Silk Road 2 moderator Defcon reported that hackers have used a transaction exploit to hack the marketplace. Some 4474.26 bitcoins worth $2,747,000 were stolen, emptying the site's escrow account.
The hackers exploited the transaction malleability bug by masking transfers and asking for the same amount of BTC multiple times to clean out the wallet.
According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods.
Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.
The site’s users are currently attempting to track down the thief.
# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:
narco93
ketama
riccola
germancoke
napolicoke
smokinglife