New Silk Road hacked for $2.6 million via Bitcoin glitch

The latest incarnation of Bitcoin black market site Silk Road had been hit by the same “transaction malleability” glitch that recently took down Mt.Gox and Bitstamp. A message from site administrator “Defcon” was leaked to Reddit yesterday outlining the issues on Silk Road. According to the email, no account information was hacked, and all of the funds were taken from the Silk Road escrow account. Ars Technica estimates the loss to be around 4,400 BTC, or roughly $2.6 million.

In the email, Defcon blames his own skepticism of the potential threat and slow action for the crime.

I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand. It is a crushing blow.”

The Silk Road operates in the “darknet” of the Tor network, and is the second Bitcoin-based black market site to use the name. The previous version was closed in October of 2013 following the arrest of Ross “Dread Pirate Roberts” Ulbricht, and the connection of the current Silk Road to the original is tenuous at best. The “Silk Road 2.0” experienced its own legal troubles in December of last year, with current admin Defcon stepping in at the start of 2014.

No plan to compensate those effected by the theft has been announced by Silk Road, although Defcon did take the unusual stance of suggesting users “dox” (expose the real identity) the thieves to site administrators should the opportunity present itself. In his email, he wrote:

The details we have on the hacker are below. Stop at nothing to bring this person to your own definition of justice. … Do not reveal any details of the attack. This will jeopardize your reward. Contact us directly. If anyone has purchased or sold to these usernames, expect generous bounties for any information you can contribute which leads to identification.”

More details to come as the story develops.