Online black market Silk Road 2.0 experienced a distributed denial-of-service (DDoS) attack last week, which forced the site’s administrators to temporarily suspend services.
News of the attack broke on bitcoin forums hours after it started, with the Silk Road team soon confirming the news via its own forums.
For reasons that are less clear, black market Agora has faced outage issues problems of its own in the last few days.
Silk Road 2.0 moderator ‘Defcon’ issued a statement saying that the site was facing a “very sophisticated” DDoS attack using the most advanced methods the site has experienced to date.
The moderator said:
“The dev team is working around the clock to get marketplace service restored, as well as watch the security of our systems closely. Much of the downtime you have seen is intentional on our part: if this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defences.”
As the attack continued, Silk Road 2.0 remained offline.
Defcon eventually issued a second update, indicating that the team is trying out different approaches to blocking the inbound DDoS. He stressed that the site is still processing withdrawals, although these have been delayed by the attacks. Silk Road 2.0 is aware that cashflow is very important and the site is therefore prioritising delayed withdrawals, the moderator added.
Defcon ended the update on a defiant note:
“To our adversaries: you cannot stop us. We will overcome every attack.”
Silk Road 2.0 vendors started reporting problems earlier last week, before the site was finally forced to shut down. Despite official updates, the outage prompted a number vendors to raise questions about the impact of the attack.
Silk Road 2.0 was targeted by hackers in the past: last February, the site lost 4,476 BTC to an alleged hack, worth over $2.6m at the time. The attack was blamed on a transaction malleability exploit used by one of the vendors.
The site decided to compensate affected customers and, by late May, it said more than 80% of bitcoins stolen in the alleged heist have been repaid to the victims.
The source and goal of the latest attack remains unclear. Speculation is mounting that the attack was in fact launched by law enforcement in an attempt to ascertain the location of Silk Road 2.0 servers, while other users believe the attack was launched by criminals or competitors.
Following the February hack, Silk Road 2.0 said it would introduce a multi-signature wallet system to replace its previous escrow platform. A multisig system should be less vulnerable to hackers, but has not been fully implemented yet.
Silk Road 2.0 is not the only black market suffering outage issues. While Silk Road 2.0 was struggling to restore services, which it eventually did late on Friday, competing market Agora went offline.
Agora users started reporting intermittent problems on Saturday. The site was out of action over much of the weekend and had still not become available by press time (12:15 BST, Monday).
The reason for the outage remains unclear. Earlier this month, Agora confirmed that it was suffering from availability issues on a regular basis. However, the team offered an extensive explanation into the inner workings of the market and the need for security, saying it considers that more important than around-the-clock availability.
The Agora team said at the time:
“Our primary goal is to stay hidden from law enforcement agencies and secure from hackers. We implement much more security measures than many others, which causes problems with availability.”