after you are cahrged 16%.
Reason to accept that:
1) Truth is that you have no choice and if you want be able to withdraw for all send order, consider it as prepaid tax (will explain later).
2) Take it as necessary evil to continue business on pandora market (i understand some of you will not).
3) All commission paid are in database and i know, who paid what amount of commission above expected.
4) EXAMPLE:
4.1) ESCROW RELEASE FOR vendor_name(31118) ON ORDER 56086 AMOUNT 0.13266796 COMM 0.03741917 (that is helf for every single transaction)
5) These allow me to calculate exact commission paid by that day easily and:
6) From 31.3. all affected vendors (probably all) will have overpaid commission calculated.
7) Overpaid commission ill be put to special database.
All vendors will later pay only 40% of standard commission and 60% will be calculated back to repay tax back to vendors. 60% of future commissions will be paid back to vendors after total amount of overpaid money is 0. (proportion might change to pay back vendors quick as possible)
9) Worst case scenario is i will sell 30% of pandora earnings and pay from that debt to vendors to repay them overtax (each 1% will earn portion of pandora profits, paid daily).
About me & what i think:
1) I must be completely stupid to be honest in this business, because for me were such easier to exit.
2) I don`t expect nobody to understand, even if i wrote that post, i think, many of you will think, this is beginning of scam, because it does make sense (but if i am going to scam i am not going to allow withdrawals of more than 1000BTC right ? – so that play for that is truth)
3) I must be very stupid, as i put even my all money back just for everybody will blaming me, but that is risk i am taking now.
4) If somebody think, i am taking that 24% profits now, that is not true, it is much more easier just to close all withdrawals and run away with money – which i didn’t do.
5) BIG TRUTH is: Now i am not making any money out of pandora, every single satoshi now go back to repay back loss.
6) I don`t want to sound like i almos save your money, i will be blamed, of course, many will think, this is start of scam, or i took money by myself, but none on that is truth.
FACTS 2:
1) If this is going to be scam, which is not, i am not going to allow withdrawals.
2) Recovery of all loss is by end of month.
3) Pandora will be beck in normal by end of the month.
4) 75% recovered. (30% from me).
5) I am now working for free.
6) Pandora will survive (i believe that).
7) Personaly i still didn’t steal single bitcoins from customer or vendor.
Understand in this anonymous place it is not easy to believe nothing.
SUPER SHORT VERSION:
1) Pandora loss 1/2 of BTC holdings.
2) Drastic tax is needed to recover (paid by all vendors).
3) Tax paid by vendors will be paid back in form of 40% or less commission pay in future.
4) Normal operation will start again approx 31.3.2014.
UPDATE 1:
1) All vendor & customer balances are not touched in any way and after recovery will be fully available (customers can still order from any vendor and vendors don’t  have any issues with withdrawals, from day 1 because i recovered cold storage and used my money to pay vendors).
2) There are enough BTC to cover all withdrawals (i calculated balances on all vendor accounts and pandora have multiple time balance for withdrawal then is available balance on vendor accounts) – vendors don`t have issues wit withdrawals from day 1 (except 12 hour withdrawal stop before few days).
UPDATE 2:
1) Inflow of BTC into pandora market is unchanged in comparison to last week
2) Buyers are still buying in stable rate in compare to the last week
3) Others will try to make panic and take advantage of this issue, so if you can, please don`t try to create more panic but protect pandora if possible.
4) If you want as vendor limit your loss, you can change item to add price instead of deduct, then from 23.3. commission 16% will aply and 8% will be paid by you and 8% by customer.
Best what vendor can do now to limit loss is probably change all their items to add commission to price.
That way 8% commission is added to total price to be paid by customer. And from 23.3. “TAX” is going to be 16% so, vendor is paying “just” 8% splitting it with customer. That 8% “TAX” should NOT probably burn most of vendors as margins on items sold here are usually high and every vendor should survive that temporary loss to be paid back when back in normal.
SO if pandora is going to survive that, and at least half of people will understand why it is how it is now, pandora will be here for normal operations within 31.3.2014.
Now everybody say me fuck off and that i am idiont and scammer.
For those who will stay calm, i promise you, i will repay commissions back in time (even for those who will not stay calm).
Never thought it is going happen to pandora, i always think these steal are always made by owners. I thought pandora is stronghold that can not be beaten, but i learned from this and i believe Pandora is not going down!
==End Quote===
alice
This is the post saying that the lost sum was around 250’000$, this might also help explain the 25% commission – considering last weeks turnover was around 1000BTC according to the above post:
250000
We don’t know exactly what happened there but the above post seems detailed enough to explain the general repayment plan, we only hope that everyone will have their money back in no time.
We will keep following and updating as we will have more information.

Alleged Silk Road Founder's Mother Speaks Out

In this video Luke Rudkowski has an emotional conversation with the mother of Ross Ulbricht, Silk Road's founder who is currently in prison. This particular case is very unique and we are witnessing our legal system adapt to the evolution of the internet. For more information on this historical case and the legal defense fund please visit  http://www.freeross.org/

Free Ross Ulbricht

Updated: List of Hidden Marketplaces (Tor & I2P)



Original thread: http://www.deepdotweb.com/2013/10/28/updated-llist-of-hidden-marketplaces-tor-i2p/
Last update: 20.3.14
Listing: 27~ Live Marketplaces!
See the most recent changes in this Changelog
Welcome to our updated list of  hidden marketplaces! Improvement? Broken Links? Let us know in the comments!
  • The List is Always Clean From phishing links!
  • Every link was checked, browsed, registered and logged in manually to verify its authenticity, please double check if your not sure.
  • Links in the comments are NOT verified in any way
  • Dont be Lazy! Do Your research Before using any market, check out the markets forum, the market Sub-reddit And be sure to Look for info at:
    - Darknet Markets: http://www.reddit.com/r/DarkNetMarkets
    - The Hub Forums: http://thehubaoydxrommh.onion
  • Use your common sense and consider every market as potential scam – NEVER store coins on the sites, Do not feel safe with On-Site Escrows & Always Use PGP!!!
  • Just to make it clear: “Top Rated & Recommended Marketplacemeans nothing but personal opinion and lack of complaints received about this market – This is not a Vouch by any means!
3.53 (16 reviews)
Marketplace Forum Url : http://i4rx33ibdndtqayh.onion/
Sub reddit : http://www.reddit.com/r/AgoraMarket/
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=3.0
Notes : Top Rated & Recommended Marketplace
Been recommended in some way by the same guys of BTCfog, as far as we know today this marketplace is pretty reliable. requires a referral link to register both as buyer and as vendor. although not the largest, but seems to be the most stable option at this time.
5.00 (3 reviews)
Marketplace Forum Url : http://outforumbpapnpqr.onion
Sub reddit : http://http://www.reddit.com/r/Outlaw_Market
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=9.0
Notes : Top Rated & Recommended Marketplace
We kinda Missed this one until lately – Its Quickly growing and is using some interesting features, we conducted an interview with admin of the site, you can read it here
Marketplace url : themarketplace.i2p or the less friendly version: http://r35rdglu7cjmsxh5qn3v6o5q7cnejanwg4h2viuvaqavpbf5uqaq.b32.i2p Or TOR Gateway at this url: http://7z7s2qezpj3rlrww.onion/
Marketplace Forum Url : http://themarketplace.i2p/forum/
Sub reddit : http://www.reddit.com/r/themarketplace
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=22.0
Notes : Top Rated & Recommended Marketplace
Read a full usage guide here. Themarketplace An i2p based marketplace, we have mentioned it before here, since its on i2p it doesn’t have many vendors now, but seems promising, uses great security features and the admins seems like professionals.
3.75 (4 reviews)
Marketplace url : http://pandorajodqp5zrr.onion
Marketplace Forum Url : http://bl3j73taluhwidx5.onion
Sub reddit : http://www.reddit.com/r/PandoraMP/
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=4.0
Notes : *Warning: Hacked - Withraws Disabled**
Note
: Market was hacked, but still operational,  use caution, One of the new markets, some vendors are already operating there, having a some issues and complaints from time to time but working well mostly.
5.00 (2 reviews)
Marketplace url : http://ramp2bombkadwvgz.onion
Sub reddit : None
Hub Forum url : None
Notes : A Thriving Russian marketplace (forum based), i don’t speak Russian but i have heard some reports about this marketplace being legit. don’t take my word, check for yourself.
5.00 (2 reviews)
Marketplace url : http://omo6o7akcampiryq.onion
Marketplace Forum Url : http://u5z75duioy7kpwun.onion/
Sub reddit : http://www.reddit.com/r/blackbank
Notes : Now offering Multisig transactions - see the guide here
5.00 (1 review)
Marketplace url : http://torescrow7upglhe.onion
Marketplace Forum Url : http://4rtvonaubslk7vvk.onion/
Sub reddit : http://www.reddit.com/r/torescrow
Notes : Until recently was a third party escrow provider, now also offers a full marketplace
5.00 (3 reviews)
Marketplace url : http://k5zq47j6wd3wdvjq.onion
Marketplace Forum Url : http://i25c62nvu4cgeqyz.onion
Sub reddit : http://www.reddit.com/r/EvolutionMarket
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=24.0
Notes : The 4th largest market by trade volume and have been operating escrow services on TCF since June 2012
5.00 (1 review)
Marketplace url : http://yjhzeedl5osagmmr.onion
Marketplace Forum Url : yjhzeedl5osagmmr.onion/forum.php
Sub reddit : None
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=6.0
Notes : One of the new markets, small, don’t have any reports at the moment from users. was formerly known as “RoadSilk”.
Marketplace Forum Url : http://7y26aczl3wdyujkc.onion/index.php
Sub reddit : https://pay.reddit.com/r/DarkBay/
Notes : Formerly known as UltraVioletCity  - One of the new marketplaces - Still pretty small, so far seems nice.
Marketplace url : http://blueskyplzv4fsti.onion/
Marketplace Forum Url : None.
Sub reddit : http://www.reddit.com/r/blueskymarket/
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=10.0
Notes : Top Rated & Recommended Marketplace
One of the new markets, so far heard only positive reports and no issues.
4.00 (1 review)
Marketplace url : http://silkroad6ownowfk.onion
Marketplace Forum Url : http://silkroad5v7dywlc.onion
Sub reddit : http://www.reddit.com/r/SilkRoad/ & http://www.reddit.com/r/SilkRoadTwo
Hub Forum url : http://thehubaoydxrommh.onion/index.php?board=2.0
Notes : Warning - Not Recommended at all
Site was hacked - All Bitcoins stolen!
(or it was just scam, it is still not sure)

Vendors Shops

These are not marketplaces but vendors who opened their own websites, since its harder to find reliable reviews for most of these vendor shops, use your judgment before placing any funds.
5.00 (1 review)
Marketplace url : http://qqxqwkucsrhs3tuw.onion
Notes : Nidge - vending on SR2, TMP, Agora and Pandora. Just opened His own shop with deepify
Marketplace url : http://s7xmlddplvnho766.onion
Notes : My wife and I run a small medical marijuana dispensary. We deeply believe in helping and healing people!
0.25 (2 reviews)
Marketplace url : http://armory34omvkkmgr.onion
Sub reddit : http://www.reddit.com/r/The_Armory/
Notes : Vendor shop - Euro-American Blackmarket Arms Contractor.
Marketplace url : http://34j2fiy32xwuxsku.onion/
Notes : SR Vendor Trava who opened his own shop, Needs PGP verifying.
5.00 (1 review)
Marketplace url : czlmwxv4sudftz55.onion
Marketplace Forum Url : zkp3givaes3qgiw5.onion
Notes : Was a vendor on Silk Road 1, now uses hes one shop.
Marketplace url : http://mcmedsjnpy5lioen.onion
Notes : Medical Grade Hydroponic Grown 100% All Natural Cannabis • Domestic & International Sales • Escrow Offered – I have not seen any reliable reports from users so far.
Marketplace url : http://bbseyes36k6cowi6.onion/
Notes : A Shop for cannabis edibles, also operating under a clearnet site at this url: bbsey.es – Accepting BTC,LTC and others…
Marketplace url : http://j7e3cdweprxfhfgn.onion/
Notes : forum for the sale of variety of high-quality organic cannabis flowers

New Markets & Under Construction

New markets will spend some time at this part of the list until the prove themselves to be stable enough for the main section
New Marketplaces (Either new or we have no reviews about them)
Torbay url: http://tyedahhf56xli7xp.onion
Dream Market: http://ltxocqh4nvwkofil.onion
The Majestic Garden url: http://qefrdnto7feutdg7.onion/ Forum: http://e26rc2tpqcfipmob.onion/
Tor Bazaar url: http://3p42y56a76g6okuv.onion Forums: http://22iwhc2luicynjqy.onion/
Cloud Nine Marketplace url: http://xvqrvtnn4pbcnxwt.onion/ sub reddit: http://www.reddit.com/r/c9marketplace
Silkkitie url: http://silkkitiehdg5mug.onion (Finnish Silk Road) Forum (Hub): http://thehubaoydxrommh.onion/index.php?board=37.0
Deepify url: http://deepifyvyixbgkts.onion/  (marketplace for vendor shops)
French Dark Place: http://fdp2wo7or6rjt6rr.onion
Sanitarium market url: Tor: http://nyu7nlbj33ym2va3.onion/ I2p: http://sanitarium-market.i2p Reddit: https://pay.reddit.com/r/sanitariummarket/
Red Sun Marketplace Url: http://redsun4lvjrxwwuy.onion/ (the market is under construction) Forum: http://forumsyccj7ekvvv.onion/
Under construction:
Topix Vallium Url: http://topixslhezyytrvm.onion/ (still being developed – invite only)
Project Nexus Marketplace: forum- http://nexus6crq6vc7piw.onion (the market is under construction)
Cannabis road: http://forumzxmoorof4ja.onion – forum. was up and was taken down, now being reconstructed.

Misc Links

Darklist url: http://53xxbppattnascpm.onion/
A Vendors Directory
Shared Coin: https://sharedcoin.com/
provides privacy for your transactions by combining your transaction with other people’s.
Bitrated: https://www.bitrated.com/
Open Source Multisig solution
Tor Escrow: http://torescrow7upglhe.onion
Third Party escrow service
All Market Vendor directory: http;//directory4iisquf.onion
Vendor PGP key Search: http://lbnugoq5na3mzkgv.onion
Bitcoin Fog: http://fogcore5n3ov3tui.onion
Bitcoins mixer and tumbling service
Cryptscrow.net: http://bitsec6owbtqby7g.onion/
Third Party escrow service

Thursday, March 06, 2014

FBI believes small Pennsylvania hosting company is connected to Silk Road

Affidavit says JTAN, a privacy-minded firm, was backing up Silk Road's server.

On Wednesday, The New York Times published a search warrant and affidavit served upon a Pennsylvania man whom federal prosecutors accuse of running a backup server on behalf of the Silk Road, the Tor-and-Bitcoin-enabled digital drug marketplace.
The newly published documents (which are dated from September 2013) specifically mention JTAN, a small hosting firm based in Easton, Pennsylvania that accepts payment in Bitcoin and previously offered “Privacy Services.” It also sells its services via anonymous accounts.
The hosting company's site states, “JTAN offers accounts and services without requiring you to tell us your name or physical address. Regardless of the fact that you attempt to remain anonymous, all JTAN account Terms and Conditions remain in effect.”
While the court documents do not mention the owner of JTAN, whois records show that it belongs to one Christopher Nadovich of Sellersville, Pennsylvania.
Nadovich is the director of laboratories at the Electrical and Computer Engineering department at Lafayette College in nearby Easton, about 80 miles due west of New York City.
"I'm afraid that I'm not willing to comment about Silk Road," Nadovich told Ars, adding that he is still employed by Lafayette College. Nadovich also noted that JTAN is still in business—and he's looking to sell the business. He also told Ars that JTAN continues to allows anonymous customers.
For now, a search of online court records shows that no charges have been filed against Nadovich.

A thread leading back

Last month Ross Ulbricht, a young Texan, was formally indicted on charges of narcotics trafficking conspiracy, continuing criminal enterprise, computer hacking conspiracy, and money laundering conspiracy.
Ulbricht’s defense attorney, Joshua Dratel, previously told Ars, "Ross will be pleading not guilty at the arraignment. The indictment was expected and does not contain any new factual allegations. We look forward to beginning the discovery process and preparing Ross’s defense."
The new JTAN affidavit in support of a search warrant, written by an FBI agent whose name was redacted, notes that the agency has analyzed the contents of the seized Silk Road server.
It continues:
Among other data, the Silk Road Web Server contains databases used to run the Silk Road website, including databases of vendor postings, transaction records, private messages between users, and other data reflecting user activity. In analyzing the configuration of the Silk Road Web Server, the FBI has discovered that the server regularly purges data from these databases older than 60 days. Thus, the image of the Silk Road Web Server possessed by the FBI contains data reflecting only 60 days of user activity, counting back from the date the server was imaged.
However, the FBI has also discovered computer code on the Silk Road Web Server that periodically backs up data from the server and exports that data to another server. Testing of this backup script has revealed the IP address of the server to which this backup data is exported—namely, the IP address of the TARGET SERVER. Based on analysis of the backup script, it does not appear that previously backed-up data is deleted when new back-ups are made. Therefore, I believe it is likely that the TARGET SERVER contains records of user activity on the Silk Road website spanning a much longer date range than the data kept on the Silk Road Web Server.
Specifically, the FBI asked for “all data from the TARGET SERVER that contains or constitutes evidence, fruits, or instrumentalities of narcotics trafficking and money laundering,” including “relevant passwords, encryption keys and other access devices that may be necessary to access any data pertaining to the TARGET WEBSITE.”

Original thread here:   http://arstechnica.com/tech-policy/2014/03/fbi-believes-small-pennsylvania-hosting-company-is-connected-to-silk-road/

Friday, February 14, 2014

Silk Road 2 Hacked, All Bitcoins Stolen – $2.7 Miliion

Update: The amount of BTC that was stolen was calculated by Nicholas Weaver @NCWeaver – Computer Security Researcher, to be around:  4474.266369160003BTC that are with the value of about $2.7 Million.

It was just announced in a post by Defcon the Silk Road administrator (this post will be updated as soon as we get more info) -
Yes, what seemed to be an imaginary situation until not long ago, just became true, the silk road2  – the site who counted to be the security fortress of the deep web just has been hacked with its bitcoin stolen.  as he announced on the sites forums,  we pasted his post here:
Link to the original thread on Silk Road 2 Forums:  http://silkroad5v7dywlc.onion/index.php?topic=25091.msg491029#msg491029
=====Start Quote====
I am sweating as I write this.
Christmas brought grave news. I cannot adequately express how deeply honored I was by your unconditional support of my staff.
I do not expect the same reaction to today’s revelations. This movement is built on integrity, and I feel obligated to be forthright with you.
I held myself to a high standard as your leader, yet now I must utter words all too familiar to this scarred community:
We have been hacked.
Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as “transaction malleability” to repeatedly withdraw coins from our system until it was completely empty.
Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.
This attack hit us at the worst possible time. We were planning on re-launching the new auto-finalize and Dispute Center this past weekend, and our projections of order finalization volume indicated that we would need the community’s full balance in hot storage.
In retrospect this was incredibly foolish, and I take full responsibility for this decision.
I have failed you as a leader, and am completely devastated by today’s discoveries. I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow. I cannot find the words to express how deeply I want this movement to be safe from the very threats I just watched materialize during my watch.
I’ve included transaction logs at the bottom of this message. Review the vendor’s dishonest actions and use whatever means you deem necessary to bring this person to justice. More details will emerge as we continue to investigate.
Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward.
It takes the integrity of all of us to push this movement forward. Whoever you are, you still have a chance to act in the interest of helping this community. Keep a percentage, return the rest. Don’t walk away with your fellow freedom fighters’ coins. DPR2 returned the cold storage. I didn’t run with the gold. But two people alone cannot move us forward. It takes an entire community committing to integrity – and though this crushing blow will not stop us, it sure is a testament to how greedy some bastards truly are.
Being a part of this movement might be the most defining thing you do with your entire life.
Don’t trade that for greed, comrades.
I will fight here by your side, even the greedy bastards amongst us.
This community has suffered great financial loss over and over again, and I am devastated that it has happened again under my watch.
Hindsight is already suggesting dozens of ways this could have been prevented, but we must march onward.
The only way to reverse a community’s greed is through generosity. Our true character is revealed during trying times.
If this financial hardship places you at risk of physical harm, contact me directly and I will do my best to help you with my remaining personal funds.
Now what.
Never again store your escrow bitcoins on a server.
Silk Road will never again be a centralized escrow storage.
This week has shown the collateral damage we can cause by being a huge target and failing in just one unforeseen area.
I am now fully convinced that no hosted escrow service is safe.
If I cannot trust myself to keep a hosted escrow solution safe, I cannot trust anyone.
Multi-signature transactions are the only way this community will be protected long-term.
I am aggressively tasking our devs on building out multi-sig support for commonly-used bitcoin clients. Expect a generous bounty if you have the skill to implement this.
Until then.
1. We will never again allow ourselves to be a single point of failure. We will never again host your Escrow wallets.
2. Vendor registration is closed while we regroup.
3. All listings on Silk Road are now No-Escrow (Finalize-Early) for 1-2 months while we implement multi-signature transactions and lobby for mainstream Bitcoin client multi-sig support.
4. All unshipped orders have been cancelled.
5. Vendors may link to other marketplaces on a trail basis until we launch multi-sig, then we will re-evaluate based on community input. We do not want to be a centralized point of failure, but we also do not want to lead our buyers into dangerous waters.
6. From this point forward DO NOT trust markets with centralized escrow. Use multi-signature transactions whenever possible, with trusted third parties as escrow providers.
Everything will be offline for 24-48 hours to minimize variables as we continue to investigate. The evidence we have below will be expanded based on our findings.
- ——————
No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize.
We are relieved that our security procedures protected user identities, and that no servers were compromised. This was not a worst-case scenario: nobody will be getting arrested from this. Financial loss is terrible, but will not put all of us behind bars.
The details we have on the hacker are below. Stop at nothing to bring this person to your own definition of justice.
Humbled and furious,
Defcon
- ——————
# Attacker Intel as of 2014-02-13 18:00:00 UTC
We normally do not doxx anyone, and hold user information sacred. But this is an extreme situation affecting our entire community, and all three users who have exploited this vulnerability are very much at risk until they approach us directly to assist with any information.
Do not reveal any details of the attack. This will jeopardize your reward. Contact us directly.
If anyone has purchased or sold to these usernames, expect generous bounties for any information you can contribute which leads to identification.
# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:
narco93
ketama
riccola
germancoke
napolicoke
smokinglife
Transactions listed at bottom of this file. Finding Attacker 1 is top priority.
# Attacker 2: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
LethalWeapon – Australia – “stumbled upon” large amount of BTC
# Attacker 3: (Responsible for ~2.5% of theft, using same methods towards end of attack lifecycle, likely knows Attacker 1)
mrkermit – Australia
# Theft Withdrawal Transactions and historical withdrawals by Attacker 1
address,txid_cleaned
{Here some big list of withdrawal addresses with the stolen bitcoins}
=====End Quote====
Aside from the endless marketplaces being hacked every day now, this is the most shocking event we have encountered – as Silk Road being the largest DarkNet market nowadays was probably holding the largest sum of money of them all – it is not yet clear how many Bitcoins were stolen exactly, but its almost certain that this is about to become the largest theft in the Deep Web history – bigger than the Sheep Marketplace Scam that had amount equal at the time to $40 million in bitcoins stolen by its admins.
This case only serves as ANOTHER, Very Painful lesson about – why on-site escrows are bad, and should not be used! only direct transaction or mulsig escrow like the one offered at themarketplace.i2p are the safe way to conduct business on these sites.
Is this the end of the centralized marketplaces?
We sure hope so!  as we posted here again and again, they are not safe, and will always end up being hacked or having the money stolen by their admins.
So who were the hackers?
Few hours before the announcement we at DeepDotWeb received a mail saying: “SilkRoad hacked, 150 BTC stolen, you heard it first from me” this was sent to us by a reddit user who claimed since yesterday he was going to hack SR and steal the sites money – we are trying to verify if this amount matches the amounts that were stolen by the “smaller” hackers that Defcon reported in his post, the others remain unknown.
The Silk Road moderators ranged from pleading or threatening the hackers:
stealth
To a complete shock:
tang To an Apology:
docclu
The users reaction was not much different obviously and ranged between shocked / angry / desperate or accusing the sites admins to the thief’s themselves:
IS ANYONE ELSE BUYINGGGG THIS? !!! WE ARE FIXING ESCROW  WE ARE FIXING VENDOR REFUNDS? WE ARE DOING ALL WE CAN
THIS SHEEP !!!! STYLE FUCKING BY OUR TRUSTED SR GUYS ,
ITS FUCKING PLAIN AND SIMPLE ESCROW SYSTEM WAS A SCAM SO EVERY COCKSUCKER WHO DIDNT FINALZE THE COINS STAYED IN THE BANK AND OPPS WE HAVE BEEN HACKED
!!! WE ARE FIXING THE VENNDOR REFUND ? YEAH RIGHT RIGHT ANOTHER PERFECT SCAM, MORE COIN IN THE BANK AND AT THE RIGHT TIME
AGAIN OOPSS WE HAVE BEEN HACKED \
DEFCON GO FUCK YOUR SELF , U GUYS HAVE NOT DOMNE NOTHING ABOUT THE ESCROW SYSTEM , U HAVE DONE NOTHIGN ABOUT VENDOR REFUND , ALL U GUYS DID IS LET THE FUCKING BANK  BUILD UP AND SORRY GUYS WE HAVE BEEN HACKED
EVERY DOG GETS THERE DAY AND I CANT WAIT TILL I SEE ONE OF U FALL
Some even tried to help in some way.
For us – the big question is “how much”? , we will keep following up on this and updating this post as we get new information – for now, you can check out other site on this list.

Get more info here: http://www.reddit.com/r/SilkRoad/comments/1xtv7z/sr_20_hacked_all_btc_gone/

Original thread here:  http://www.deepdotweb.com/2014/02/13/silk-road-2-hacked-bitcoins-stolen-unknown-amount/

Wednesday, February 05, 2014

Alleged Silk Road creator indicted on 'kingpin' charges

 Ross Ulbricht, who allegedly went by "Dread Pirate Roberts" and operated the black market drug site, is charged with hacking, money laundering, narcotics trafficking, and operating a criminal enterprise.
 
 
 
(Credit: Silver Underground
 

The alleged operator of the online drug bazaar Silk Road, which was seized last October, has been indicted on four charges.
The US Attorney for the Southern District of New York Preet Bharara announced Tuesday that Ross Ulbricht, who allegedly went by the moniker "Dread Pirate Roberts," could now face a minimum of 30 years in prison and a possible maximum sentence of life in prison.
Ross Ulbricht allegedly operated the anonymous online drug marketplace Silk Road.
(Credit: Ross Ulbricht/LinkedIn) 
 
The charges against Ulbricht include counts of narcotics conspiracy, continuing criminal enterprise, conspiracy to commit computer hacking, and money laundering conspiracy. The "continuing criminal enterprise" charge, or "kingpin" charge, is especially serious because it's geared toward criminal organization leaders, such as mafia or drug cartel bosses, and comes with a minimum 20 years prison time. The Justice Department claims that Silk Road was used by more than 100,000 people to buy and sell illegal drugs, goods, and services since it started up in 2011. Allegedly, the site had roughly 13,000 drug listings under titles like "cannabis," "ecstasy," "opioids," "psychedelics," and "stimulants."
"Silk Road emerged as the most sophisticated and extensive criminal marketplace on the Internet, serving as a sprawling black-market bazaar where unlawful goods and services, including illegal drugs of virtually all varieties, were bought and sold regularly by the site's users," the Justice Department wrote in a statement. "While in operation, Silk Road was used by several thousand drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other unlawful goods and services to well over a hundred thousand buyers, and to launder hundreds of millions of dollars deriving from these unlawful transactions."
Ulbricht, 29, was arrested in San Francisco on October 1, 2013. He was the alleged mastermind behind Silk Road and was able to keep the site anonymous via the secure Tor browser. Purchases were typically made with the virtual currency Bitcoin and sales are said to have totaled more than $1 billion.
The Justice Department said that between November 2011 and September 2013 law enforcement agents conducted more than 100 undercover purchase of drugs from Silk Road vendors, including heroin, cocaine, ecstasy, and LSD. Since Ulbricht's arrest, authorities have also arrested a handful of other people allegedly involved with the site, including Ulbricht's alleged assistants, supposed vendors, and Bitcoin CEO Charlie Shrem. In the case of Shrem, authorities claim he was involved in a scheme to sell more than $1 million in Bitcoins for use on Silk Road.
While the FBI shuttered the Silk Road Web site in October, replacing it with a seizure notice, another black market drug site is said to have appeared in its place. Silk Road 2.0 reportedly opened for business last November -- the news was announced by Twitter user Dread Pirate Roberts, which is allegedly the same moniker as Ulbricht.

 http://news.cnet.com/8301-1023_3-57618370-93/alleged-silk-road-creator-indicted-on-kingpin-charges/