Black Market Cannabis Road Hacked, $100k in Bitcoin Lost
The future of online black market Cannabis Road is now uncertain after $100,000 in bitcoin was stolen by hackers.
Cannabis Road is now offline after suffering from an attack that saw hackers abscond with 200 BTC or roughly $100,355 at press time.
Users who attempt to access the online marketplace dedicated to cannabis products are now presented with a message from lead developer 'Crypto' detailing the attack and the potential paths forward for the development team.
Crypto writes that he discovered the theft at roughly 10:15 AM UTC, after logging into Cannabis Road's bitcoin wallet and noticing the balance was near zero.
He recalls:
The developer goes on to reveal the bitcoin address allegedly holding the stolen funds, before asserting that he does not yet know how the money was stolen.
Crypto concludes his message by issuing an apology to site users while expressing his current uncertainty over whether the project will be able to continue, adding:
Multisig employed
The success of the attack is particularly notable given that Cannabis Road had moved to integrate safeguards aimed at better protecting user funds through multi-signature technology, an evolution of the traditional wallet offering that introduces an arbitrator to the transaction process.
In a May interview with DeepDotWeb, Crypto indicated that Cannabis Road was using a hybrid version of multisig, however, in part to make the technology easier for its customers to use.
At the time, he indicated that Cannabis Road had added three levels of multisig in response to a rise in attacks against illicit websites, explaining:
Two more advanced levels were added on top of this service, both of which put restrictions on the situations in which users would be asked to send their private keys.
Transparency promised
Crypto also promises Cannabis Road users that he will share information on the attack as it was discovered in order to provide more information to the broader deep web community.
Further, he estimates the damage of the attack to be significant for the online marketplace's brand, suggesting that whether it continues to exist will be up to the site's community.
Crypto wrote:
Notably, the site had suffered an early hack under the care of a previous developer in February. Though no funds were stolen in this attack, the incident did result in a leadership change, with Crypto taking the role of lead developer for the site.
The setback is the latest for the deep web's illicit online marketplaces, which have been the target of a number of attacks so far this year.
Silk Road 2.0 suffered a significant hack in February during which it lost more than $2.6m in bitcoin in what was perhaps the community's most high-profile attack.
In his remarks, Crypto moved to separate his actions from those that were taken by Silk Road 2.0 at the time, noting that he would not blame "transaction malleability" for the issue and that he now sympathizes with the situation that the site's lead developer Defcon faced at the time.
Silk Road 2.0, however, has since been able to rebound from the event, revealing in late May that more than 80% of the customer funds stolen in the attack had been repaid.