Home » Articles » Preventing the Next Multi-Million Dollar Theft
Click Here To Hide Tor

Preventing the Next Multi-Million Dollar Theft

Guest Post By Nadav Ivgi – Founder of Bitrated  (Our previous interview with Nadav can be found here)

This week, a huge story broke about yet another “underground” marketplace that ran away with all user funds in escrow. Evolution, one of the biggest underground marketplaces, has now shut down after their admins pulled off one of the biggest heists to date – currently estimated between 40,000 BTC and 130,000 BTC (12 to 35 million USD).

This is not the first time this has happened and unfortunately it probably won’t be the last, unless the Bitcoin community establishes (and enforces) more secure payment methods that don’t involve trusting centralized entities to hold large sums of money in escrow.

But all is not lost. A solution has existed in the Bitcoin scripting language for quite some time now, in the form of arbitration contracts based on 2-of-3 multi-signature transactions. Multi-signature was standardized as BIP 11 back in 2011, with one of the early references to the potential usage for arbitration contracts made by Mike Hearn at his Bitcoin London 2012 presentation.

With multi-signature, a trusted third party can be nominated by the buyer and seller, giving him the authority to resolve disputes and decide which party is right and should receive funds in case of dispute. The third party arbitrator does not hold funds in escrow and does not control them, and therefore cannot “run away” with them either.

And yet, despite repeating incidents that have shown the weaknesses of escrow, these solutions are still not widely used. The majority of marketplaces today (both “hidden” and “clear-web” ones) still rely on a standard centralized escrow, or on direct buyer to seller payments that provide no buyer protection at all.

Fortunately, Bitrated is here to change that.

Bitrated is a trust platform for the Bitcoin ecosystem. Originally launched at the end of 2013, it utilizes a payment system that facilitates the creation of 2-of-3 multi-signature contracts for the purpose of third-party arbitration, as well as a marketplace for arbitrators that wish to offer their services in exchange for fees.

Bitrated, was recently re-launched as Bitrated v2, a completely new codebase rewritten from the ground up to replace the old system, with a strong focus on ‘reputation’ as the foundation of the system, as well as improved usability and user experience.

Bitrated builds a layer of trust on top of Bitcoin and blockchain technology, using three primary components:

  1. Payment system – Providing consumer protection and recourse for Bitcoin payments, by leveraging multi-signature transactions. This gives users peace of mind with their transactions, knowing that they can appeal to a trusted entity in case of dispute – but without running the risk that the trusted party would run away with the funds.
  2. Reputation management system – A system that allows individuals and companies to build their online reputation and check the credibility of others, based on ratings, a web-of-trust network, and by extracting metrics from the user’s online persona. Identities on Bitrated can remain pseudonymous, or, as an opt-in, attached to a real-world identity.
  3. Trust marketplace – A marketplace for arbitration services where trust agents can compete for customers by providing quality dispute resolution services, utilizing their domain expertise, building a reputation and offering competitive fees.

The aim of Bitrated is to provide an infrastructure-level platform for other services, like marketplaces, wallets and exchanges, to build on top of. Our API is currently partially available, with more features due to be rolled out in the coming months. We’re currently gathering use-cases and requirements from API partners – if you want to help us design APIs that match your specific needs, please don’t hesitate to contact us.

One of the primary design goals for the Bitrated v2 system is to make it as trustless as possible. While it is operated as a web service, everything is backed by public-key cryptography. Each identity is represented by a public key, which is used to sign statements and actions made by the user, such as contracts, ratings and profile data. This means that even Bitrated itself cannot post ratings on behalf of users, or claim that they agreed to a contract that they didn’t agree to.

Needless to say, all private keys and cryptographic operations are managed using client-side technology. Private keys never touch our servers, not even in encrypted form. Bitrated cannot touch user funds, sign transactions or intervene in the arbitrator’s decision. You can read more about our security on the security page. If you’re a security researcher, we welcome security audits and offer a bug bounty program.

Bitrated just re-launched recently and are eager to hear the community’s feedback. If you have any ideas, suggestions or questions – please reach out to us!


  1. Hey everyone, Nadav from Bitrated here. Happy to answer your questions!

    • Argonaut

      Hello, I am a researcher interested in bitcoin and crypto-currencies in general. I was wondering if I could ask you a few questions about your developments and the development of crypto-currencies in general? Could you send me an email address where I could contact you so that we could take?
      Thank you!

    • Eli S.


      What is the main criteria for giving an arbitrator or a seller a better rating? What advantage does your business model have over ebay seller ratings/arbitration?

      • Hey Eli. Thanks for the excellent questions!

        The rating system is currently based on three primary factors – reviews, vouches and linked accounts. Since the reputation system is very new, its currently skewed toward giving a lot of weight to the linked accounts, which we’re using to initially bootstrap the reputation engine. Over the long term, we anticipate that reviews and the web-of-trust network would become the dominate factors.

        I would say that the main differentiation from eBay-like rating systems is that Bitrated is not coupled to a specific service, but is rather a platform that’s offered as a common foundation for many different services to build on top of. This allows users to carry their reputation between different marketplaces and services, instead of starting from a blank sheet each time. Another interesting aspect is the linked accounts system, which allows users to leverage their existing online persona and past internet activities into measurable reputation.

        In regards to arbitration, Bitrated is unique in that it enables a competitive marketplace for arbitration services to develop according to the market’s demands. This model is much more transparent, accountable and adaptive than the solutions available today in the traditional financial system. We believe that a free-market economy can produce dispute resolution services that are more innovative, comprehensive, fair and cost-efficient.

    • I was excited about your service until i saw your site relies heavily on java script. any future plans to replace the java script?

      • A service like Bitrated cannot function as a secure web-based service without client-side JavaScript. We heavily rely on client-side JavaScript for key management, digital signatures and transaction creation/authorization. Doing all of that without trusting a third party to manage your keys for you requires a rich client-side environment.

        The alternative way to offer a secure service is to provide a local program to run as the client, instead of using the web browser. This, however, would expose users to a much greater privacy risk. If the distributed executables are controlled by a malicious actor, he could almost certainly break the users anonymity. Compared to that, the potential risk and chance of deanonymization due to JavaScript execution are slim to none, especially if users make sure to keep their browsers up-to-date to protect against new discovered vulnerabilities.

  2. Hi

    As you surely know, in darknet marketplace many transactions that can be considered illegal worldwide happens everyday. In case of dispute between a vendor and buyer, your customer agents will be provided of information regarding illegal activity. How you going to deal with this ?


    • First of all, it is important to note that Bitrated itself does not provide any arbitration services or agents. Instead, we operate a marketplace with the aim of creating an open & competitive environment for agents to offer their arbitration services on. It is important to remember that each agent has its own dispute resolution process, a local legal jurisdiction and regulations to adhere to, and his own preferred/accepted areas of work.

      In regards to the legal question – like any other business, Bitrated must comply with competent law enforcement agencies when required to by law. While we do not actively monitor transactions, we do forbid conducting illegal transactions on the Bitrated platform and will have to remove such if they’re reported to us. You can see section 4 of our ToS for more details.

      It is also important to remember that Bitrated does not hold any keys and does not control any funds. Users can always create their multi-signature private keys themselves based on the account’s password alone, and sign transactions using a different client.

  3. Are you in talks with any Tor marketplaces at the moment?

  4. Fine. Dont publish my question. I wont be back to this publication.

  5. Say there’s an issue with a transaction, both sides gotta tell the Trust Agent the nature of the business they conducted. If this transaction was made on a DNM, wouldn’t any of them care that the transaction was about (in most country) illegal goods?

    And those conversations between Agents and parties plus the transaction details (including BTC addresses) are stored client-side correct? That way hackers or LE (eg due to a seizure) couldn’t trace anything to a real person even if they wanted to?

    Honestly, I doubt a lot of DNM people are going to use the service, even after the latest catastrophe that was Evolution. Evo offered multisig too, but still nearly everything was in traditional escrow. Unfortunately even if a buyer is able and wants to do multisig (for most it’s too complicated anyway, even though your site is a good step to make its use easier) there are very few vendors who offer it. A lot of them prefer FE as soon as they can (for a vendor there’s no disadvatage in that) and even now, after so many market and even more vendor scams, people still stick with the traditional escrow system which already failed us so often. What’s your take on this?

    And btw, is your site still using JS?

    • In regards to the legal/jurisdiction question, see my answer at http://www.deepdotweb.com/2015/03/20/preventing-the-next-multi-million-dollar-theft/#comment-589068

      Regarding trade data – no, data is kept server-side on our database. This is a change from v1 that was required to enhance the usability and allow users to list, filter and store trades directly on the web interface. In v1, we were unable to even display users a basic list of their active trades. This decision definitely had a security/usability trade-off, but one that we deemed necessary.

      But not all is lost. We plan to add end-to-end encryption using the SIN ECDSA keys (using ecdh-es, an encryption library we’ve been working on) to prevent us from seeing the contents of private communications. The crypto behind this still needs some review, so it might take a little while. Until we do implement this, I would advise users to avoid storing highly sensitive information (like trade secrets, patents, NDA-protected materials, attorney–client privileged information, etc) on our servers, and instead just provide us with the hash of an external contract, or with a unique ID reference to an external orders system.

      We are indeed still using JavaScript. See my response at: http://www.deepdotweb.com/2015/03/20/preventing-the-next-multi-million-dollar-theft/#comment-589063

      Using JavaScript and offering a slick web interface with an easy-to-use point-and-click GUI, while not compromising on security, could go a long way to helping multi-signature gain mass adoption. The ecosystem didn’t really provide tools to make multi-signature arbitration accessible and friction free, which we hope to now change.

  6. Forgive my ignorance, but where do the funds go after completion of the transaction? Straight to seller? Then, if a dispute finds the buyer in favor, how do funds get returned?

    • With multi-signature, the payment process becomes a two-step process – hold & release. The buyer starts by making a deposit into the 2-of-3 multi-signature address (the “hold” step). The seller can see that the payment for the goods was put aside and is secured in the multi-sig, and delivers the goods to the buyer. Then, with the agreement of two of the three parties, the funds are released to the buyer or refunded to the seller. (the “release” step)

      Once the release step is executed, the payment becomes irreversible. Any dispute that arises is expected to take place while the funds are still locked in the multi-sig.

  7. Hi, you mentioned illegal trades are against your TOS, so if a drugdealer wanted to use your service all someone would have to do get his account removed is report him correct?

    What does your service offer over openbazaar, which is both a abitrated multisig marketplace and reputation system, but is also decentralized, and therefore cannot be compelled by the courts?

    • I touched on that subject in a previous comment on Hacker News. Below is the reply from there:

      Great question. Yes, Bitrated is indeed centralized, but strives for a model that requires putting as little trust as possible on the service operator.

      For example – user reviews, contracts and profile fields are signed with the user’s ECDSA key, to make it possible to independently verify its authenticity and prevent tampering by third parties (or even by Bitrated itself). All the information is also freely available via open APIs, to make it easily archivable. User funds are fully recoverable in case Bitrated shuts down.

      I would say that many of the benefits that can be gained from decentralized technologies can in fact also be achieved by using standard cryptography and leveraging the blockchain technology in smart ways. We have some interesting plans in regards to that.

      We expanded more on that here:



      We choose that route because building a decentralized solution requires a lot of additional resources, effort and time, and we believe that the Bitcoin ecosystem needs to have a working solution today. But we’ll definitely be considering an even more decentralized approach as the technology evolves.

      I also touched on some of the security considerations and the current shortcoming of our model at a previous comment on Reddit.

  8. I’d like to get a BTC MasterCard. The ones listed on this site seem a bit dodgy can anyone recommend one? The idea would be to get paid in Bitcoin and then use a bitcoin Master Card or Visa to withdraw funds.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *