Silk Road 2.0 moderator “Defcon” posted an announcement about the attack on the site’s forum over the weekend, referring to it as using the “most advanced methods we have yet faced.” Defcon said that the marketplace was taken down by the Silk Road 2.0 team as a defensive move, and suggested that the attack was likely an attempt to locate the group’s servers through packet analysis. “[We] do not want to make it easy for our adversary and would rather be offline while we adapt our defenses,” Defcon explained.
In their coverage of the attack, CoinDesk noted that Defcon also issued a second statement claiming that all bitcoin transactions were still being processed, with delayed withdrawals being given priority.
Agora began experiencing similar issues on Saturday before being taken offline early Sunday morning. Although unconfirmed, it is likely that the marketplace’s administrators also took the site offline in an attempt to respond to security issues without accidentally leaking IP data. CoinDesk reported that one of the last official notifications from the Agora team stated that “Our primary goal is to stay hidden from law enforcement agencies and secure from hackers.”
It’s not clear if the DDoS is originating from a law-enforcement agency or a hacking collective, although the former possibility seems more likely given the nature of the attack. Both sites are obscured by Tor, making locating a physical server — a key to any prosecution case — very difficult. Similar techniques may have been used by the FBI to locate the original Silk Road’s server, prompting concerns that the data was gathered illegally, and thus not admissible in court. The constitutionality of the FBI’s search methods is very likely to play a part in the upcoming case against accused Silk Road mastermind Ross Ulbricht. The timing of the attacks could indicate concerns among investigators that search method may soon be ruled unconstitutional, as a motion to discuss the FBI’s methods is already under consideration by the court.