Posted by: DeepDotWeb December 28, 2013
As you all know, Silk Road 2.0 was on a short Christmas break for the last few days, the new (Old?) admin “Defcon” announced that the market will be back online today.
As a result of last week drama that resulted in the arrest of the 3 moderators and the disappearing of the Silk road 2.0 admin “Dread Pirate Roberts” (V.2) , the current admins came across some unexpected technical problem resulting in the loss of their access keys to the bitcoin wallets holding everyone’s funds currently in escrow (not account balances), unlike what we have seen with the recent scams, the SR admin took the honest approach, telling the users what happened and claimed full responsibility for the situation while coming up with few possible solutions to solve this matter.
All the details are in Defcon’s announcement:
Silk Road Community,
Merely three months have passed since our marketplace’s first incarnation was captured by our oppressors. This was a brutal blow, but we are very proud that such a devastating compromise only resulted in one month of downtime. I chalk it up to an incredible crew surrounded by a fiercely passionate and supportive community.
Our movement’s strength has been tested more in the recent months than across our previous two years combined. I am deeply honored to fight alongside thousands of determined warriors, and fight we will.
This past week our ship suffered major damage.
Three of our crew were lost, and our Captain was forced into exile.
Unfortunately as contingency plans were engaged, an even graver situation reared its head below deck.
Will this be the end of everything we’ve fought for? Will our movement be remembered as a cypherpunk fad, or as an unstoppable force?
I’m here to fight.
But I recommend that you take a deep breath.
The market will reopen on schedule today, at 23:00:00 UTC. Your patience has been appreciated.
Our team has worked tirelessly through the Christmas break, and you’ll be pleased to see several new features implemented when you log back into the market. More features will be rolled out on a daily basis, check the Silk Road Discussion forum for daily updates.
But in order for this community to grow it is important that I remain as transparent as possible.
There is a pressing issue I want to make you all aware of. And I won’t play it down – it will affect many of you.
This is a very hard announcement for me to write. It would be far easier for me to follow in the footsteps of dishonest market owners, and blame this issue on a fictional bug. I now understand the inner conflict they were feeling when they decided to lie to their own communities.
I must be honest. Silk Road was built with integrity, and that means continuing to be honest with the community even if it will trigger severe backlash.
So, here is the issue, followed by our plans to resolve it.
As you know, DPR has been absent for several days now. The good news is that the contingency plan has been followed precisely, and is mostly on track. I hoped to never need to play more than a silent role in this movement, and I am distraught that we needed the contingency plan so early on: roughly forty-five days after relaunch. But let’s be glad the plan was there.
When we began building the Silk Road’s second iteration, we decided that our servers should store as few Bitcoins as possible to minimize risk. The list of marketplaces on the darknet which have been hacked for Bitcoins is far longer than it should be. Lessons haven’t been learned by many administrators.
We implemented a cold storage system similar to systems used at many banks and Bitcoin exchanges. This system stored the majority of user and escrow balances on computers completely disconnected from the internet. Throughout the week, we would transfer funds to/from cold storage to ensure enough balance on on each server for projected daily operations.
It was an attempt to learn from the mistakes made on SR1, to protect your funds in the event of a catastrophic hack or server seizure.
Unfortunately this week we learned that this approach was not perfect, and we again find ourselves in the humiliating position of learning from a fresh mistake.
When DPR disappeared, Cirrus wisely encouraged everyone to withdraw all coins from the marketplace. In the aftermath, I ensured that the servers stayed online for an extra day, and deposited the majority of my personal funds into the server to prevent the balance from going negative as orders were finalized in the withdrawal rush.
The contingency plan worked flawlessly except for one critical failure: When DPR hit his killswitch, I was to receive an encrypted message with the keys to access the escrow cold storage. I am still waiting for it.
I cannot elaborate on the specifics of the killswitch mechanism or the Captain’s present situation, as it will cause more harm than good. We do know for a fact that he has not been compromised or detained by our oppressors, and that he does not hold any information which would threaten any within this community.
After last week’s mayhem, it is now apparent that we have lost ability to unlock the Escrow wallet’s cold storage mechanism which contains over 90% of user escrow funds.
All Bitcoins in users’ balances are available and safe.
But all Bitcoins that were left in Escrow over the Christmas period will be temporarily unavailable.
In other words, if you have funds in escrow, you will not be able to access them yet even once they are released/refunded to you.
I take full responsibility for allowing this foolish single point of failure, and will personally commit to repaying all escrow balances within the next four months by working unpaid. All staff is on the same page with me on this.
To be clear: This does NOT apply to your Silk Road account balance, and it does NOT apply to any funds you deposit to the market (or place in escrow) from now onwards – it applies ONLY to funds that were left in escrow before Christmas.
What Will Happen In The Short-Term
For the time being, coins released to vendors or refunded to sellers from pre-Christmas escrow will be placed in a separate wallet on your account, which we will name your ‘Pending Wallet’.
Balances in your Pending Wallet will be temporarily unavailable for withdrawal until we are able to unlock the cold storage mechanism.
I want to be clear here that this restriction of coins will only be temporary – the moment DPR returns to us, escrow coins will be returned immediately. In the event that he does not return (and I am confident he will), we will be refunding coins on a bi-weekly basis from the commission the market makes.
For every two weeks that pass, we will split our market commission earnings between all users with Pending Wallets until everyone is completely repaid. Vendors and Buyers will receive payouts on the 1st and 15th of each month, starting January 15th.
In the worst-case scenario of DPR not returning, ALL coins will be returned by no later than May 1st, 2014. Until ALL coins are made available once more, ALL staff (myself included) have agreed to forfeit all compensation and commission they would normally receive, instead choosing to offer their salaries back to the community for as long as it takes for all users to receive access to the coins in their Pending Wallets.
A Longer-Term Solution
Two new features have been designed to help prevent this loss from happening again:
1. ‘No-Escrow’ Listings – Vendors will be able to opt-out of the Escrow system by listing items as “No Escrow”. This completely bypasses our escrow system and is a truly free market.
This will allow you to bypass Silk Road fees, and forfeit the safety of escrow to deal with other users directly. PLEASE USE THIS WITH EXTREME CARE AND CAUTION – although this option will waive the Silk Road fee and therefore be cheaper for buyers, it should be approached in the same way as finalizing early.
Vendors: be aware that refusing to offer escrow will most likely drive customers away.
Buyers: please be aware that selecting this option puts you at greater risk – only ever deal directly with vendors you have complete confidence in, and even then, only choose this if you can accept the possibility of losing the money.
NOTE: We will be temporarily charging fees on No-Escrow listings until all Pending Wallets are completely refunded, then this will become no-fee option. Our top priority as a staff is to get the Pending Wallets refunded as quickly as possible, and charging fees on No-Escrow listings may help accomplish this before May.
2. Multi-Signature Bitcoin Cold Storage – We have rebuilt our cold storage process to use multi-signature transactions to make it much more difficult for Bitcoins to ever be lost again. This revolves around a voting system, where multiple admins hold the keys to the wallets. Many other improvements have been made operationally, which we will never disclose. We will also never disclose the size of the admin staff.
No-Escrow will be launching over the weekend, with a vendor-specific announcement. Cold Storage improvements have already been implemented.
A whole new set of features will be announced in a separate thread in the hours to come.
This has been a very difficult two weeks for staff, from the DDoS to our fallen crew. We are growing from our mistakes, and know there will be many justifiably-harsh words directed towards us. To the many out there defending our motives and standing by our side: we will not fail you.
Thank you for sticking together, and welcome back to Silk Road. I wish you all the best for 2014. May it be nothing at all like the last quarter of 2013.
On a personal note: I realize that many of you do not know me.
Trust in the darknet is more volatile than any currency, and it cannot be exchanged. It must be earned personally.
I intend to prove to you that leading this movement forward is my top priority in life, and that I will pour any time and energy necessary into ensuring its success.
You may not always see me here under this name but I am completely committed to ensuring this movement’s immortality.
I take this responsibility very seriously, but don’t trust my words alone. Over the next months, ask buyers and vendors with Pending Wallets if they are getting paid and watch for yourself if I am a man of my word.
While other admins may run away when calamities strike – I’m ready to fight right here alongside you.
May our past mistakes stay fresh in our mind. As often as the sword is sharpened, may we also refine our approach.
The admin also released the timeline the implementation of new features with the re launch of the market:
The server is under extreme load, this community loves to refresh empty pages!
I spent a lot longer time drafting the announcement than expected, so I am pushing back the launch to 23:45:00 to ensure that everything goes smoothly but no promises. Security comes first over meeting deadlines.
Vendors: expect downtime between now and then.
Your patience is appreciated – staff’s stress level has been extreme.
As you have learned by now (perhaps too well), we never rush new features to market. Security comes first. New features are undergoing security tests to ensure there are no vulnerabilities. As they are hardened, they will be rolled out on this schedule unless major problems are found.
Features included in tonight’s release have already been hardened by our security team.
Get excited, this is a huge week for our marketplace, ringing in a fresh new year for our movement.
IMPORTANT: In case you do not read the itemized items below, as of Jan 1st 2014, all order addresses will require PGP encryption! You will not be able to place an order if you do not know how to use PGP. Wake up and start being safe!
Dec 28th at 23:45:00 UTC – Released tonight
Open Vendor Registration
New Vendors can now pay bonds through the marketplace, there is no longer a need to message a staff member.
Old messages have been purged
As per the Security Precautions thread. If you notice messages missing, that is because we place your security above all else.
Users can now delete messages and threads
Each message has a delete link. Each thread has a “Delete all contained messages” link. When both users in a conversation delete all of the messages inside of it, the entire thread is deleted. Until then, deleted messages display with a content of “(deleted)”
Simple Bitcoin Mixer
We have implemented a basic bitcoin mixer which will be constantly rotating user balances and escrow balances. Do not trust this as your primary mixer. Never completely trust a darknet marketplace. Work will continue on making this more advanced, having it peer-reviewed, and eventually a separate product.
Vendors can post Stealth Listings
This should eventually replace the cluttered Custom Orders category. A vendor can create a listing which is only accessible by a custom link. The vendor can share this link at will.
Vendors can enter Vacation Mode
Temporarily disables all listings without deleting them.
Dec 30th at 23:00:00 UTC – Monday Release
Bulk Reply to Messages
Vendors, this one goes out to you.
Option to mandate PGP for inbound messages
If you enable this, all users sending you messages will be required to encrypt their messages.
Launch of new Support System
Too much to explain here, but it is incredible and almost complete. This will allow us to respond much quicker, we realize that support turnaround time has been a huge pain point.
Dec 31st at 23:00:00 UTC – Tuesday Release
Address Field will require PGP Encryption
This will force our community to be responsible. If it hurts sales in the short term but teaches buyers how to be safe – that’s fine with me.
Users can transfer BTC Between accounts
Direct account-to-account transfers with no fees, outside of escrow. PGP authentication is required for this.
Jan 3rd at 23:00:00 UTC – Friday Release
Dispute Resolution Center
Too much to explain, this will get its own post. This has been in testing for weeks, and we are thrilled to release it to the community.
Buyer Stats Page
Vendors can now view buyer stats
Vendors can now update buyers’ feedback, just as buyers leave feedback for Vendors.
The reactions were very enthusiastic and understanding, and in the light of the recent events with many other markets being hacked and owners running away with the users BTC (BMR being the exception), this kind of honesty should not be taken for granted. Much respect to the Silk Road Staff.Updated: 2013-12-28