Hansa Locktimes - A Guide for Vendors

Hey brothers and sisters,

These have been a painful few weeks. I'm sure some of you are worried about the multisig funds you had tied up on Hansa. I have done some analysis on the downloadable signed locktime transaction xlsx files I downloaded before the site went down and will share my findings here.

  1. My file does not appear to attempt to call home. When run in a quarantined environment (libreoffice on fedora) my packet sniffer picked up nothing at all. If someone such as /u/Ethereality_DNM (I have reached out to you) wants to verify this they're more than welcome. LE already has all the transaction information so what does it matter? ;)

  2. The time-locked transactions appear to be valid and the withdrawal address is the same as the address I had set myself on Hansa. LE have not edited anything so in October the funds will still be unlocked to vendors. Let's hope for a massive bitcoin price rally between now and October! :D

If you want to verify the timelocks for yourself I suggest you wait for confirmation from someone else that the files are safe as it's been many years since I've done this sort of analysis. Even then I'd recommend opening the file in a quarantined environment, copying the information to a CSV file (time order placed, bitcoin amount, timelock script columns are all you need), then sending the file to another environment before handling the data.

Anyway, then go to coinb.in (use the onion if possible), click verify at the top, paste the information from a cell and see what comes up. You should see:

  1. The transaction has already been signed by 1 party (Hansa)
  2. The transaction is time-locked until October
  3. The address is still yours
  4. The Txids (with 1 sig only) can be verified as being broadcast already using the block explorer of your choice

Come October you just need to paste the info from each cell (one at a time although there may be a way to speed it up) into coinb.in's sign page and sign each one with your private key. Then broadcast them and the funds should appear in your wallet. I suggest you do all of this via the coinb.in onion site.

I hope that's a small comfort to some of you. Please don't get greedy, there are 3 months before the funds are going to become available so plan on how you're going to safely gain access to them and transfer them elsewhere.

Much love

IST


Comments


[6 Points] DrReeferDNM:

Just a heads up. The Seized bitcoin were from orders from the 17th-20th. You can verify them on coinb, and then paste the ID on blockchain - coins moved to a wallet with 1500 bitcoin. The bitcoin from BEFORE that hasn't been touched, and because bitcoin was processing no issues before that, vendors should be able to pull that out. During those 3 days they switched out the buyers key with there own + the markets, and then refunded the bitcoin to there own wallet. Before that it was still market/vendor/buyer, so you'll have no issues there. Amazing that not 1 vendor verified the script and caught the public keys were not matching during the last 3 days. I'm guilty of this as well, but damn.


[2 Points] AutoModerator:

/u/Ethereality_DNM - You have been summoned in this thread by /u/IST_Vendor.

This convenience is brought to you by AutoMod. Submissions do not automatically summon users like comments do. AutoMod is trying to be helpful.

For others, it should no longer be necessary to summon the referenced user in a comment any more. AutoMod has done the heavy lifting for you. You're welcome. Bow before me.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[2 Points] IronmansVisa:

So to confirm, vendors had needed to have downloaded this transaction locktime file (.txt or otherwise) before the market closed to gain access to their finalized funds by the 90 days? Or will they be transferred regardless?


[2 Points] ice_cream4breakfast:

They won't work. They changed the public key of the customer to theirs. 2 of the 3 keys are controlled by them. The time lock is useless. They will sign with both keys before the time lock is ready. Money lost.


[1 Points] Dontworrybeready:

If LE really changed the addresses as they say and have full control over them then even if the timelocked tx is legit, they can still move the coins before the vendor has a chance to sign and broadcast it.


[1 Points] None:

/u/Litsolutions


[1 Points] SaintVengeance:

There was a comment in one of my posts that the multisig 2 of 3 was compromised as well- https://www.reddit.com/r/DarkNetMarkets/comments/6oh2iz/sohow_do_we_actually_release_coinsget_a_refund/dkhtyuv/?context=3

I don't understand it well enough to confirm or deny anything, but when you take a look, funds are still there and able to be released after the timelock?


[1 Points] opiateconnect_:

My friend what if you don't have the locktime transaction files downloaded? Is there still a way to get the coins?


[1 Points] None:

Thanks for sharing at least some vendors will be able to get their funds.


[1 Points] Hairybristols:

I read about this timelock thing and thought that must be another LE trick, but after reading about how the mods on Hansa were unaware the admins had been arrested, LE then impersonated the admin.

THe whole Fentynal thing was the mods idea, which the covert le admins agreed too, they wanted to keep the mods in the dark, so i believe when the mods suggested putting the timelocks up the le admins agreed to that as well, as it could arouse suspicion if they said no, and they knew it would not harm their covert op.

So reading this post just adds to my believe that the timecodes are indeed legit.


[1 Points] PaperChasersINC:

Any updates?


[1 Points] tp911:

confirmed that the latest tx i could locktime sign/broadcast was early on the 17th.

easy to check either way on coinbin.

  1. SIGN TAB - paste locktime tx + privkey + submit to get a new tx box at bottom.
  2. BROADCAST TAB - paste the new tx value from step 1 and broadcast to either: a) successfully generate a tx thus getting $ b) get an input error which means no $

they got about 40% of my tx the slick motherfuckers.

so they basically just screwed with the keys to generate a new msig address with full control of all keys with the hopes nobody verified and noticed, right? i am slightly confused because i cannot see original tx values but i think the giveaway for this in future is to take the non-locktime tx / redeemscript + verify that ur key + the buyer key + mkt pubkeys are accurately tied to the #3 wallet with the proper tx for the order. checking this on LE seized orders would have shown pubkeys not recognized as belonging to vendor, right?


[0 Points] Dontworrybeready:

Ok so the locktime transaction is valid, but the coins are already moved from the address. This means that LE took the coins, and the locktime transaction will try to spend an already spent amount.

To verify this for yourselves: Coinb.in, Verify tab, paste the locktime tx, click submit, you'll get a tx-id, copy that to a block explorer like blockcypher.com. There should be two outputs, one is the multisig address that starts with the number 3. Click it. If it still has the coins then the locktime tx can release it, if it has no coins then it's gone.