One of the big news items last week was that Silk Road 2 was allegedly hacked. The underground drug marketplace’s admin, Defcon, said hackers from Australia and France did away with over 4,000 BTC, nearly $3 million USD.
The heist raised conspiracy theories almost immediately, with users suggesting the site’s admins stole funds and blamed the incident on a transaction malleability flaw in the bitcoin code that has been documented since 2011.
“First, to dispel rumors. We are deep into the investigation of data surrounding the attacks, and it there is absolutely zero evidence of any staff member being involved,” said Defcoin in a follow-up post this weekend.
But that’s not where it ends.
“After much self-reflection and deliberation with community members we value highly, it is clear that there is only one way forward,” he continued. “This leadership and this community will not stop until you are completely repaid.”
The post continues:
We know you feel defenseless right now. You are naked. Many of you are convinced there is no logical reason any darknet admin would ever fight to get your coins back.
I can stand here and reiterate that all I want to do is defend you, to steer this community towards incrementally safer operation. But my words are no comfort, and I understand that. You will never meet me. We are all anonymous.
Defcon announced a step-by-step plan which aims to instill trust in the website’s administration:
This administration will not earn any commissions until everyone is completely paid back, and will be very transparent about the progress towards this goal.
The marketplace will relaunch as no-escrow. We will not re-implement escrow unless it is multi-signature and decentralized to multiple escrow providers (trusted mediators with feedback just like vendors). Never buy from a market which uses centralized escrow again. You will only get hurt no matter how honest the team is.
All items will be priced at a flat 5% commission which will go directly into victims’ balances upon purchase.
Vendors who lost funds: Commissions from your items will go directly into your wallet until you are completely repaid, then will be distributed to other vendors until they are repaid. Vendor bonds are considered lost funds, and we also commit to paying these back.
All vendors can opt-in to give a higher percentage back on their listings, and all buyers will be presented with a “Donate” box on the shopping cart. Vendors’ donation percentage will be publicly visible.
We will launch the support system immediately. Resubmit any open support requests you had which are still applicable. All previous messages will be ignored due to our inbound message volume. I have received over 1000 private messages over the past 24 hours, for example. This fresh start will allow us to stay on top of the support queue, rather than paying down a large debt incurred by previous administrators.
We will still handle dispute resolution for existing escrow orders until all balances site-wide are in “Pending Balance” category. Your stolen balances and escrows will display as “Pending balance” and “Pending escrow”. Yes, like Christmas. I hoped to never have to take this approach again. All unshipped orders have been cancelled. To the vendors who have shipped orders despite no access to the portal: you are beautiful people. Try to resolve with your buyer directly, and file a support ticket if you do not receive a refund to your pending escrow balance within a month.
26 percent of the site’s (accessible via Tor) monthly active users have lost their funds — or 47 percent of users who have either bought or sold something on the site since launch, according to Defcon.
“I don’t care how long it takes or how expensive it is, we will fight to get this community repaid,” he said, in conclusion. (source)