The Heist of 96,000 Bitcoins, US$ 103,296,000 or € 76,416,000

Summarized by e-War Alpha, December 3, 2013

Sheep Market scam @ Blockchain:

December 2, 2013

New Statesman: “There’s a £60m Bitcoin heist Going Down Right Now, and You Can Watch in Real-Time”

One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins – that’s roughly £60m as of the time of writing – was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

Here’s what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site’s administrators realised what was happening and shut everything down.

Originally it was thought that only 5,200BTC – or £3m – was taken, with a message posted on Sheep’s homepage blaming a vendor called “EBOOK101” for finding and exploiting a bug. However, over the weekend it became clear that the amount stolen was much, much larger.



Sheeproadreloaded2, 1 day ago: “I just Chased Him Through a Bitcoin Tumbler, and When He Came Out with 96,000 BTC, I Was Waiting for Him…”

I’ve been a very busy boy. All day, we’ve been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind “Tomas”.

He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I “666”ed him – sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.


He was tumbling our stolen bitcoins a second time, and a tumbler is unbeatable….

Unless you guess which one it is, nearly all the coins belong to the person you’re tracking, jump in with him, and get jumbled up through the same wallets using the same algorithm. I was hopping from foot to foot shouting “come on!” at my laptop, waiting an age for 6 blockchain confirmations to get 0.5 btc into “bitcoin fog”. My half a bitcoin got sliced and diced through loads of wallets and I followed the biggest chunk with – along with 96,000 stolen ones!

I chose the shortest tumbling time – 6 hours – and my half a coin plinked back onto my android phone in dribs and drabs, sparkly and new.

I think he’s asleep now in the czech republic. When he awakes, he will see my “666” next to his 96,000 stolen, freshly-laundered bitcoins.



Kyerussell, 29 points 11 hours ago

It seems that this subreddit is full of people that don’t understand the fundamentals of bitcoin and somehow think that this’ll result in people getting their money back.

It won’t.

That’s the point of bitcoin.

You can make (tongue-in-cheek) analogies about moving trains and what have you, but in the end you’re just throwing bitcoin around under the false understanding that it’ll result in anything happening.

You aren’t going to get anything back. None of you are going to get anything back, and it’s by design. This is EXACTLY how Bitcoin is supposed to work. Bitcoin would be fundamentally broken if you somehow got your money back.

It seems like a lot of people in this subreddit are just looking for some action and aren’t actually thinking about this properly.


CoinDesk, December 2, 2013: “ Prank Proves Bitcoin Protocol’s Strength”


The Verge: “Online Black Market Members Hunt Down $100 Million in Bitcoins, Blame Site Owners for Theft”

Users of online underground bazaar Sheep Marketplace are trying to figure out who got away with $5 million, $40 million, or even $100 million worth of bitcoins from the site — and whether it might be the owners themselves. Yesterday, Reddit user CrazeeFruito posted a message from the front page of Sheep Marketplace, which appeared to have been shut down.

Sheep is down

We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found bug in system and stole 5400 BTC — your money, our provisions, all was stolen. We were trying to resolve this problem, but we were not successful. We are sorry for your problems and inconvenience, all of current BTC will be ditributed to users, who have filled correct BTC emergency adress [sic].

I would like to thank to all SheepMarketplace moderators by this, who were helping with this problem. I am very sorry for this situation. Thank you all.



DoctorDbx, 38 points 1 day ago: “A site setup to encourage illegal activities proves to be unethical and steals from its customers.

Colour me amazed.”

Andy Greenburg (Forbes), December 1, 2013: Sheep’s owners have used that theft to justify closing the market without returning the bitcoins stored in the market by users, despite claiming that they would redistribute those coins to users’ “emergency addresses.” Sheep users and other Bitcoin followers on reddit say that the administrators began blocking withdrawals of bitcoins from the site more than a week ago, and may have absconded with as much as $44 million from the site’s users, pointing to a movement of 39,900 bitcoins visible in the public record of Bitcoin transactions known as the blockchain.


Techie News, December 1, 2013: “Silk Road-like Sheep Marketplace Scams Users; over 39k Bitcoins worth $40 Million Stolen”


Sheep Marketplace system started acting a little funny wherein it stopped sellers from withdrawing their Bitcoins. Some vendors had amassed hundreds of Bitcoins by selling goods through tens of thousands of transactions.

All this started around November 20 when vendors started posting their suspicion on the site’s forum as well as on Reddit. They claimed that the withdrawal system wasn’t working and were not able to withdraw their earnings for straight 10 days. The admins of Sheep Marketplace implemented withdrawal countdown timer with a minimum of 1BTC limit on day 9 of the withdrawal system being down.

However, according to reports from vendors the countdown timer was acting funny and wasn’t moving at an appropriate speed. The same case was with buyers as well who had deposited BTC in their Sheep Marketplace accounts.

Then came the shocker when one of the moderators replied to vendors’ concerns. According to ctrlaltweed, who is listed as a seller as well, revealed that users should leave the marketplace ASAP as admins that run away with all the money.

“The reason is probably that one vendor did use bug in marketplace and did steal 5500BTC from sheep pocket. Then the problems with withdrawals happened, there were no tumbler, we were all fooled :/ we, the mods realized all facts just right now, we do hope that some of you can save btc after reading this”, noted the moderator.



Motherboard, December 2, 2013: “Did One of the Silk Road’s Successors Just Commit the Perfect Bitcoin Scam?”

On November 2, writer and researcher Gwern Branwen appeared in the Silk Road subreddit to post about a then-unnamed marketplace. “I have been given some interesting information,” wrote Branwen. “I would like to establish priority and timing for it … if you have a moment, please do me a favor by quoting the hash”—a “cryptographic hash precommitment proof of knowledge,” which he appended to establish that he possessed certain information without revealing it—”in a comment; if a few accounts do it, it will make it easier to confirm that I did in fact post this hash on 3 November 2013 and have the information I will claim to have had.”

Sunday, around 7:00pm EST, Branwen uploaded a Pastebin page divulging the information gleaned from the anonymous hacker. It turns out the unnamed marketplace was Sheep Marketplace.

“On 2 November 2013, I was contacted on IRC by a pseudonymous chatter, ‘an anonymous security hobbyist,’” wrote Branwen. “He said he had some information for me if I would swear to keep it secret. I agreed as long as it didn’t involve violence like hitmen.” The security hobbyist had recently read Branwen’s bet that BMR and SMP would die in a year, but thought he could do Branwen one better: He would provide evidence that Sheep Marketplace was created by Tomáš Jiřikovský, an accused bitcoin scammer.

The hacker also let Branwen know that he’d passed this information on to the FBI (more on that below). According to Branwen, the mysterious figure also took credit for leaks related to Black Market Reloaded and Project Black Flag (itself a victim of bitcoin theft). Branwen read the results, checked the links, and agreed that Jiřikovský was the likely creator of Sheep Marketplace. Then, as noted in his Pastebin post, Branwen organized his notes, made copies of all linked webpages, and prepared it all in a single compilation available for download via Dropbox.

The documents note, among other things, that Jiřikovský owns the Sheep Marketplace VPS hosting service, and controlled several other domains on that service, Old Cans and Font Park being two of them; that he was the earliest Sheep Marketplace promoter, advertising it on other sites earlier this year; that he is a Czech developer who runs Ubuntu, just like the Sheep Marketplace developer; and that his email address is listed on the Bitcoin Scammer List. They also prove that Branwen’s source had identified ctrlaltweed as a suspicious moderator and vendor almost a month before throwme1121 did so.

Even before the mysterious leaker’s help, Branwen smelled something fishy with the goings-on at Sheep Marketplace. “The veriest Google search [of Sheep Marketplace] would turn up that clearnet site,” wrote Branwen in his Reddit post The Bet: BMR and Sheep to die in a year. “And it has been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service.”

Branwen then criticized Sheep Marketplace’s official explanation for the clearnet mirror site, which was that “fans” had set up the fully-functioning mirror on cloned software many months before the Deep Web site started attracting the Silk Road exodus hordes.

Does this definitively prove Jiřikovský’s involvement in Sheep Marketplace, let alone the bitcoin theft? The information gleaned by Branwen’s source seems pretty damning. The evidence could lead to vigilante justice by scorned buyers and sellers, by hackers, and by law enforcement. If bitcoin is to be made palatable for the masses, especially in the wake of the recent effusive praise on Capitol Hill, those invested in the cryptocurrency’s future will want to bring the Sheep Marketplace thieves down, and prevent similar scams from happening again.

Which raises a third interesting scenario that could explain the Sheep Marketplace mayhem. As the mysterious hacker who doxed Jiřikovský told Branwen, he passed the information to the FBI on November 2. That means the FBI had an 18-day head start on its investigation (assuming it undertook one) before the site started experiencing problems. That would be more than enough time for the FBI to reverse-engineer the Sheep creator’s identity, as they had done with Silk Road’s Ulbricht.

Considering the FBI puppeteered Anonymous informant Sabu, convincing Jeremy Hammond to dump the Stratfor data onto the bureau’s servers, would it be very surprising if the feds commandeered Sheep Marketplace? It’s possible that, with information on Jiřikovský, perhaps the FBI was able to track the Sheep’s bitcoin transactions, and nab careless vendors.



June 18, 1996: “How to Make a Mint: The Cryptography of Anonymous Electronic Cash”National Security Agency Office of Information Security Research and Technology Cryptology Division