Death threats fly as $100 million of Bitcoins disappear from Sheep Marketplace

Tor market selling drugs shuts down

First came the closure of criminal underground Silk Road, now an apparently vast theft of Bitcoins from one of the sites that replaced it, Sheep Marketplace. Are the users of darkweb markets now being targeted by criminals?

A weekend message on the Tor-based Sheep Marketplace claimed that 5,400 Bitcoins (worth about $5.6 million) had been stolen with the message, "we are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found bug in system and stole 5400 BTC - your money, our provisions, all was stolen."

That would have been bad enough but estimates since then suggest that the true scale of the theft could run as high as almost 100,000 BTC, equivalent to more than $100 million in the real world.

A slew of angry user complaints have since alleged that the whole site had been operating for some time as a honeypot designed to collect Bitcoins in advance of a prepared heist, an accusation that if true would be an unprecedented example of a business calmly collecting money in order to steal it.

This was achieved by offering illegal drugs for unusually low sums of BTC while refusing to allow users to easily withdraw currency, a cover for the thief to run the BTC through a 'tumbler' to launder the currency while keeping them hard to track.

Most of the subsequent detective work seems to have been carried out by a single UK-based user, TheNodManOut, who is convinced the culprit is the Czech admin running the Sheep Marketplace site.

"I've been a very busy boy. All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind Tomas," he wrote on 2 December Reddit post that refers to the individual accused of the scam.

"I've just chased a thief through a washing machine for you."

It remains open to debate whether the thief will ever be able to extract even a fraction of their value without being spotted but getting the currency back to its owners also looks like a forlorn hope.

Until the weekend, few would have heard of Sheep Marketplace and those who had kept that to themselves. Because it is a site that uses Tor to hide its activity from ordinary Internet users, the theft of $100 million dollars could have happened last weekend without anyone other than its victims even being able to see it.

With death threats against the site owner surfacing and unhappy regular users unable to complain to police, it all makes the loss of $1 million in BTC from Danish firm BIPS only two weeks ago look like a minor hiccup, although that was a theft from a legitimate business offering wallet services.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechBTsecurity

More about BTC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts