[dropcap size=small]I[/dropcap]t seems like Silk Road is far more resilient than most people thought. Back in May 2013, Silk Road went down due to a sustained DDoS attack, but site admins were soon able to restore the service. Then in October 2013, the United States FBI shut down the illegal online drug marketplace and arrested the site's owner - Ross Ulbricht, formerly only known as "Dread Pirate Roberts". Many Silk Road users feared that the site was gone for good, but on 6 November 2013, site admins launched "Silk Road 2.0," which promised improved security over the previous site. Despite these claims, three alleged Silk Road admins were soon arrested on 20 December 2013. This was when the new admin, known only as "Defcon", stepped in. Defcon lamented Silk Road's recent troubles, but promised to continue services and make sure that the site was in working order. For the next month or two, SR2.0 was actually online and functioning. But on 13 February 2014, Silk Road 2.0 was hacked, resulting in the loss of over 4000 bitcoins. Apparently due to transaction malleability, the site's centralized escrow service was compromised, and many believed that this was the final nail in Silk Road's coffin.
"I am sweating as I write this...
...We have been hacked."
Interestingly, around this time, Mt. Gox was also blaming its troubles on transaction malleability. And since most bitcoiners found Gox's claims dubious, many believed that the Silk Road 2.0 heist was an inside job. However, Defcon soon promised to reimburse the stolen bitcoins, and surprisingly, he kept his word.
Silk Road 2.0 lost about 4500 BTC, roughly $2.2 million at the current exchange rate. The theft affected approximately 47% of the site's users. Although $2.2 million is an enormous sum to repay, at least half of the site's hacking victims have been fully reimbursed since 8 April. SR2.0's staff has not made any commission on sales since 15 February, since, under the new system, 5% of each sale is awarded to a random hacking victim. Defcon provided Motherboard with the following screenshot detailing repaid balances:
Interestingly, although many users have been reimbursed, quite a lot have never logged back in to their accounts since the heist. As a result, over 1000 bitcoins are simply lying around unclaimed on users' accounts. It's possible that these users have become too skeptical of the site's security to ever log back in to their accounts.
“Like so many other hacks/seizures/scams, many [users] could not believe that we would ever be able to give back what was stolen, or that we would even promise such a thing. They have stayed away from Silk Road and possibly the Darknet in general.”
-DoctorClu, Silk Road 2.0 staff
However, the users who have claimed their previously stolen bitcoins have begun to restore their faith in the service.
"I have also now been fully paid back. Cheers guys :)"
-The Jigsaw Puzzle
"Very nice surprise when I logged in!"
"partial pay is better than fully scammed. some faith restored."
Silk Road's effort to rebuild itself really is fascinating. After SR2.0 was hacked, the site admins could have easily started a new service under an alias instead of trying to recover users' money. It's ironic that the admins of such a massively illegal operation would have more ethics and morals than a supposedly legitimate service such as Mt. Gox.
"We will fight to get this community repaid."
Headline image by jdyf333 on Flickr.
Last modified (UTC): April 24, 2014 4:10 PM