0 Members and 1 Guest are viewing this topic.
On Thursday "Defcon," one of the anonymous administrators of the Silk Road, declared ominously: "We have been hacked." (The message was later reposted in full to reddit.)According to rough estimates by Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California, the exploit has resulted in the site losing approximately 4,400 bitcoins, presently worth around $2.6 million, that were taken from Silk Road’s escrow account.Weaver told Ars that he came up with that figure by writing a script that looked at all the published Bitcoin wallet addresses and transaction IDs (TXID) that Defcon published, and added up the total value......"I think that it’s not a vulnerability in Bitcoin, it’s an interaction between a malfeature in Bitcoin and how people have implemented withdrawal systems in Bitcoin," Nicholas Weaver told Ars."They have a model where when you do a withdrawal it monitors the blockchain and if it doesn’t go through after a certain time it tries again. Rather than looking for the contents of the transaction it looks for the transaction ID. What the person does is they see the transaction posted and modified it slightly so the ID is different, and they broadcast that widely. They’re not fake transactions. It’s broadcasting a version of the same transactions but with a different transaction ID number. Otherwise they are identical.""It’s the accounting system that effectively has a bug in it. Part of the reason that the transaction ID is not protected by the signature is so I could say pay 100 bitcoins to this address, and other people can add in. That’s the reason why transaction ID are not cryptographically protected. It is a feature, not necessarily a bug."