Silk Road 2 says it has been hacked resulting in the loss of all its customers’ Bitcoins.
An administrator for the anonymous online marketplace said hackers had manipulated computer code enabling them to withdraw $2.7 million worth of the virtual currency.
It follows similar attacks on two exchanges that trade in Bitcoins earlier in the week.
Silk Road 2 is known for selling drugs and other illegal items.
The site is only accessible through Tor, a network that allows users to browse anonymously online. The virtual currency Bitcoin is often used in transactions as it also grants users a degree of anonymity.
The original Silk Road site was shut down by the FBI in 2013 but those behind it said they would start a new site and shortly afterwards Silk Road 2 appeared online.
In a statement posted on Silk Road 2 forums, the administrator of the site, known as Defcon, said: “We have been hacked.”
“Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker.
“Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as <<transaction malleability>> to repeatedly withdraw coins from our system until it was completely empty,” he said.
Silk Road 2 says it has been hacked resulting in the loss of all its customers’ Bitcoins
Transaction malleability involves someone changing the cryptographic code – known as a transaction hash – used to create an ID for the exchange of funds before it is recorded in the blockchain – a database of every transaction carried out in the currency.
This method can result in the system thinking a transaction has not been carried out when it has and therefore repeatedly paying out Bitcoins.
The two exchanges hit by attacks earlier in the week, MtGox and Bitstamp, had suspended transactions to prevent it happening again.
Defcon admitted that Silk Road 2 should have done the same.
“I should have taken MtGox and Bitstamp’s lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too skeptical of the possible issue at hand,” he said in the forum posting.
On CoinDesk, a news site for digital currency, Danny Bradbury an expert on Silk Road, said that Bitcoin-based sites should put “Bitcoins under management in cold storage (i.e. stored offline) so that they could not be stolen by online attackers”.
Defcon said that all its customers’ Bitcoins were being stored online because of planned relaunches of some of the site’s features.
“In retrospect this was incredibly foolish, and I take full responsibility for this decision.”
Despite Defcon denying that he had “run with the gold”, several Silk Road 2 users questioned whether the operators of the site were involved or covering for people involved.
The site said as a result of the attack it would no longer host “escrow wallets” – an account where Bitcoins are held until goods ordered are delivered.
The chief executive of the company that runs the MtGox bitcoin exchange was confronted by an angry customer at the company’s headquarters in Tokyo this week.
Kolin Buges, a bitcoin trader from London, said he had travelled to Japan as he was unhappy at MtGox’s explanation for its recent problems on the site which prevented customers from making withdrawals.
He had 250 Bitcoins, worth $155,000 in his MtGox account.
“I want to get my Bitcoin back, or get MtGox to bring back public confidence that the company is solvent and people’s money [is] safe,” Kolin Buges told the Wall Street Journal.
One Bitcoin is currently trading for around $620, significantly lower than the $830 level it was at before news of the various attacks broke.
Bitcoin’s value has topped $1,000 again after social gaming firm Zynga said it would start accepting the virtual currency as a payment option.
Zynga is perhaps the most significant video games firm to accept bitcoins to date.
The virtual currency has been gaining in popularity but its value has been highly volatile in recent weeks.
It peaked at $1,250 in November last year, but fell sharply in December after China restricted trade.
According to the South China Morning Post, the value of a single Bitcoin fell to as low as 2,560 yuan ($421) in December, after China’s move.
On Monday, a single Bitcoin was trading close to $1,030 on MTGox, one of the virtual currency’s major exchanges.
Zynga follows Ouya, the Android-based video games console-maker, which began accepting payments for its hardware in bitcoins last month.
Zynga is the most significant video games firm to accept bitcoins to date
The Humble Bundle – an organisation selling a changing selection of indie games – also began accepting bitcoins in 2013.
Supporters of Bitcoin, which is not backed by a central bank, have been pushing for its increased usage.
Its popularity and value surged last year after a US Senate committee described virtual currencies as a “legitimate financial service”.
Zynga said it had tied up with BitPay, a Bitcoin payment service, to allow users to purchase virtual goods in some of its games using the facility.
“In response to Bitcoin’s rise in popularity around the world, Zynga, with help from BitPay, is testing expanded payment options for players to make in-game purchases using Bitcoin,” the company said in a post on Reddit.
Concerns over the use and risks associated the virtual currency have also grown.
Bitcoin became popular, in part, due to it being difficult to trace transactions that use it. The currency has been linked to illegal activity online.
Last month, the European Banking Authority warned the public about the potential risks of using bitcoins.
“Currently, no specific regulatory protections exist in the European Union that would protect consumers from financial losses if a platform that exchanges or holds virtual currencies fails or goes out of business,” the EBA said.
China, the world’s second largest economy, has also banned its banks from handling Bitcoin transactions, saying they had no legal status and should not be used as a currency.
At the same time, there have been concerns that the rise in Bitcoin’s value has been triggered by speculators looking to cash in on its popularity.
Alan Greenspan, former Federal Reserve chairman, has called the rapid rise a “bubble”.
A new virtual currency inspired by Kanye West is set to be launched, and has been dubbed Coinye West.
The rapper is not involved and has yet to comment on Coinye West’s inception.
Coinye West will follow in the footsteps of Dogecoin, another virtual currency based on the popular Doge meme.
The value of Bitcoin, the most famous virtual currency, peaked at over $1000 at the end of 2013, but is currently worth around $850.
Various alternatives to Bitcoin have sprung up, such as Litecoin, Namecoin and PPCoin.
Virtual currencies are often linked to the purchase of illegal items, namely drugs, thanks to transactions being extremely difficult to trace.
However, more humorous currencies like Dogecoin are used for more tongue-in-cheek transactions.
One user, posting on Dogemarket, a section on popular link sharing site Reddit, offered Dogecoins in exchange for ideas to name a company.
Coinye West will be launched on January 11
“I thought the whole Dogecoin thing was interesting,” said Jeremy Bonney, from virtual currency news site Coindesk.
“It grew into something somewhat legitimate. There are people that genuinely believe in it out there.”
The makers of Coinye West have lofty ambitions for the currency which they described as a “cryptocurrency for the masses”.
Speaking anonymously to music site Noisey, they said: “I can picture a future where Coinye is used to buy concert tickets, with cryptographically verified virtual tickets, and other ideas I can’t give away just yet.”
They said they planned to give away a number of Coinye to early users when the currency launches on January 11.
“It will get people who are on the fence interested and help them to start using the currency, and we hope they’ll share it with their friends, too.”
However, one Bitcoin expert urged caution in investing in new virtual currencies that were as yet untested in public use.
“There’s been a number of people who have put out ‘joke’ currencies in the past,” said Johnathan Turrall, chief technology officer at Metalair, a cryptocurrency start-up based at the University of Sussex.
“There were some coins in the past that seemed to be a <<pump and dump>> operation.
“In one case, the original developers launched on obscure websites, but when they took it mainstream, and the price spiked, they sold up and disappeared. Estimated earnings in one instance were $800,000.”