Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Defcon

Pages: 1 2 3 [4] 5 6 ... 9
46
Silk Road Discussion / Pending Balance Repayment Process
« on: February 21, 2014, 05:34:59 pm »
To the many of you affected by the attacks: we are committed to repaying every satoshi stolen by narco93 and others.

Continue sending any evidence you discover on narco93/ketama, your input has been very useful in the investigation.

Protecting Those in Danger

From the relaunch date until now, all commission fees have been directly diverted towards people whose lives are in danger due to the sudden financial loss.

We are very tight on funds, but based on current transaction volume all of the users in dangerous situations should be repaid by Sunday/Monday range.

Repayment Process Moving Forward

Once all users in danger are repaid, we will activate direct repayment to users.

Any time a purchase is shipped on Silk Road, the sales commission fee will immediately be deposited into a random attack victim's balance. This fee will be subtracted from Pending Balance, and added to the withdrawable Balance. Vendors with high pending balances will be slightly prioritized, but the repayment algorithm is a randomized approach.

We will publish a weekly update each Sunday on progress towards repaying all users, as well as a projected date for everyone to be completely repaid at the current week's transaction volume.

What Repayment Looks Like

Each time your account receives a commission fee, Pending Balance in your account will be converted into a withdrawable Balance of the same amount received by the fee.

If you do not have a Pending Balance, your Pending Escrow will be converted into regular Escrow.

Current purchases no longer use Escrow, our entire market is finalize-early until a reliable distributed escrow solution is implemented.

Escrow only exists for old orders, and will continue behave in the same way it always has. Staff is committed to resolving all outstanding disputes until no Escrow wallets exist throughout the entire system. Then we will disable Escrow functionality completely.

You are an amazing community

Way more sales are occurring than we expected. Thank you for fighting past this with us.

Your purchases are making a huge impact. The more we work together, the quicker we can redeem this difficult situation.

Keep the Road strong.

47
I have said before, mystery shoppers is a great idea. SR staff wont set this up so a group of us here on the forums need to create it. Im willing to get this going with you mate.

We're up for it. Collaborate with staff, it's a great idea.

48
Silk Road Discussion / Re: CNN News Silk Road Was Not Hacked.
« on: February 21, 2014, 05:24:39 pm »
CNN's interview is interesting, but it is clear that they did not read the "Full Disclosure" post. This was a problem in our accounting code which transaction malleability made exploitable. Please read "Full Disclosure" again and compare to CNN's assumptions.

49
Personally checking your account now. PM me your username and an example item transacted within the next 10min if possible.

Many people are transacting successfully, it is possible that you are experiencing the negative balance bug previously reported. Currently the system is showing 0 for negative balances, and is a known but we are working on the resolution to.

Did you experience a negative balance at any point before the attacks? Have you tried clicking "refresh deposits" link?

50
I hate to be that guy but it's been 55 min since my first log in and my coins still havent shown up. I'll try to be more patient but it's hard. Nomsayin?

PM me an encrypted message with your txid within the next 15 minutes and I will try to look into it. I don't have time to do this for everyone, but I want to make sure this is fine.

51
I had 1.9btc in pending escrow, I had two people finalize, pending escrow went to 1.7btc, account balance: 0.00btc, why?


In addition to, there is now no transaction history of finalization. weird?

Were you ever affected by the negative balance bug?

Pending transaction history will be added in a separate category to avoid confusion. Amending release notes, thank you for mentioning.

52
Silk Road Discussion / Re: Relaunch Notes
« on: February 19, 2014, 05:22:47 am »
Defcon, one transaction is missing from my account. It's not finalized, just gone.

It was in escrow since Jan. 10 and I have extensive proof of placing it. WHAT HAPPENED HERE?

Is this a glitch?
The one order I got scammed on.....ugh like wtf.

We tightened our security restrictions in many places. Old open orders (>30 days) are now in offline storage for dispute resolution purposes, only visible to senior support staff with very limited access. Your information is safe, and not on the live system.

We went through a lot of humble "what if this attack had been worse" thought processes this week as a team, and this is one of the improvements made as a result.

53
Silk Road Discussion / Relaunch Notes
« on: February 19, 2014, 05:13:09 am »
We're back. Our development team apologizes for the delays relaunching yesterday. The team was distracted investigating and resolving the PGP issue in our forums, caused by a poorly-configured spam filter.

A few notes about today's release:

1. Deposits which occurred during the downtime are all safe and will appear in your account ~30 minutes after your first login.

2. Deposits made on Feb 13th UTC which did not result in a purchase are all confirmed safe as well.

3. Many vendors requested that we not forcibly cancel unshipped orders, so we changed our mind on this. Vendors: cancel all orders you did not ship. Buyers: cancel and reorder all orders which you no longer want escrow protection for. Once all of these orders are finalized in our system, we will completely retire the escrow system.

4. All escrow functionality for orders placed before today is still functional. You should still finalize, cancel, or ship existing orders. These actions will be reflected in your pending balances and repaid accordingly.

5. All commissions are at 5%. Many vendors are showing their generosity by wanting this to be raised. We will see how sales go for the first few days and go from there.

6. All commissions are going towards community members in physical danger first. Staff is working through the backlog of inbound messages, if you have already contacted us with an urgent request, do not resend it.

7. Server load is extreme right now due to everyone excitedly refreshing, pardon any slow load times. We are waiting on the storm to calm before enabling the new support features, as we have never seen them under high load conditions before.

8. Transactions and orders over 30 days old are cleared from the live system. We archived open orders for use during dispute resolution, then will shred them as well. Do not panic if old orders are not visible, this is a new security precaution.

9. Vendors: You will notice a new "auto-withdraw" field is in your user settings. We are testing this feature, place a bitcoin address in the box if you would like to assist. We will roll this out to all users once it is confirmed working with vendors.

Over the next 24 hours:

A. Vendors will be able to donate higher percentages than 5%, and buyers will be able to browse listings by vendor generosity. This new feature is also disabled during the high server load while we ensure everything remains stable and watch closely for any hacking attempts.

B. The support interface will be enabled. We remind you to resubmit any open support requests which still apply.

C. We will be closely monitoring everything. We will not hesitate to take the site offline if we notice any abnormal behavior. From now on we will gravitate towards knee-jerk downtime reactions. I will say this though my words do nothing: Keep Calm and Carry On. Downtime means we're playing it very safe and our stomachs are sick at the concept of repeating our past mistakes.

D. Transactions involving pending balances will be added in a separate transaction history category to avoid confusion.

Long live the Road!

54
Silk Road Discussion / Relaunch Timeline + Important Reminders (UPDATE 3)
« on: February 18, 2014, 05:01:31 am »
UPDATE 3: The site is live, thank you to the dev team for a very late night of debugging.

UPDATE 2: We are waiting on a backup to restore. Site will be launched as soon as the servers are ready for it. I estimate one hour out, 23:59 UTC roughly.

UPDATE: We are delaying the launch for three hours while we investigate the forum PGP issue, official launch time is now 23:00 UTC.

Silk Road will rise again at 20:00 UTC on Feb 18, 2014.

We will relaunch the marketplace earlier in the day with transactions disabled, and enable full functionality at 20:00 UTC.

We are paying very close attention to detail, not rushing anything. Your patience is appreciated during these dark times.

To many among you facilitating unity: your words are pivotal in this movement's historic success. We are deeply grateful for you.

Important Reminders:

1. No staff were involved with the attack. I know this to be a fact. You will undoubtedly question how I know this. I wish I could tell you without damaging a crucial layer of our operational security. I would rather you call me the thief than accuse my innocent staff of wrongdoing. I will defend them with my life.

Conspiracy theories only distract from narco93's investigation. If you want to throw fuel into a lynch mob throw it into narco's lynch mob. Don't start a new riot on zero evidence, and don't post evidence publicly without consulting staff. There are many angry people here, and everyone has the potential to cause real harm to innocents. Do the community a favor and consult the people who see the big picture: staff.

Posting publicly will either cause an innocent to get hurt, or give a guilty suspect advance warning of what information we have. Give us a chance to consider the evidence's security implications for the entire community, rather than recklessly releasing potentially damning information into LE's hands.

Do not forget that we are all suspects in LE's eyes. If we find this attacker by unintentionally releasing valuable information to LE, we have all failed.

2. It is never appropriate to break someone's anonymity. There is a worrying pro-doxxing culture developing here. We have a zero tolerance policy for this. Posts will be edited, users will be banned. This community will NOT be known for violence. Doxxing only causes harm. If you are in the rare position of holding personal details about anyone involved with SR1 or SR2, releasing it will only cause loss of innocent life and unspeakable collateral damage to the community.

3. I will not be blackmailed. I will not hire hitmen. I cannot and will not pay vendors to stay here. If you hired a hitman against me, you're brilliant. Hire more, it's in the community's best interest. It is better for me to be murdered by you than to be captured by our oppressive governments. Keep me sharp. Give me incentives to maintain my OPSEC.

4. Hiniguel's posts are very disappointing. He has not responded to any personal messages for days, so I am in the uncomfortable position of publicly condemning someone I respect. I will reiterate that no current or former staff, including DPR2, were in any way involved with this attack. All evidence points otherwise. Any allegations as to who uses the DPR account are off-point and do not serve to unite or protect this community.

5. Mix your coins. We arein a difficult position. One of our hardest decisions last week was to release the BTC addresses involved with the attack. This was a compromise for anonymity, but we were backed into a corner. I do not believe the community would even remotely trust us today had we not offered this transparency. I regret the compromise of our collective blockchain anonymity, and encourage you to proactively mix all coins received from Silk Road.

Investigation Progress

It would be much easier for me if I could release all evidence I receive. It would allow my true dedication to be obvious, and for everyone to collaborate on capturing this attacker. I wish I could release why I know for a fact that it is physically impossible for any current or former staff member to have held insider information and enabled this attack. Transparency would make my life way easier, but make all of our lives much more dangerous.

I keep tight lips for a reason, and wish my lips could stay even tighter.

Summary

Do not doxx. Do not guess identities.

This is not like trolling on the clearnet. Reckless theories can cause innocent deaths. Your game may seem fun, but you harm innocents and distract from our real investigation.

To those of you who have been tirelessly helping the investigation, thank you. Your input is still valued. If you have any information about narco93, continue to send it directly to me.

Smoother seas are ahead.

Silk Road rises again today.

55
"I have failed you as a leader, and am completely devastated by today's discoveries. I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand"

this contridicts his final announcement:

"The transaction malleability bug was published last week at a time when I was disconnected from the internet for an extended period for OPSEC reasons. I did not become aware of the threat until the attack was already occurring"

Hugo, apologies for missing this original post.

It is difficult to post anything publicly knowing the scrutiny that each word receives.

Allow me to clarify:
> I have failed you as a leader, and am completely devastated by today's discoveries.
> I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported.

I should have been online and aware of the news.

> I was slow to respond and too skeptical of the possible issue at hand.

I was offline and difficult to contact.

> The transaction malleability bug was published last week at a time when I was disconnected from the internet for an extended period for OPSEC reasons.
> I did not become aware of the threat until the attack was already occurring.

I was contacted way too late, and only after taking everything offline to investigate did I have a chance to research potential explanations for the strange behavior of our accounting system.

56
Defcon you are too smart to make such a dumb mistake. You either stole the coins or you will find a way to turn future comissions into repayment for those that lost btc because of the mistake YOU made.

I encourage you to research whether smart people have made dumb mistakes throughout history.

57
Thank you for the mature response, apologies for the ban threat. You are absolutely correct in your evaluation of my stress level and need for emotional peace. May you have a great week.

58
Silk Road Discussion / The Plan for Moving Forward
« on: February 16, 2014, 02:26:15 am »
First, to dispel rumors. We are deep into the investigation of data surrounding the attacks, and it there is absolutely zero evidence of any staff member being involved. We will publish more information as we determine its accuracy, thank you to all who have contributed tips on the attackers' identities.

After much self-reflection and deliberation with community members we value highly, it is clear that there is only one way forward.

This leadership and this community will not stop until you are completely repaid.

We know you feel defenseless right now. You are naked. Many of you are convinced there is no logical reason any darknet admin would ever fight to get your coins back.

I can stand here and reiterate that all I want to do is defend you, to steer this community towards incrementally safer operation. But my words are no comfort, and I understand that. You will never meet me. We are all anonymous.

I gave a similar speech in December when we met our first impossible situation. You have no reason to trust my words. My actions will prove you wrong.

Here is the current plan. Thank you to the dedicated vendors and buyers who helped draft this approach. This is not necessarily a final plan, we are open to suggestions on how to improve this and want your feedback.

The Plan for Moving Forward as of Feb 15

1. This administration will not earn any commissions until everyone is completely paid back, and will be very transparent about the progress towards this goal.

2. The marketplace will relaunch as no-escrow. We will not re-implement escrow unless it is multi-signature and decentralized to multiple escrow providers (trusted mediators with feedback just like vendors). Never buy from a market which uses centralized escrow again. You will only get hurt no matter how honest the team is.

3. All items will be priced at a flat 5% commission which will go directly into victims' balances upon purchase.

4. Vendors who lost funds: Commissions from your items will go directly into your wallet until you are completely repaid, then will be distributed to other vendors until they are repaid. Vendor bonds are considered lost funds, and we also commit to paying these back.

5. All vendors can opt-in to give a higher percentage back on their listings, and all buyers will be presented with a "Donate" box on the shopping cart. Vendors' donation percentage will be publicly visible.

6. We will launch the support system immediately. Resubmit any open support requests you had which are still applicable. All previous messages will be ignored due to our inbound message volume. I have received over 1000 private messages over the past 24 hours, for example. This fresh start will allow us to stay on top of the support queue, rather than paying down a large debt incurred by previous administrators.

7. We will still handle dispute resolution for existing escrow orders until all balances site-wide are in "Pending Balance" category. Your stolen balances and escrows will display as "Pending balance" and "Pending escrow". Yes, like Christmas. I hoped to never have to take this approach again. All unshipped orders have been cancelled. To the vendors who have shipped orders despite no access to the portal: you are beautiful people. Try to resolve with your buyer directly, and file a support ticket if you do not receive a refund to your pending escrow balance within a month.

The plans above are subject to change as we consider your input.

The statistics are humbling:

26% of our monthly active users have lost their entire SR funds. That represents 47% of users who have purchased or sold items since launch.

Our inbound traffic has been growing at a rapid pace. The first ten days of February saw as many purchases as the entire month of January. By Feb 13, we surpassed January's total user registrations.

We strongly believe that we can work together and make this right.

Silk Road is not a name easily forgotten, and how we pull through this struggle will only solidify our name as the strongest community in the darknet.

Buyers and Vendors: We are committed to getting everyone repaid even if it takes a year. Do not forget to check your SR accounts frequently for balances repaid, and withdraw them when you see them.

Vendors:  You are welcomed and encouraged to vend on multiple markets. I only trust myself, and will not endorse any of them. But I have failed you. Wherever you vend, may you prosper.

Buyers: do not purchase using centralized escrow. Use markets which have implemented multi-signature, or only purchase with No-Escrow (FE) from VERY trusted vendors. This is not an ideal climate, but it is the reality of the darknet today. I cannot emphasize strongly enough that every market which uses centralized escrow will fail. Centralization makes a market a huge target for attackers, and a huge target for dishonest administrators.

Again, we welcome your feedback on this approach to moving forward, and will continue to refine it throughout the year based on sales data.

I don't care how long it takes or how expensive it is, we will fight to get this community repaid.


59
Lief - I would prefer my words to not be bended. If you repost this anywhere else you will be banned. Contrary opinions are welcomed, but you must represent the original author's words accurately when quoting.

> "DEFCON KEEPS ALL HIS OWN MONEY IN SR'S WALLETS"

At no point did I say this. The majority of my funds were in SR wallets, not all of it. As I have said in the original thread, I was working on building up enough balance to start a hedging service like SR1 offered. Keeping this in SR's wallet was indeed stupid, but my damage to my personal funds are not my largest regret here.

Note that the amount stolen reflects the majority portion of my funds, plus users' currency. The hit to the SR community's funds is not equal to the full amount stolen, due to many of my coins being victom as well.

> "DEFCON MOVED MONEY TO A PLACE HE KNEW IT WOULD BE EASY TO STEAL BECAUSE AF WAS GOING LIVE"

I have always had access to the entirety of all of the funds in the entire system. If I had malicious intent, I would not need to move money to a place where it is easy to steal. I would also not publicize the theft transactions or be anywhere near these forums.

> "BUT THEN DEFCON WENT OFFLINE FOR A WEEK"

At no point did I say a week, and at no point was I uncontactable. Key staff members can notify me in the event of an emergency using very creative methods we will never disclose. Unfortunately they did not fully understand the scope of the potential issue.

> "STAFF WERE SCARED OF HITTING THE KILL SWITCH WHEN THEY SAW USERS' BTC BEING STOLEN"

At no point did I say that staff saw BTC being stolen. Too few people had access to even see the problem.

> "BUT REALLY STAFF WEREN'T ABLE TO HIT THE KILLSWITCH ANYWAY, 'CAUSE DEFCON WAS OFFLINE"

At no point did I say that my presence was required to hit a killswitch. Seriously, read my words. Anyone could hit the killswitch. The fear was that if I did not return in time to boost the hot storage balance, the panic-withdrawals after a killswitch activation could cause hot storage to run dry. Killswitches were always functional and possible to activate. You are spreading misinformation and bending my words out of context.

> "BUT REALLY IT'S THE COMMUNITY'S FAULT FOR BEING MEAN"

At no point have I blamed the Silk Road community for anything. I take full responsibility. But I do admit that dealing with people like you makes this job incredibly difficult. It is very difficult to think clearly and prioritize wisely when the community you are trying to protect is accusing you of terrible things. This is not the community's fault, and is understandable. I am simply acknowledging one of the psychological stresses of our jobs and how it can adversely affect our decisions.

> "ALSO EVEN IF YOU LOSE OVER 2 MILLION OF YOUR USERS' BITCOIN, REMEMBER, IT'S OKAY IF PEOPLE HATE YOU"

At no point did I say that the balance lost reflected actual users' bitcoin. A sizable percentage of the loss were my personal bitcoins.

---

This culture of selective quoting needs to stop. Read my full post. If you summarize it, summarize it accurately.

60
Silk Road Discussion / Re: Full Disclosure
« on: February 16, 2014, 12:34:13 am »
I am catching up on a lot of communication. Can you specifically ask a full question? I have not read Hin's post yet.

Pages: 1 2 3 [4] 5 6 ... 9