Silk Road 2 administrators have revealed that hackers manipulated computer code and siphoned off £1.6m ($2.7m) worth of Bitcoin.
Silk Road 2 appeared after its predecessor, the original Silk Road, was shuttered by the FBI in 2013 and carries out the same operations like selling drugs and other illegal items and is accessible through anonymity network TOR.
The administrators revealed that the hackers made away with the £1.6m in Bitcoin by exploiting a bug that is known to affect the virtual currency in general and because of which two major exchanges suspended Bitcoin withdrawal temporarily.
Silk Road administrator going by the name Defcon revealed through a blog post “Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as ‘transaction malleability’ to repeatedly withdraw coins from our system until it was completely empty.”
For those who are not aware about transaction malleability, it is a bug through which users on the Bitcoin network can change the unique ID of a bitcoin transaction before they are confirmed and pretend that the transaction didn’t happen at all – provided all the conditions are met.
Just days before the alleged Silk Road 2 hack, a statement on Bitcoin Foundation claimed that the bug doesn’t allow anyone to steal Bitcoins; however, the bug does lead to a DDoS.
“This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds,” the statement read.
Defcon apologised for the hack and urged the hackers to return the stolen stash after keeping a share from it. “Keep a percentage, return the rest. Don’t walk away with your fellow freedom fighters’ coins”, Defcon urged.
Bitcoin value has plunged to a low of $310 levels and currently trading at $376 average on Mt Gox after the news of the theft went viral. Bitcoin values have taken a nose dive from as high as $850 just a few days back after Mt Gox, Bitstamp suspended Bitcoin withdrawal.