Silk Road Forums

I also have deep respect for backopy, and would work alongside him in a heartbeat. We serve the same community, and he is possibly the only unquestionably-ethical administrators in the darknet. I hope to also share that title after proving my words, but it's a long road and backopy deserves much respect.

I wish our fee earnings could cover our losses, and would absolutely cover everyone's losses immediately if I could. This is my mistake, and I hate that the very cause I hope to devote my life to was damaged by my oversight. I would do anything to refund everyone and just move forward.

So the coins were in hot storage because 3 days later some of them would be used for AF? why have them sit in hot storage for 3 days?

Not being sarcastic or provocative or w.e, I just really don't get it.

We thought we would be ready to launch during the weekend, and were delayed. I should have withdrawn hot storage immediately, this is completely my fault. Projecting release dates when collaborating with developers anonymously is very difficult. For those three days, I honestly believed we were within 6 hours of the code being ready to launch at any moment. Again, completely my fault for not withdrawing hot storage immediately after we missed the weekend launch window. (reference last week's "Weekend Update" thread)

I am deeply thankful for the hundreds of supportive messages I've received. I am consistently blown away by how the core of this community come together in times of strife.. To the multitude of you who lost faith in Silk Road, I still am glad I've heard your words.

I am still devastated that I have failed you. And even I have fallen victim to this attack – the majority of my personal earnings are completely gone. My life is not in danger though, and my identity is still protected – I’m thankful for this.

So now, it’s time to share with you our plan to move forward.

I realize you have no way of knowing whether I'm telling the truth, on anything. Trying to communicate the authenticity of my true character on the darknet is difficult to say the least, and I do not expect any of you to take me at my word. But my actions over the next few weeks will speak louder than words ever could, and if you stick around you’ll realize this.

Silk Road is Not Dead

We are here to stay, and for the most part, I believe our values are the same as yours – the community’s. And even though I represent the latest idiot to make a security mistake, I am unlike those who simply give in, and am determined to use lessons learned to fight for this community's long term security.

I'm focusing on multi-signature transactions as our only safe trading mechanism long term. Additionally, I am ready and willing to collaborate with other darknet administrators and utilize our talented penetration testing team to help them to regularly audit their security.

And although the tinfoil club will probably hate this and continue to tear me to shreds without regard for my actions in December, and whether you choose to believe them or not, here are the facts:

1. I live a very busy and complicated life. I take OPSEC to extreme levels which consume many of my hours per day. Any time you see me here, it means I have completed a checklist which requires over an hour of preparation for me to reposition and reconfigure many things to ensure I leave the most minimal trail possible and can "safely" connect to this place. This job will never be safe, and it is impossible to be perfectly covert. I know what I am facing, both from LE and from vendors who do not share my opinions of non-violence.

2. All released announcements were my true plans, and all delays were due to unanticipated external factors upon which I cannot elaborate. My staff has been very frustrated at my lack of ability to keep the dev team on time. Again, this is completely my fault and something for which I take complete responsibility. I do not trust any developers, so I meticulously review anything the dev team sends to me. Many have criticized me for this, and I listened to them. Had I reviewed the code EVEN MORE meticulously and delayed the fix to speed up slow withdrawals last month, transaction malleability would not have affected us at all. This is completely my fault for listening to critics instead of my own sense of caution.

3. The public has known that auto-finalize has been disabled for a long time, and has known that the escrow balance is massive.

4. Any smart person could deduce that re-enabling of auto-finalize requires me to move a vast sum from cold storage to the hot storage wallet to ensure adequate fund availability (which admittedly was too large and one of my biggest failures this month). The attack was surgical and timed perfectly.

The reason such a high quantity of coins was stolen was because we were preparing to implement auto-finalization and had therefore moved a huge volume from the cold storage to the hot storage to ensure the coins from all auto-finalized orders could be withdrawn without a hitch.

Here are as many details on the attack as I can provide. I am still investigating, and do not want to leak anything which could compromise any other markets. Transparency in this issue is key, however, you deserve as granular an explanation as possible as to why this happened.

SR2 Attack Investigation Results as of Feb 15

1. When withdrawal delays were happening last month, we wrote a custom bitcoin implementation using several available libraries a reference, and built it on a shared infrastructure to load balance across accounts and provide risk mitigation if ever one server was compromised.

2. As this implementation was being written by behind-the-scenes dev staff, a lynch mob was getting exponentially worse in the forums. Our moderator staff became more and more insistent that it was crucial to fix this problem immediately, relaying to me many concerns, and threats, from the community.

3. We cut a corner, deciding to watch transactions. Many community members were reporting missing withdrawals, weeks after sending them. We implemented a liberal check to the "Refresh Deposit Balances" link on the account page - in essence, we allowed it to search deeply for any missing coins, rescanning and rescanning. One of our team members was familiar with MtGox's procedures and source code and vouched for the idea. Our thoughts were that if the largest bitcoin exchange was using this approach to find missing coins, it must be commonplace. (I received her/his permission to publish this.)

4. The transaction malleability bug was published last week at a time when I was disconnected from the internet for an extended period for OPSEC reasons. I did not become aware of the threat until the attack was already occurring. This was a failure on my part to trust more staff with critical access to stop withdrawals. The people who did have access to disable withdrawals were terrified of doing it without my permission, due to how negatively the community reacts when withdrawals are turned off. They knew if they disabled withdrawals, then re-enabled them, there would be a run on the bank and I would need to be online to deposit cold storage into hot storage. In effect, this was my failure to emphasize to staff that it is ALWAYS okay to lean on the side of caution and hit killswitches as they deem necessary. It was also my failure to communicate expectations to the community that sometimes killswitches will have to be hit, and it just means we're playing it safe. This month it is clear we did not play it safe. Killswitches are pointless if the only person confident enough to hit them is the boss.

5. The attacker used an account first registered in early Jan to try exploiting the vulnerability. Looking back at the account's history indicates that this account has been used to pentest many aspects of our system unsuccessfully. Every previous attempt to find an attack vector failed, due to hardening done by our penetration testing team. I had previously seen these attempts in the logs as something to celebrate: "Look, our hardening is working, this hacker would have won, but we put security over features!" - Several people suggested disabling the hacker's accounts, but that is pointless in our business as anyone can simply re-register.

6. We are still unclear as to the exact approach used to cause our servers' perception of transactions to mismatch with reality, because we have largely been focusing on preparing for relaunch and building communication to share with you, the community, over the past day. To the best of our understanding, the attacker deposited increasingly larger amounts of bitcoins, and withdrew them while flooding the blockchain with DDoS of similar transactions.

7. Our system reflected his withdrawals, and his account showed as zero.

8. The attacker rapidly clicked "Refresh deposits" link until our code assumed that the transaction failed (all indications point to malleability as the root case). Our system re-credited his account with the X BTC it judged "unsuccessfully" withdrawn. This, again, due to the liberal rescanning mechanisms added last month (see point 3).

9. In reality, our servers perceived the transactions inaccurately and the BTC were successfully withdrawn. As a result our system inaccurately represented the user's balance as larger than it truly was. This allowed the attacker to withdraw coins again.

10. The attacker began depositing larger amounts, such as 50 BTC at a time, in order to exploit the vulnerability quickly.

11. They then drained our entire hot storage in one bitcoin server shard, and tried the attack from one of their other accounts. The other account was on a different shard, and allowed that hot storage to be drained.

12. The attacker continued using different accounts until virtually all of our hot storage shards were drained.

Due to the type of vulnerability, our accounting system had an inaccurate perception of bitcoins on hand and therefore did not trigger any alerts until real user withdrawals began failing unexpectedly. This was a failure on our part to build a new server alert to check each shard of the new shared bitcoin infrastructure, and another symptom of how rushed we were when implementing the new system during a forum lynch-mob about slow withdrawals.


Lessons learned so far:

1. More staff should have access to killswitches and should not be afraid to use them. Even if it's just because of some news post about on clearnet about some "Transaction Malleability" thing. Killswitches should be used liberally and regularly.

2. A community needs to be comfortable with regular downtime - especially during periods when community safety and the safety of its money could be threatened. A good staff will be responsibly paranoid and hitting killswitches as they deem necessary, and should not be afraid of their community panicking each time precaution is exercised.

3. There’s more to web security than rigorous penetration testing. It also requires the constant review of external services, systems and infrastructures.

4. Never make assumptions when implementing protocols you did not design. Had we not trusted MtGox's staff procedures, we would have reviewed our approaches with much more rigor. Just because a large company's procedures are successful does not make them are safe.

5. Accept that your community will hate you regardless. In the darknet, you will be crucified by your community if anything ever goes wrong. Psychologically prepare for everyone to hate you, because you inevitably will fail at something, and you will need to stay determined no matter what. Don't let it get to your head, and don't let it affect your rigor with security. We cut corners with our deposit/withdrawal speed optimizations because we were afraid of the lynch-mob. We were foolish in this regard. We should have taken the entire site offline for as long as it took to implement a high-volume fault-tolerant bitcoin server in a well-tested, rigorous manner. This cost us an unspeakable amount of trust that we had slaved to build, some of us for years.

This is where we're at, with as much transparency as this medium allows:

The worst that could happen did not happen.

The worst thing that could happen for our community's finances, however, did.

We hate that it occurred under our watch.

There is nothing we can do to change this. All we can do is be transparent about where we are at, and move forward.

To those who will respond here for dramatic effect, please consider contributing your energy to the reconstruction of our community. If you cannot bring yourself to do this, then please take your negativity elsewhere. This is simple. If you have lost faith in Silk Road, I don't blame you in the least. I also do not want to read about it in perpetuity.

Trolling is easy. Trolling during a disaster is cowardice. Choosing to strengthen rather than troll, when trolling is the popular move - that's noble. I know that I speak for all Silk Road staff, seen and unseen, when I speak these words: We are going nowhere. We will remain, rebuild, and move forward toward the greater goal for which we strive by our running of this marketplace: Personal freedom and foundational human rights.

Silk Road will always rise again.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I am deeply thankful for the hundreds of supportive messages I've received. I am consistently blown away by how the core of this community come together in times of strife.. To the multitude of you who lost faith in Silk Road, I still am glad I've heard your words.

I am still devastated that I have failed you. And even I have fallen victim to this attack – the majority of my personal earnings are completely gone. My life is not in danger though, and my identity is still protected – I’m thankful for this.

So now, it’s time to share with you our plan to move forward.

I realize you have no way of knowing whether I'm telling the truth, on anything. Trying to communicate the authenticity of my true character on the darknet is difficult to say the least, and I do not expect any of you to take me at my word. But my actions over the next few weeks will speak louder than words ever could, and if you stick around you’ll realize this.

Silk Road is Not Dead

We are here to stay, and for the most part, I believe our values are the same as yours – the community’s. And even though I represent the latest idiot to make a security mistake, I am unlike those who simply give in, and am determined to use lessons learned to fight for this community's long term security.

I'm focusing on multi-signature transactions as our only safe trading mechanism long term. Additionally, I am ready and willing to collaborate with other darknet administrators and utilize our talented penetration testing team to help them to regularly audit their security.

And although the tinfoil club will probably hate this and continue to tear me to shreds without regard for my actions in December, and whether you choose to believe them or not, here are the facts:

1. I live a very busy and complicated life. I take OPSEC to extreme levels which consume many of my hours per day. Any time you see me here, it means I have completed a checklist which requires over an hour of preparation for me to reposition and reconfigure many things to ensure I leave the most minimal trail possible and can "safely" connect to this place. This job will never be safe, and it is impossible to be perfectly covert. I know what I am facing, both from LE and from vendors who do not share my opinions of non-violence.

2. All released announcements were my true plans, and all delays were due to unanticipated external factors upon which I cannot elaborate. My staff has been very frustrated at my lack of ability to keep the dev team on time. Again, this is completely my fault and something for which I take complete responsibility. I do not trust any developers, so I meticulously review anything the dev team sends to me. Many have criticized me for this, and I listened to them. Had I reviewed the code EVEN MORE meticulously and delayed the fix to speed up slow withdrawals last month, transaction malleability would not have affected us at all. This is completely my fault for listening to critics instead of my own sense of caution.

3. The public has known that auto-finalize has been disabled for a long time, and has known that the escrow balance is massive.

4. Any smart person could deduce that re-enabling of auto-finalize requires me to move a vast sum from cold storage to the hot storage wallet to ensure adequate fund availability (which admittedly was too large and one of my biggest failures this month). The attack was surgical and timed perfectly.

The reason such a high quantity of coins was stolen was because we were preparing to implement auto-finalization and had therefore moved a huge volume from the cold storage to the hot storage to ensure the coins from all auto-finalized orders could be withdrawn without a hitch.

Here are as many details on the attack as I can provide. I am still investigating, and do not want to leak anything which could compromise any other markets. Transparency in this issue is key, however, you deserve as granular an explanation as possible as to why this happened.

SR2 Attack Investigation Results as of Feb 15

1. When withdrawal delays were happening last month, we wrote a custom bitcoin implementation using several available libraries a reference, and built it on a shared infrastructure to load balance across accounts and provide risk mitigation if ever one server was compromised.

2. As this implementation was being written by behind-the-scenes dev staff, a lynch mob was getting exponentially worse in the forums. Our moderator staff became more and more insistent that it was crucial to fix this problem immediately, relaying to me many concerns, and threats, from the community.

3. We cut a corner, deciding to watch transactions. Many community members were reporting missing withdrawals, weeks after sending them. We implemented a liberal check to the "Refresh Deposit Balances" link on the account page - in essence, we allowed it to search deeply for any missing coins, rescanning and rescanning. One of our team members was familiar with MtGox's procedures and source code and vouched for the idea. Our thoughts were that if the largest bitcoin exchange was using this approach to find missing coins, it must be commonplace. (I received her/his permission to publish this.)

4. The transaction malleability bug was published last week at a time when I was disconnected from the internet for an extended period for OPSEC reasons. I did not become aware of the threat until the attack was already occurring. This was a failure on my part to trust more staff with critical access to stop withdrawals. The people who did have access to disable withdrawals were terrified of doing it without my permission, due to how negatively the community reacts when withdrawals are turned off. They knew if they disabled withdrawals, then re-enabled them, there would be a run on the bank and I would need to be online to deposit cold storage into hot storage. In effect, this was my failure to emphasize to staff that it is ALWAYS okay to lean on the side of caution and hit killswitches as they deem necessary. It was also my failure to communicate expectations to the community that sometimes killswitches will have to be hit, and it just means we're playing it safe. This month it is clear we did not play it safe. Killswitches are pointless if the only person confident enough to hit them is the boss.

5. The attacker used an account first registered in early Jan to try exploiting the vulnerability. Looking back at the account's history indicates that this account has been used to pentest many aspects of our system unsuccessfully. Every previous attempt to find an attack vector failed, due to hardening done by our penetration testing team. I had previously seen these attempts in the logs as something to celebrate: "Look, our hardening is working, this hacker would have won, but we put security over features!" - Several people suggested disabling the hacker's accounts, but that is pointless in our business as anyone can simply re-register.

6. We are still unclear as to the exact approach used to cause our servers' perception of transactions to mismatch with reality, because we have largely been focusing on preparing for relaunch and building communication to share with you, the community, over the past day. To the best of our understanding, the attacker deposited increasingly larger amounts of bitcoins, and withdrew them while flooding the blockchain with DDoS of similar transactions.

7. Our system reflected his withdrawals, and his account showed as zero.

8. The attacker rapidly clicked "Refresh deposits" link until our code assumed that the transaction failed (all indications point to malleability as the root case). Our system re-credited his account with the X BTC it judged "unsuccessfully" withdrawn. This, again, due to the liberal rescanning mechanisms added last month (see point 3).

9. In reality, our servers perceived the transactions inaccurately and the BTC were successfully withdrawn. As a result our system inaccurately represented the user's balance as larger than it truly was. This allowed the attacker to withdraw coins again.

10. The attacker began depositing larger amounts, such as 50 BTC at a time, in order to exploit the vulnerability quickly.

11. They then drained our entire hot storage in one bitcoin server shard, and tried the attack from one of their other accounts. The other account was on a different shard, and allowed that hot storage to be drained.

12. The attacker continued using different accounts until virtually all of our hot storage shards were drained.

Due to the type of vulnerability, our accounting system had an inaccurate perception of bitcoins on hand and therefore did not trigger any alerts until real user withdrawals began failing unexpectedly. This was a failure on our part to build a new server alert to check each shard of the new shared bitcoin infrastructure, and another symptom of how rushed we were when implementing the new system during a forum lynch-mob about slow withdrawals.


Lessons learned so far:

1. More staff should have access to killswitches and should not be afraid to use them. Even if it's just because of some news post about on clearnet about some "Transaction Malleability" thing. Killswitches should be used liberally and regularly.

2. A community needs to be comfortable with regular downtime - especially during periods when community safety and the safety of its money could be threatened. A good staff will be responsibly paranoid and hitting killswitches as they deem necessary, and should not be afraid of their community panicking each time precaution is exercised.

3. There’s more to web security than rigorous penetration testing. It also requires the constant review of external services, systems and infrastructures.

4. Never make assumptions when implementing protocols you did not design. Had we not trusted MtGox's staff procedures, we would have reviewed our approaches with much more rigor. Just because a large company's procedures are successful does not make them are safe.

5. Accept that your community will hate you regardless. In the darknet, you will be crucified by your community if anything ever goes wrong. Psychologically prepare for everyone to hate you, because you inevitably will fail at something, and you will need to stay determined no matter what. Don't let it get to your head, and don't let it affect your rigor with security. We cut corners with our deposit/withdrawal speed optimizations because we were afraid of the lynch-mob. We were foolish in this regard. We should have taken the entire site offline for as long as it took to implement a high-volume fault-tolerant bitcoin server in a well-tested, rigorous manner. This cost us an unspeakable amount of trust that we had slaved to build, some of us for years.

This is where we're at, with as much transparency as this medium allows:

The worst that could happen did not happen.

The worst thing that could happen for our community's finances, however, did.

We hate that it occurred under our watch.

There is nothing we can do to change this. All we can do is be transparent about where we are at, and move forward.

To those who will respond here for dramatic effect, please consider contributing your energy to the reconstruction of our community. If you cannot bring yourself to do this, then please take your negativity elsewhere. This is simple. If you have lost faith in Silk Road, I don't blame you in the least. I also do not want to read about it in perpetuity.

Trolling is easy. Trolling during a disaster is cowardice. Choosing to strengthen rather than troll, when trolling is the popular move - that's noble. I know that I speak for all Silk Road staff, seen and unseen, when I speak these words: We are going nowhere. We will remain, rebuild, and move forward toward the greater goal for which we strive by our running of this marketplace: Personal freedom and foundational human rights.

Silk Road will always rise again.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS//M9AAoJECRwq0imSkC0rEgP/iH0+H6k3WkgYO69WBy/PQkv
SRYa18N1dXctQeo6x3aS6KlWS9ncdGXt/HK0l0M3+R82UmowSluY0K8EU1I3odIo
df9sNbZcDW4S1lahqCoObJ8ITYJKVvQVOREm7AqaKixA+atYoiJ42yAsl+zS4Hd7
uw2uxxKm6LfDQ8CYOTrtEp3Lhp0Y/GTgM/7gIXvQy9HYEJTG5f3aYpnVSbSC4yjR
8Y9lsznn0NWoXMR9i7SAP2WxCEdnZni/m7uqmVLu41JNDdbjBeRCAnKFYmZTEKXi
/0Oesl97Ni7/qiAQehZeo/qbQxgRLp+2Voa16LXBVC9UttmpzyRaMGK8raHOx//c
LHRWqRKmSgOHLCcDEsWuDbJD9Nrfq6Ih7Sn1rYe6gwVE2hwV6xHcmr5LVBHzaKwE
U4tYxH/TmcfoSBUP8OFtz5GfEz/XHZv50t388CRWBEDqtpPE+g9vIxbYBBFrfr0P
aDKkZ5MeVsjs3wO146Adv27tK5i8i5J1Lb8SGPh0y8B9jxHFail0AbuVhppwzjho
m1eN8hjx7xnROIBZejhCFWSADE6vfZ6ttmATmGrjpuRmV93Ce25aj1t+VsXa2jim
ff7+PYn/dM0tBLW+mxCklvw10jjfKDexNBIGQ7lTPu75WvUCUFtQVqzTAY7nL2Mt
p2gJK+Oftq1t+0o/esa7
=G++m
-----END PGP SIGNATURE-----


UPDATE 2: After further investigation this issue is more serious than we expected, we are taking the site offline immediately to ensure we find the root of the problem quickly.

UPDATE 1: The site is back online as we continue to investigate, we have disabled the accounts generating the unusual load.

Staff has taken the marketplace offline for unplanned maintenance to investigate unusual server load, in response to a safeguard alert.

I will update this post with more information as we investigate the issue.

UPDATE 6: Launch rescheduled. Updates continue in this thread: http://silkroad5v7dywlc.onion/index.php?topic=22969.0

UPDATE 5: The new CAPTCHA system has been implemented, resolving the affected login failures.The support UI integration is almost complete as well. Our latest test pass in our offline environment revealed that while placing tickets older than seven days into a "Resolved" status, the system would occasionally throw an error which gets placed into the ticket and caused it to re-open all those it had processed.

We are troubleshooting the root cause of the error as we speak. Once that is found/rectified, we will attempt another sync and implement it into production. Apologies for yet another delay, but once complete, support will be able to respond quicker than at any point in Silk Road's history.

UPDATE 4: The hardening took more hours than expected, the dev team has delivered the improved code to the security team but they are still in the process of testing it. We apologize for the delays getting this out. This fix to the new release was essential and could not be postponed. Our next opportunity to release is in ~10-14 hours with all dev staff online. Will update here when we know the exact time.

UPDATE 3: Launch is unlikely for the 28th, our security team just raised a very valid concern. We are playing it safe, hardening code, then will be launching on the 29th. Staff apologies for the delays, we prioritize security above features no matter how long-awaited they are.

UPDATE 2: A server update is taking longer than expected. Rather than be offline for more than an hour, we are pushing back the window again. As a result of this update the downtime will only be thirty minutes, and will start at 17:00 UTC.

UPDATE: Pushed back a few hours to 15:00 to ensure that all of the dev team is online during the launch, and because one of your admins is very hungover. Good morning cruel world.

The team has been working very hard behind the scenes to keep deposits/withdrawals flowing quickly, and to continue scaling our infrastructure in ways that still preserve security.

We are now ready to launch two important changes to the marketplace:
1. New Support System - Staff has had access to an incredible new support interface for over a week now, and after security test results we have decided that it is safe to continue the rollout to marketplace customers. You may notice a new response from staff which you did not previously see. This is not a bug, it is a symptom of staff testing the new interface by responding to you before launch.

IMPORTANT: In order to help staff resolve the massive support backlog as quickly as possible, we are marking all issues over seven days old as resolved. This does not mean we are ignoring you. If you are affected by this, simply open the support request and add a new message. This will re-open the request. This might seem like a strange approach, but it will allow our staff to focus on actually resolving issues rather than sending hundreds of "Does this issue still exist?" responses.

2. CAPTCHA Improvement - We have rewritten the CAPTCHA system, resolving a bug affecting login and registration.

Staff appreciates your support as we have been heads-down writing and testing these updates.

I will update this post when the launch is complete.

THANKS FOR THANKING A++++++ COMMUNITY MEMBER FAST FEEDBACK WOULD BUY AGAIN

Quote from: Defcon on January 14, 2014, 08:25:47 am

Quote from: giancarlo on January 14, 2014, 05:38:09 am

Mods?  Can anyone comment?

We use an average of several top exchanges, a few of which seem to be returning lagged BTC rates. This has been a pain since launch - there is a real lack of reliable data out there. We have switched providers several times and tweaked the formula, but users complain the same amount as before. Some day we'll have time to research this further and get it right, but at the moment there are way higher priorities.

Defcon, you likely will not see this and thus not respond but this isn't an issue of complaining about what rate SR is using and how they come about it.  There is a BUG in the system that just started yesterday where the rate DOES NOT CHANGE at all.  It is FROZEN for some reason and luckiliy the price of BTC hasn't flucuated violently enough for it to matter too much but there is clearly a problem where the rate is just plain not updating anymore, regardless of how SR is coming up with the rate.

We use an average of several top exchanges, a few of which seem to be returning lagged BTC rates.

"a few of which seem to be returning lagged BTC rates."

It doesn't matter how often we update a rate if our providers are returning the wrong values.

Fixing this is on the list.