SRDouglas SR2.0 Leak - Block height reached

Please don't downvote, trying to bring awareness to what's happening so people affected can do whatever they have to do to stay safe.

So like I said, I set up an environment in anticipation of this shitstorm. Decrypted the files, you can read all about it here on the Evo forums: http://i25c62nvu4cgeqyz.onion/viewtopic.php?pid=469776

What are your guys thoughts on this? If someone can verify these are SR2.0 users, I have a feeling SRDouglas will have a bounty on his head soon.


Comments


[4 Points] forgettheket:

Took a look at the vendors, the info is legit but it could have simply been compiled. We need some buyers to chime in here, none of the usernames I knew to exist are on here.


[6 Points] Vendor_BBMC:

I think SRDouglas could be DPR2

"As you may or may not know, SRDouglas posted a topic on Bitcointalk, saying he was the developer behind SR2.0. Whether that's true or not has yet to be seen, but he mentioned he had usernames, passwords, deposit addresses, plaintext passwords, product listings, private messages, and transaction records. He also has the SR2.0 source code, but most know the website operated like shit. He's releasing the username:hash dump with this leak, with more to come."

My reasons for thinking this go back to that terrible time on the markets between October 2014 and a year ago today - Feb 13th 2014, when the SR2 escrow turned into Defcon's Tesla electric supercar. It was a baptism of fire for me, a new vendor. I was getting robbed every 5 weeks on average as marketplaces went down one by one.

Whoever developed SR2 was clearly a developer on SR1. As a vendor on both sites (I was "RedBook" on SR1), the only differences I noticed were the absence of two features on the evil SR which had been on the Ross-run SR - bitcoin price hedging, and automated withdrawal for vendors. Oh, and the ability to just pay another Silk Road user by name.

I know that Silk Road 1.0 never planned to steal from anybody, because you could specify 3 wallets of your own, The moment a customer finalized, the bitcoiun was sent to one of these wallets offsite, and not some "pretending to be your wallet but you don't have the keys" thing. (it made no difference in the end, because the feds seem to have run SR1 for a few days. My takings kept getting auto-withdrawn to an address I didn't know, so I disabled auto withdraw, only to find it re-enabled.

I thought I was losing my mind for a few days. Next thing I knew there was that awful "this website has been seized" page with all those police shields).

(Tellingly, every marketplace I've used since insists on "looking after" my takings for me until I manually withdraw them. Why? Vendors aren't allowed to buy things. We only withdraw bitcoin. If its a battle between Agora and Evo, whichever one introduces automated withdrawal first can have all my business.)

DPR2 was a scumbag as far as I can see. A definite wrong 'un, who might have been good at writing computer code but spent his time doing DDOS attacks on rival marketplaces, releasing lists of their users similar to this, whilst offering his "marketplace hardening services" like an insurance salesman pushing a cabinet of bone china over in a shop and saying "Oops! Now if you'd had insurance, that wouldn't have happened. You've got 48 hours to think about it"

Blackmarket reloaded got hacked and Backcopy closed it in an ordered way.

Sheepmarketplace got hacked and its owner tried to cover it up by breaking the ability of wallets to withdraw. First, the site stopped paying transaction (miners) fees so withdrawals were just stuck on the blockchain between Friday (when vendors try to withdraw) and Tuesday (when customers start depositing) to prevent the site from becoming technically bancrupt

Then there was the fake tumbler problems, the "minimum withdrawal is 1 btc" limit (when 1btc was nearly $1000) and the arbitrary 24 hour withdrawal countdown clock.

In the end, Sheepmarketplace's owner just ran for it, chased through the blockchain, into a tumbler, and out the other side by a very talented reddit user. I hired this user in December 2013 to find SR2's escrow wallet for DEFCON, who was pretending to be the SR2 janitor who found a note taped to his broom that said "Goodbye suckers! you're in charge now. Love from DPR2".

another vendor, "Hank" and I hired the same user again when the SR2 escrow went for a walk a year ago today. it was an easy job, because he already knew the wallet address (it was ONE wallet, so Defcon was talking bullshit when he said that 57% of vendors were victims of the theft and lost their escrow). That reddit user (who likes to keep a low profile) is regularly hired by the British Tor Vendors Association to identify the escrow, commission wallet etc of any martketplace before the BTVA negotiate vendor bonds etc on our behalf. I'm certain he's the reason I haven't been robbed for a year now, as well as the reason Defcon got caught.

If its true, that was half a bitcoin well spent. (He also stumbled across 1.2 million bitcoin from the week before the SR2 hack, which you may hear about in the coming year).

Dread Pirate Robert 2 is the missing link in the Silk Road story, and as far as I can see the only one still on the street. If this is him, he really should keep a low profile.


[3 Points] askthemarketsthrowaw:

What is MLP?


[0 Points] totes_meta_bot:

This thread has been linked to from elsewhere on reddit.

If you follow any of the above links, respect the rules of reddit and don't vote or comment. Questions? Abuse? Message me here.