Black Market Cannabis Road Hacked, $100k in Bitcoin Lost

The future of online black market Cannabis Road is now uncertain after $100,000 in bitcoin was stolen by hackers.

AccessTimeIconAug 25, 2014 at 6:55 p.m. UTC
Updated Aug 18, 2021 at 3:15 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Screen Shot 2014-08-25 at 1.59.35 PM
Screen Shot 2014-08-25 at 1.59.35 PM

Cannabis Road is now offline after suffering from an attack that saw hackers abscond with 200 BTC or roughly $100,355 at press time.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Users who attempt to access the online marketplace dedicated to cannabis products are now presented with a message from lead developer 'Crypto' detailing the attack and the potential paths forward for the development team.

    Crypto writes that he discovered the theft at roughly 10:15 AM UTC, after logging into Cannabis Road's bitcoin wallet and noticing the balance was near zero.

    He recalls:

    "At first I thought it was a mistake, until I double checked, and triple checked, only to find out, we had in fact been robbed not 15 minutes earlier!"

    The developer goes on to reveal the bitcoin address allegedly holding the stolen funds, before asserting that he does not yet know how the money was stolen.

    Crypto concludes his message by issuing an apology to site users while expressing his current uncertainty over whether the project will be able to continue, adding:

    "I am deeply sorry that I have failed you as a developer and a leader, and if I can figure out how this happened, maybe you will find it in your hearts to move past this and help us bring Cannabis Road back to life once again."

    Multisig employed

    The success of the attack is particularly notable given that Cannabis Road had moved to integrate safeguards aimed at better protecting user funds through multi-signature technology, an evolution of the traditional wallet offering that introduces an arbitrator to the transaction process.

    In a May interview with DeepDotWeb, Crypto indicated that Cannabis Road was using a hybrid version of multisig, however, in part to make the technology easier for its customers to use.

    At the time, he indicated that Cannabis Road had added three levels of multisig in response to a rise in attacks against illicit websites, explaining:

    "All three levels start off the same, asking for public keys of the buyer, vendor and market to create the shared (multisignature) address. The buyer sends funds to the shared address. Once the buyer is happy, the buyer agrees to finalize the order, this is where the three levels are offered."

    Two more advanced levels were added on top of this service, both of which put restrictions on the situations in which users would be asked to send their private keys.

    Transparency promised

    Crypto also promises Cannabis Road users that he will share information on the attack as it was discovered in order to provide more information to the broader deep web community.

    Further, he estimates the damage of the attack to be significant for the online marketplace's brand, suggesting that whether it continues to exist will be up to the site's community.

    Crypto wrote:

    "I don’t know if Cannabis Road will continue to exist or not at this point, because there may be no reasonable way for us to recover from this."

    Notably, the site had suffered an early hack under the care of a previous developer in February. Though no funds were stolen in this attack, the incident did result in a leadership change, with Crypto taking the role of lead developer for the site.

    cannabis road
    cannabis road

    The setback is the latest for the deep web's illicit online marketplaces, which have been the target of a number of attacks so far this year.

    Silk Road 2.0 suffered a significant hack in February during which it lost more than $2.6m in bitcoin in what was perhaps the community's most high-profile attack.

    In his remarks, Crypto moved to separate his actions from those that were taken by Silk Road 2.0 at the time, noting that he would not blame "transaction malleability" for the issue and that he now sympathizes with the situation that the site's lead developer Defcon faced at the time.

    Silk Road 2.0, however, has since been able to rebound from the event, revealing in late May that more than 80% of the customer funds stolen in the attack had been repaid.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about