Home » Articles » Alleged Silk Road 2.0 Hacker Doxxed!?

Alleged Silk Road 2.0 Hacker Doxxed!?

Well this is an interesting turn of events, Silk Road user Oracle (that you probably remember from the moderators arrests psy-ops) just posted a full doxx of the alleged silk road 2.0 hacker, explaining the story behind the hack and posting the entire personal details of the hacker including name and full living address, giving him a chance to return the money before something bad happens, this post was deleted in less than an hour, but during this time many people had the chance to screenshot the post and copy it, one of them provided us the full text of the doxx, we have of course blacked out all personal details from this post made by the Oracle:

(Thanks to the user who provided us with the text, who wished to remain anonymous)

Is this real or just another attempt to spread disinformation to divert the attention from the real people who stole the money?  You decide. (Our notes in red for those of you not familiar with all the names)

=====Start Quote====

*Mods please do not delete this, I don’t give a fuck about anti-doxxing policies and I’ve worked very hard, paid out of my pocket and have open myself to exposure to put this thieving fuck on blast*

Everyone else: quote and take a screen shot immediately incase this gets taken down

“Pritel” – real name: PXXXXX LuXXXX
Address: 6.XXXXX PXXXXX, ŽXXXXX – PXXXXX (XXXXX Republic)

Hey XXXXX, hows it feel reading this? Panicky? I won’t ask you or enter a dialogue XXXXX, but I’m going to insist you contact Defcon (Silk road 2 admin) or one of the moderators and arrange to pay back the money. Or ask them for an address and if by magic the funds show up, you’ll probably live out the rest of your life relatively healthy. If not.. there’s people who’s money you’ve taken who will probably make you wish you were in hell. Understood XXXXX? Fuck you and your ratfuck thievery.

I’m going to keep this short. Stexo (Known money launderer used to be active on SR1, suspected of being DPR2) had given laundering advice to some XXXXX during SR1, who were also shopping around code they “claimed” to have breached or obtained from Gox and Btc-E. Don’t know if they’re legitimate devs or just malicious fucks, and it’s irrelevant at this point. SR2’s initial back end and engine was coded by one of these guys on contract, “PXXXXX”. Libby had thought it would be useful to farm out some of the initial development of SR2 to one of the XXXXX devs and asked fucking stexo to make an introduction. Lib (Libertas – One of the arrested Silk Road forum moderators)  introduced PXXXXX to Defcon in October, and he did whatever initial development he was paid for. Before the site went live his contract was up and Defcon and party took control of the admin stuff. Most likely this is the reason for the initial spotty site access in the initial days – Def just didn’t understand a lot of the code and kept fucking around with it.

A VERY reliable source has confirmed to me unequivocally that PXXXXX (PXXXXX LUXXXXX) has been bragging that he hit Bitstamp, SR, and Gox with DDoS, flooded them with mutated transactions, and even made a fortune. TL;DR – XXXXX former contractor used the transaction malleability media hoopla (WHICH CAN NOT BE USED TO STEAL COINS) as a cloak to break in and steal. His initial development work probably worked as an advantage, or he kept a clone of the security methods, I don’t know – but PXXXXX LUXXXXX is now THOUSANDS OF BTC RICHER THEN HE WAS A WEEK AGO.

Libertas should NOT have recommended this piece of shit solely because they were previous clients of stexo’s. And stexo is not an authority on developers or computer security just because he once advised him and his merry band of XXXXX bottom feeders on how to launder their BTC.

All of this initial incompetence brings us to a hack/heist of millions of dollars. Un fucking believable, and un fucking acceptable.

I’ve tried my best to present as much facts as I could obtain, and believe me I have spent my own time, energy and funds getting this information and putting the pieces together. IF THIS POST IS DELETED, I will REPOST IT FROM DIFFERENT ACCOUNTS EVERY HOUR OF EVERY DAY AD NAUSEUM.

6.XXXXX PXXXXX, ŽXXXXX – PXXXXX (XXXXX Republic) .. how do you feel buddy? Didn’t expect this huh?

Anybody in PXXXX or around this area.. I can’t advise you on what to do, but..use your imagination.

Oracle
=====End Quote====

By the time we posted this, it was already published on the Silk Road Sub reddit as well and will probably gets deleted soon. some users were quick to react and offering to go and check the address for themselves:

reddit

We can only hope this will end well.

Now we will still be following the forums as it was told by the Oracle that he will keep posting this again and again until all the stolen funds are returned. the most interesting question is if this will lead to some of the money being returned or now, we will update as we will have more information.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

12 comments

  1. just to be curious… Do we, as buyers and sellers at Sr even have a Chance to not belief what the stuff says ? I mean… I wouldnt be wondering if this Bombardement of Facts that brings the SR staff into a better light would not stop until the last one on the marketplace belief it.

    • could you please re-phrase your comment in English, so that we can all understand?

      • Im sorry, I meant that I think the staff wont stop releasing new topics untill even the last rumors will be quiet. Eventhought it seems impossible for anyone to find out wether they tell the truth.
        I guess they will just flood the community with so much informations towards this Situation that in the end everyone will believe them, even without any proofs.

        This is what already started to happen in my opinion.
        If you compare the Situation now, to the Situation after the first post of defcon in which he first mentioned that all bitcoins were stolen, there is actually not more transparent Information than at the beginning of this issue.
        Im just asking myself why the majority of People thought it was a scam by SR itself after the first post of defcon was released, but now, after several more relesead Posts it seems like the majority believes what they are saying. I can not understand how this Situation has changed so fast, because I can see no reason why the doubts about defcon and sr staff should be getting smaller now, since there are no Facts released so far.

        I hope it is more understandable now ;)

        • I understand your post. You are saying that you think that SR are just creating more information out of thin air, to continue the smokescreen of fraud that they may have themselves perpetrated.

          A reasonable view. Alternately, it is also reasonable that SR are telling the truth although it is very difficult to match their behavior with what one expects that people who are shocked and panicked would actually do i f they were genuinely shocked and panicked.

          You are concerned because you think that people are falling for this line.
          I can think of two reasons why this is not quite the case:

          1. On the SR forums, there are people who believe that Defcon et al were honest, but these people are more likely to be
          a) victims who have lost a lot of money, trying desperately to believe that there is hope, and/or
          b) reasonable people who nonetheless are under the illusion that if they trusted someone for a long time, that the person would not betray them as part of an evil plan.

          2. On the SR forums, it is not possible for people to add posts if they are new registrants. This means that it is much easier to create threads where all the posts are very ‘believing’. So an unacquainted outsider would think that everybody believes the admins, and follow suit by virtue of conformity psychology.

          Only when the money is returned can any credibility be given to any story. And even then, people would do well to examine the story behind the recovery. Until then, the story behind the ‘chase’ is like writing a book with no ending. You can say what the hell you like, and people will read on as long as they have the slightest reason to do so.

  2. Improper subject verb agreement is a very common weakness amongst people who use English as a second language. Ie.,I guess they will just flood the community with so much informations towards this Situation that in the end everyone will believe them, even without any proofs.

  3. The doxx reported on SR forum, topped by this hype-happy PR from ddw, is more gunk and FUD to stir the pot.

    SR2 is darknet’s topix, itself a weak imitation of the original market. SR2 is full of mutants and trolls. They will get the LE attention they surely deserve soon. Bulls-eye!

  4. I’ve been blaming Defcon for this all along, but now I’m convinced he’s innocent. It WAS an inside job, but by a developer. I’m pretty sure this Doxx is right-if that first name is either Phibo or Phibbo.

    Two days before SR2 went down, my facebook was hacked so that somebody called “Phibbo Bit” could send me a message, absolving himself of the blame for Mt Gox, for whom he’d been a developer. Earlier on this day, I tracked down the wallet doing the Ddos spamming, which had a link to a bitcoin microgaming website (which was hastily removed to make it anonymous) and outed it on a Facebook bitcoin forum.

    Without accepting a facebook friend request, a panicy-sounding Phibbo Bit was somehow my friend and able to message me. Its too long to copy and paste here, and his account disappeared, but the forum administrator managed to save a copy. We both agreed that this guy had “done” Mt Gox.

    Two days later, I was asked to do a day’s forensic work on behalf of some British guys you don’t say “No” to. I was already familiar with Silk Roads main wallets because when Defcon couldn’t find the escrow, I found it for him on Dec 24th and marked it with a 666. Again on Dec 31st.

    Finding the $2.7M took a couple of hours. But I was troubled. I kept finding SR-related cash piles that had been assembled and immediately marked with a 0.000777 BTC payment from a wallet. I saw it again and again

    The wallet, https://blockchain.info/address/12Nxd2X12WZeYSjUcbtm5NpS3d81Yh8sKh

    has about 120 “777″ payments, obviously to keep track of where he was stashing this HALF A BILLION DOLLARS of bitcoin. He also made a number of 0.1 payments (possibly to differentiate between silk road booty and Mt Gox swag).

    And I don’t like that he was using a technique that I developed for good, to do something bad.

    So I 666′d his android phone “tracker” wallet.

    It fits in perfectly with the story above. DeepDot, I don’t use the word “hero” lightly. But you are probably the greatest hero in world history

    • The name on the Doxx was not Phibbo or Phibo, I won’t repeat it but I’m sure its still somewhere on Scam Road forum if you are really interested

  5. Here is the mad message I received, completely out of the blue, on Feb 11th

    “Some background: MtGox runs custom wallet software.

    This is a reasonable and common practice for a service of its size and nature.

    Getting a wallet implementing right isn’t easy as there is very little room for error, much like the rest of the Bitcoin system.

    Some have criticized their use of custom software here but it is a reasonable and common practice for a service of its size and nature. The reference client’s wallet is basically suitable for small scale single party use. I would not recommend something like MtGox use the reference node wallet, at least not without a healthy layer of abstraction on top of it— relieving it of duties harder than key management and chain monitoring— or otherwise improving it greatly.

    (For that matter, MtGox’s wallet software has caused them fewer concerning problems than some other companies. (E.g. some have completely re-implemented the Bitcoin protocol, incorrectly, and exposed it to the outside world and suffered numerous local blockchain rejecting glitches). Though its certainly taken Gox a fair amount of time to sort things out.)

    I first heard people reporting stuck transactions back in ~September. I looked into it and determined that Mtgox was spending immature coins. Freshly generated Bitcoins (from mining) can not be spend until they are at least 100 blocks deep in the blockchain. This prevents the funds from vanishing forever if the chain reorgs. I pinged magicaltux and after a couple tries got a hold of him. I think they also wasted some time on dead ends trying to resolve this before the actual nature of the problem was brought to their attention, e.g. raising their transaction fees with a mistaken belief that their fees weren’t high enough.

    Mtgox wasn’t tracking if the coins were freshly generated or what their height was in their software. Including this data would apparently be a non-trivial change, and for high risk finance software even a trivial change takes a lot of work. I suggested a workaround (basically, just try to spend the oldest coins), and as far as I know they implemented it and it was effective.

    They continued to have problems with stuck transactions after, and further analysis revealed that they were producing transactions with excessively padded signatures. A minor tangent is required here:

    There is a design flaw in the Bitcoin protocol where its possible for a third party to take a valid transaction of yours and mutate it in a way which leaves it valid and functionally identical but with a different transaction ID. This greatly complicates writing correct wallet software, and it can be used abusively to invalidate long chains of unconfirmed transactions that depend on the non-mutant transaction (since transactions refer to each other by txid).

    This issue arises from several sources, one of them being OpenSSL’s willingness to accept and make sense of signatures with invalid encodings. A normal ECDSA signature encodes two large integers, the encoding isn’t constant length— if there are leading zeros you are supposed to drop them.

    It’s easy to write software that assumes the signature will be a constant length and then leave extra leading zeros in them.

    In order to eventually remove this malleability flaw we’ve been gradually tightening the rules that govern what transactions nodes in the network will consider valid when they relay them or mine them. In Bitcoin 0.8— after months of work chasing down software authors to get them to fix their bugs transactions with these invalid encodings were no longer relayed.

    This caused some problems for a few things.. For example bc.i’s iphone app— BC.i itself had been fixed long before but they couldn’t update the Iphone app without fear of triggering another review by Apple. Eventually this was just worked around on the server side by mutating the transactions produced by the iphone wallets. (And is moot now, I guess!).

    MtGox also had problems with occasionally producing invalid signatures. This would normally be a simple fix. E.g. here is an example where I fixed this type of issue in some python wallet code I’ve never used (but saw a lot of people were copying): https://github.com/…/4c64603ab60b0fa23c51090b3112be2f16…

    But as I said before, in high value systems like Mtgox, even simple fixes aren’t simple and it took them quite some time to deploy a fix. However, I believe that it is actually fixed now.

    My current understanding and inference is that the remaining issues are because while MtGox was producing transactions of the bad form that the network won’t relay anymore— some people decided to help out by ‘fixing’ these transactions like BC.i did for iphone users— making the signatures normal and broadcasting them. Of course, the new transactions— while functionally identical— have different TXIDs.

    The difference here is that the MtGox wallet software appears to have not handled this case gracefully at all, and apparently simply wouldn’t notice transactions that it “didn’t make” spending its own coins.

    As a result the Mtgox wallet believed some coins were available for spending which really had already been spent and it began double spending those inputs. This may have interacted particularly poorly with the earlier workaround I mentioned— trying to always use the oldest available coins— if they did implement that workaround.

    Worse, some of this may have resulted in users getting paid multiple times and could have been intentionally triggered with that end in mind if someone helpfully fixed some transactions and then noticed they got paid twice. (I think this is unlikely to have caused large losses, before people run off worrying about that, both because of the reuse of the oldest inputs and because of the hot wallet/cold wallet split).

    At this point they likely have an accounting mess to clean up— figuring out who did and didn’t get paid now with none of the txids matching. Cleaning that up will be somewhat tricky E.g. say there were three payments of MtGox coins to 1Apple in the block chain… and three users that attempted to pay 1Apple, and MtGox’s records thinks that only one went through.. etc. So software will have to be written that matches up transactions with their mutants in order to figure out what went where.

    I am not personally concerned— at least not by any of the details here. MtGox’s slow speed at resolving these sorts of issues and poor communications are not terribly inspiring. They seem to be horribly short staffed— but competent and trustworthy people in this space may be hard to find: The regulatory morass of that business is sure to make many steer clear.

    The claims that the delays indicate insolvency strike me as just hysteria: the technical background doesn’t support this conclusion, and there may be a bit of opportunism at play from people who want to manipulate the market too. Don’t get me wrong: I have not seen their books: Gox may well have financial problems— though with their income its hard for me to see how— but if any problems like that exist they’re not being indicated here.

    Of course, none of this suggests anyone should be happy with the service MtGox has been providing, but our anger should at least be well informed.

    February 11 at 2:02am ”

    (that wasn’t the UK time, it is from a copy saved by another recipient)

    I still think Defcon is full of shit, with his “we will prevail” our community shit. But I don’t think the boy dunnit.

  6. This place really is the shit!!! Sorry for everyone who lost money :(

  7. Keep the articles on the darknet coming deepdot! Good reading for,everyone

  8. so it turns out it was all bullshit, who would of thought people lying on the internet, well done for putting a money launderer (stexo) in charge of it all, somewho spends all his time hiding money from other people just the honest person you need running the sr show, i hope stexo falls hard into a jail cell

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>