Bitcoin Rate Drops 10% After Silk Road 2 Hacking
Underground drugs website Silk Road 2 was hacked and the website's entire cache of bitcoin - worth $2.7 million - was stolen.
As a result the value of the popular cryptocurrency has plunged to just $400 (£240) on the troubled MT Gox bitcoin exchange after reports showed an increasing number of attacks on the currency making use of security flaw in the bitcoin code.
While the price drop has been most noticable on Mt. Gox, where bitcoin was trading at $399 on at 6:25am (GMT) on Friday, it has also dropped on other exchanges, declining to $574 and $605.88 on popular exchanges Btc-e and BitStamp, respectively.
Silk Road 2 Hack
Black market drug's bazaar Silk Road 2's operator, known as Defcon, reported the website was hacked using a transaction malleability exploit and 4474.26 bitcoins were stolen, emptying the site's escrow account.
"Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as 'transaction malleability' to repeatedly withdraw coins from our system until it was completely empty," Defcon said in a forum post.
"Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself."
Silk Road 2.0 was set up in the wake of the FBI closing down the original Silk Road last year, which was also only available on the anonymous Tor network.
Disabled withdrawals
The organisers of the site said they took too long to respond to widespread industry concern about the transaction malleability attack. The stolen coins were all stored online because of back-end developments on the site.
"I should have taken MT Gox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand," Defcon said.
The only currency accepted on Silk Road 2 is bitcoin. The website used a centralised escrow service to send and receive bitcoins from buyers and sellers, and only used the bitcoin transaction ID to confirm the transfer.
The transaction malleability bug allows hackers to mask the transaction ID and continually ask an account to deposit more bitcoins.
MT Gox and BitStamp
Earlier this week Mt Gox suspended withdrawals from its exchange claiming bitcoin's inability to handle the amount of traffic Mt Gox customers create was the problem.
It added that an inherent flaw with the way bitcoin transactions work had slowed its services to a crawl, and a temporary ban on withdrawals was needed to rectify the situation.
Also this week, several high profile bitcoin exchanges including BitStamp were forced to suspend withdrawals following "massive and concerted" DDoS attacks on their networks.
© Copyright IBTimes 2024. All rights reserved.