Millions in Bitcoin stolen from Sheep dark market as user flees ……

One of the ‘dark marketplaces’ offering illegal and semi-legal services via the anonymized web browser Tor has shut down, according to reports – with a user fleeing with millions of dollars worth of Bitcoin.

A senior user of Sheep Marketplace “stole” a large number of bitcoins totalling $4.9 million, according to the BBC’s report.The actual figure may have been much higher. Business Insider claims up to $44 million was taken.

“We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found bug in system and stole 5400 BTC – your money, our provisions, all was stolen,” the site admins said in a statement.

“We were trying to resolve this problem, but we were not successful. We are sorry for your problems and inconvenience, all of current BTC will be ditributed to users, who have filled correct BTC emergency adress. I would like to thank to all SheepMarketplace moderators by this, who were helping with this problem. I am very sorry for this situation. Thank you all.”

Sheep Marketplace gained many customers and sellers during the brief period Silk Road was inactive. At present, the site is unreachable via Tor. Some reports, such as this via TapScape, suggest that the entire site was a scam designed to earn Bitcoin, created during the period while Silk Road was offline.

Business Insider reports that the theft may have been much bigger than initial reports, “Sheep users and other Bitcoin followers on reddit say that the administrators began blocking withdrawals of bitcoins from the site more than a week ago, and may have absconded with as much as $44 million from the site’s users, pointing to a movement of 39,900 bitcoins visible in the public record of Bitcoin transactions known as the blockchain.”

Site users have begun their own detective work, chronicled on a Reddit thread devoted to the thefts, “He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I “666″ed him – sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.”

“I think he’s asleep now in the czech republic. When he awakes, he will see my “666″ next to his 96,000 stolen, freshly-laundered bitcoins. Along with lots of insults attached to fragments of bitcoins that I hope you are about to send here…”

It’s the latest in a series of “heists” involving the cryptocurrency, as reported. Despite FBI action against ‘dark market’ sites such as Silk Road, illegal commerce still thrives on Tor – and Silk Road relaunched as Silk Road 2.0.

Within the last few days, two sites hosting online wallets for the cryptocurrency Bitcoin were targeted by hackers – the ‘heists’ netted more than $1 million each.


Oddly, though, this has not adversely affected the value of the cryptocurrency, which seems to thrive on publicity, whether positive or negative.


Despite the heists, plus high-profile law-enforcement actions against ‘dark market’ sites such as SILK ROAD, which conducted transactions in Bitcoin, the currency is now valued at $919 per coin, it’s highest-ever valuation.


Earlier this year, Some famous threat blogs detected new variants malware that attempted to steal Bitcoins, mine Bitcoins illegally, or break into wallets. Malware targeting other similar currencies such as Litecoin.


We Live Security spoke to  James Andrews, Finance Editor at Yahoo UK, for a perspective on the currency from outside the world of technology.


“Nothing in finance is truly safe.” “Real currencies collapse, but the Bitcoin is less safe than most. It’s been called the world’s most perfect speculative material, which is fair. It has absolutely no value or use bar it’s rarity. If people stop valuing that it’s entirely worthless more or less instantly. Equally, though, prices might just keep rising and rising and rising – as more people buy into the idea and demand rises.”


On Twitter, an image showing the enormous rise and sudden collapse in prices of Dutch Tulips during the brief craze when the bulbs were first introduced in 1637 has circulated.


Could the same happen to Bitcoin? Perhaps – but there are steps you can take to keep your Bitcoins safer than most.


If your wallet’s stolen, act fast


If your Bitcoin wallet HAS been stolen, it’s not quite as easy for the attacker as stealing a real wallet – he or she has to move the currency out of it. If you’re lucky, and fast, this can sometimes save your coins.  When the Bitcoin wallet is stolen from the victim, the attacker will have to “spend” the Bitcoins in it – by either adding them to his own wallet, purchasing something, etc.


“The only way to get away without losing the money is if the victim is lucky enough to “spend” the Bitcoins (purchase something or import them to a new wallet) before the attacker does. Obviously, the chances of that are pretty slim.”


Keep your PC clean if you’re dabbling in Bitcoin


Cybercriminals love Bitcoin. Thatswhy Bitcoin and other crypto-currencies are being targeted by cybercriminals. There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims’ Bitcoin wallets, or both . So Keep your computer clean and uncompromised by “thinking before you click” and keeping your system, applications and anti-virus up-to-date.


Encrypt your wallet


Despite Bitcoin’s own beautiful illustrations of glittery coins, what you’re dealing with are numbers – long encryption keys. To stay safe, you just have to ensure no one else ever has access to these.  There are several important rules to keep  Bitcoins safe.

        The key words here are: BACK UP and ENCRYPT.

Bitcoin provides a way to encrypt wallets, and this would make it much more difficult for the attacker to get his hands on the Bitcoins.” Clever Bitcoin users will encrypt all their wallets – although this slows performance – and have several for different uses. Very small amounts of money


Don’t keep all your eggs in one basket – or your Bitcoin in one wallet


Bitcoin is a special case – if you’re worried a site breach or Trojan attack may have put your hoard within reach, don’t just change passwords, even if your wallet is encrypted. Make a new one, and move your coins to it (with a new, strong password). Lipovsky says that the Bitcoin foundation’s own advice is excellent, “If a wallet or an encrypted wallet’s password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet.”


Most finance experts advise – don’t put your life savings in Bitcoin


Yahoo’s Andrews says that the soaring price of Bitcoin isn’t a signal to invest: “If you’ve made a profit on Bitcoins you already own, well done.  There’s simply no way to know whether their prices will keep rising, stabilise or collapse. And there are a lot of risks – everything from them being hacked, your e-wallet being hacked, someone successfully forging them or Bitcoins being made illegal.”


If you must store Bitcoins online, don’t store large amounts


Online Bitcoin wallets are not designed to work like bank accounts – they’re convenient, as you can access them from anywhere – but they’re a prime target for cybercriminals. An attack on Bitcoin site BIPS targeted web wallets. CEO Kris Henrikson said, ““Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in,” after his site was robbed of $1.2 million in Bitcoin.  Bitcoin says, tactfully, “Online wallets have a number of pros and cons.” After Bitcoin was hacked, and $1.2 million stolen, its founder said, “I don’t recommend storing any bitcoins accessible on computers connected to the internet.”


Mobiles and Bitcoins don’t mix


Various Android apps offer ways to carry Bitcoins with you – but again, these come with their own risks. Earlier this year, a flaw in Android rendered ALL Bitcoin wallets unsafe – although it was rapidly patched – and apps which allow transfer via NFC add additional risks, particularly if a device is lost. “Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It is not advisable to store a large amount of bitcoins there.”


Keep your fortune in “cold storage”


If you’re serious about Bitcoin, the security procedures are long and complex – even Bitcoin admits that setting up an offline wallet, stored on CDs and USB sticks is “tedious” and “not user friendly”. A good guide to how to do this is here – and it may also provide an illustration of why mainstream PC users might want to consider sticking to good old US dollars. Bitcoin says, “Because bitcoins are stored directly on your computer and because they are real money, the motivation for sophisticated and targeted attacks against your system is higher than in the pre-bitcoin era.” Bitcoin’s own procedure for creating an “offline” wallet, which never contacts the internet in plaintext form, is here. This procedure is also known as creating an “air gap” or “cold storage”. Followed correctly, it provides protection from malware and cyberattacks – although not, of course, from traditional crimes such as extortion.


Still worried? Store them on paper


One safe – if extreme – way of ensuring Bitcoins don’t fall into the hands of hackers is to store them on paper. Bitcoin says, “When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of your bitcoins being stolen by hackers, or computer viruses.With each entry on a paper wallet, you are securing a sequence of secret numbers that is used to prove your right to spend the bitcoinsThis secret number, called a private key, most commonly written as a sequence of fifty-one alphanumeric characters, beginning with a ’5′.” Be sure, though, your PC is clean before you print – the free software used to generate codes has been targeted by cybercriminals. Run a complete scan of your machine first, then keep AV software running as you print out.



Spy agencies working on cyberweapon “more powerful than Stuxnet”, claims Iran

An Iranian news agency has said that “malware worse than Stuxnet” may soon be unleashed, to “spy on and destroy the software structure of Iran’s nuclear program.”

The information came from an unnamed source close to Saudi Arabia’s secret service, according to The Register and suggested that $1 million had already been earmarked for the project.

“Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel’s Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides’ cooperation in intelligence and sabotage operations against Iran’s nuclear program,” the source told Iranian news agency FARS.

“One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet (a comprehensive US-Israeli program designed to disrupt Iran’s nuclear technology) to spy on and destroy the software structure of Iran’s nuclear program,” the source told FARs.

Stuxnet inspired much debate among security professionals, both for its targeting of industrial control systems, and its sophistication, which seemed to indicate that it was made by a group with the resources of a nation-state.  Senior Researchers cautioned, in the wake of the attacks, against expecting “the next Stuxnet” to be similar. It was put into a phrase “Expect the unexpected,”

Israel’s Haaretz news said that Saudi Arabia’s “shared concern” with Israel over Iran’s nuclear capability has put the two countries at odds with the United States. FARS reported that the Saudi intelligence chief described current Geneva talks aimed at limiting the country’s nuclear program through economic sanctions as “the West’s treachery.”

The Sunday Times, quoting an unnamed diplomatic source in Saudi Arabia, said that Saudi would allow Israel to use its air space, and cooperate with Israel on the use of drones and helicopters, if current talks in Geneva fail to roll back the country’s nuclear program.

“Once the Geneva agreement is signed, the military option will be back on the table. The Saudis are furious and are willing to give Israel all the help it needs,” theSunday Times’ source said.