Not only are Bitcoin trading sites like Bitstamp and Mt. Gox susceptible to the recent accleration of the "transaction malleability" problem, but apparently the Silk Road—or at least its newest incarnation—is too.

On Thursday "Defcon," one of the anonymous administrators of the Silk Road, declared ominously: "We have been hacked." (The message was later reposted in full to reddit .)

According to rough estimates by Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California, the exploit has resulted in the site losing approximately 4,400 bitcoins, presently worth around $2.6 million, that were taken from Silk Road’s escrow account.

Weaver told Ars that he came up with that figure by writing a script that looked at all the published Bitcoin wallet addresses and transaction IDs (TXID) that Defcon published, and added up the total value.

As Defcon wrote:

Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker. Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as "transaction malleability" to repeatedly withdraw coins from our system until it was completely empty. Despite our hardening and pentesting procedures, this attack vector was outside of penetration testing scope due to being rooted in the Bitcoin protocol itself.

A feature and a bug?

"I think that it’s not a vulnerability in Bitcoin, it’s an interaction between a malfeature in Bitcoin and how people have implemented withdrawal systems in Bitcoin," Nicholas Weaver told Ars.

"They have a model where when you do a withdrawal it monitors the blockchain and if it doesn’t go through after a certain time it tries again. Rather than looking for the contents of the transaction it looks for the transaction ID. What the person does is they see the transaction posted and modified it slightly so the ID is different, and they broadcast that widely. They’re not fake transactions. It’s broadcasting a version of the same transactions but with a different transaction ID number. Otherwise they are identical."

"It’s the accounting system that effectively has a bug in it. Part of the reason that the transaction ID is not protected by the signature is so I could say pay 100 bitcoins to this address, and other people can add in. That’s the reason why transaction ID are not cryptographically protected. It is a feature, not necessarily a bug."

While this vulnerability has been long known since 2011, it has only recently become a notable threat to Bitcoin exchanges and sites like Silk Road that have large shared pools of transactions.

"I have no idea [why it’s accelerated now], apart from attacker imagination," Weaver added. "A week ago nobody thought, 'The accounting IDs may be busted, I should try changing transaction IDs and seeing if it works.' [The way to fix this is] to have automated accounting systems look to transactions not the transactions ID, then you can prevent this problem."