The revived online black market Silk Road says hackers took advantage of an ongoing Bitcoin glitch to steal $2.7 million from its customers.
The underground website's anonymous administrator told users Thursday evening that attackers had made off with all of the funds it held in escrow. Silk Road serves as a middleman between buyers and sellers, temporarily holding on to funds in its own accounts during a deal. Buyers put their money into Silk Road's accounts, and sellers withdraw it.
At the time of the attack, there were about 4,440 bitcoins in Silk Road's escrow account, according to computer security researcher Nicholas Weaver.
The news has shaken confidence in Bitcoin. Prices dropped sharply overnight, though they've since bounced back to about $660.
Silk Road can only be accessed on the deep Web using Tor, a special program that hides your physical location. The FBI shut down Silk Road and arrested its alleged founder in October, but shortly thereafter, tech-savvy outlaws started Silk Road 2.0 in its place.
It is primarily used to buy and sell drugs. Bitcoins are the only kind of currency accepted on the site, because they are traded electronically and are difficult to trace to individuals. But Bitcoin accounts also lack protections that most bank accounts have, including government-backed insurance.
That means the bitcoins stolen from the Silk Road users are gone forever.
The new site's administrator, a faceless persona known only as Defcon, posted a nerve-racking message Thursday night that began with, "I am sweating as I write this."
He said hackers took advantage of the same flaw in Bitcoin that knocked major exchanges Bitstamp and Mt.Gox offline over the past two weeks. That glitch allowed Silk Road hackers to repeatedly withdraw bitcoins from the site's accounts until they were empty.
In detailing the alleged hack, Defcon listed the online identities of the three supposed attackers and shared records of the transactions. And in an example of the kind of dark, dangerous world of illegal drug trade, Defcon called on the public to "stop at nothing to bring this person to your own definition of justice."
"I failed you as a leader and am completely devastated by today's discoveries," Defcon wrote, adding that the website should have followed the approach of other major Bitcoin exchanges and halted withdrawals due to the Bitcoin system flaw. Silk Road has since temporarily shut down.
Many have accused the site's administrators of faking the hack and stealing the money themselves. But in a world where drugs are outright illegal -- and there's little to no regulation of Bitcoin transactions -- it's difficult to prove anything.
It's just his kind of bad news that smears Bitcoin's credibility and keeps the currency from going mainstream.
Computer developers around the world have been working on software updates that allow exchanges to make up for the security hole in Bitcoin. The largest exchange, the Slovenia-based Bitstamp, said it was implementing a fix as early as Friday.