Its been a while since last time… But it appears that East India Company – One of the newer markets, got hacked, homepage now displays this message:
East India Company is currently offline
The hidden service is either under maintenance or undergoing routine migration to a new location.
A Spanish merchant named laBoliviana has found an exploit and decided to abuse it to empty the hot wallet, stealing over 30 Bitcoin. We are in the process of investigating the incident to determine the bug used.
We will not relaunch the service until the cause has been determined and we implement a new 100% multi-signature escrow system.
We will provide more details as we continue our investigation.
We apologize for the software failure and we promise will cover the all the loses suffered once we return.
We ask you LaBoliviana that you reconsider your decision. If you like to do the right thing LaBoliviana and return the money taken from honset merchants simply trying to provide safe access to drugs during prohibition return the bitcoins back to:
Update: We have determined the bug was in the escrow system from a previous modification. The servers were not accessed by the attackers and no private data was lost. The attacker used two accounts one customer named nukleus and a merchant account named laboliviana to drain the wallet using this bug in the escrow system. More details we continue our investigation.
If you would like to report the bug, receive a bug bounty and earn more than you stole you can contact us at: BM-2cXu5vwtGnuaQjWxCCoR3PMabt8yAuCUiV.
General support inquiries should be sent to BM-2cXu5vwtGnuaQjWxCCoR3PMabt8yAuCUiV while we are offline. We will return and we will make sure everyone is repaid, we apologize for the inconvience but we must find out exactly what happened and ensure everything is fixed before reopening.
Update: We have been able to replicate the bug used and we are now working on a patch to correct the issue. We will issue updates here as we get closer to bringing the service back online.
From our previous VAST experience with hacked markets we know its a long shot and can only hope that some users will have their money returned to them.