EDIT: No one has offered to accept any of the bets, so I am declaring this offer withdrawn.
BMR & Sheep have demonstrated their danger, but few black-market-users seem to genuinely appreciate this. I am publicly betting that they will fail in the near-future. If you think I am wrong, just try to take my money and prove me wrong! Otherwise, spare us your cheap talk.
Hi! I'm Gwern Branwen
. You may remember me from such black-market webpages as Silk Road: Theory & Practice
, and /silkroad
. Today I'm here to talk to you about BlackMarket Reloaded & Sheep Marketplace.
(A signed version of this 30 October 2013 post will be posted as a comment, because I wish to use Markdown formatting; my PGP key is available
With the fall of SR, we're all very sad: it was a good site which performed a useful function. But life goes on, so it's no surprise we're all moving on to new black markets. That said, I am concerned by the accumulating pattern I am seeing around BMR and Sheep, and by the delusional optimism of many of the users.
BlackMarket Reloaded, since the fall, has been marked by a pattern of arrogance, technical incompetence, dismissal of problems, tolerance for sellers keep buyer addresses & issuing threats, astounding tolerance for information leaks (all the implementation information
, and particularly the VPS incident with the user data leak; mirrors: 1
), etc. We know his code is shitty and smells like vulnerabilities (programmer in 3 different IRC channels I frequent quoted bits of the leaked code with a mixture of hilarity & horror), yet somehow backopy expects to rewrite it better, despite being the same person who wrote the first version and the basic security principle that new versions have lots of bugs. (I'm not actually bothered by the DoS attacks; they're issues for any site, much less hidden services.)
And then there's the things he's not telling us. Atlantis shut down because they were worried about contacts from LE, and thus far this shut down seems to have saved them; but BMR has been around several times longer than Atlantis - would it not beggar belief if LE had not made contacts, attempted SR-style stings, or infiltrated BMR staff? And remember how we were able to discover all sorts of leaks in DPR's opsec once we had the indictment and knew what to look for? Or consider the claims being made about the Project Black Flag Leaks, where someone claims to have accessed laundry list of information
from its internals - only after
Metta DPR decided to rip-and-run. If this is what we see publicly for BMR, what on earth is going on behind the scenes?
backopy should have handed on BMR weeks ago, but is still around. He seems to plan to repeat SDPR's mistakes exactly: leak information all over the place, never retire, and just keep on until he is busted and takes who-knows-how-many people down to prison with him. He has learned nothing. What, exactly, is his exit strategy? What goals does he have and when will they ever be satisfied? He has been running BMR for more than 2 years now, and has not left. How does this story end: of a man who does not know his limits, does not have ability equal to the task, and refuses to quit while he's ahead? It ends with a party-van, that's how it ends.
And hardly anyone seems troubled by this! The BMR subreddit is full of bustle; people are even hailing backopy as a "hero" for allowing withdrawal of bitcoins. (How generous of him.)
Is Sheep any better? No. BMR is troubled and probably infiltrated at this point, but Sheep may well be a dead market walking at this point. No one has a good word to say about its coding, so there may well be BMR-style issues in its future. More importantly: the veriest Google search would turn up that clearnet site, and it has been pointed out
that the clearnet Czech site hosted by HexaGeek was uncannily
similar to the actual hidden service. It uses almost the same exact technology, and the official explanation is that they had "fans" (fans? who set up, many months ago, before anyone gave a damn about Sheep, an entire functioning mirror while cloning the software stack and being in a foreign non-English-speaking country just like the Sheep admins?). Ridiculous! DPR may have set up a WordPress site, but at least 'altoid' didn't run an entire SR mirror! (He left that to onion.to & tor2web.org.). Sheep's likely about one subpoena of HexaGeek away from fun party times in the party-van.
I am uninterested in seeing Sheep/BMR busted and lots of newbies caught because they can't appreciate the patterns here. People don't take mere criticism seriously, and even if I lay it all out like here, and I mention that I have an excellent track record of predictions
, they still won't because anyone can doom-monger and issue warnings, it won't get through to them. I want to get through to them - I want them to understand the risks they're taking, I want them to reflexively use PGP, and I want them to leave balances on sites for as short a time as possible. So! I am putting my money where my mouth is.
I and 3 others are publicly wagering ฿4 ($816 at today's rate), ฿1 each, on the following 4 bets:
- BMR will not be operating in 6 months:
25%; 1:3 (you risk ฿3 and if BMR is still operating, you win our ฿1, else you lose the ฿3 to us)
- BMR will not be operating in 12 months
40%; 1:1.5 (you risk ฿1.5 & BMR is operating in a year, you win our ฿1, else lose ฿1.5)
- Sheep will not be operating in 6 months
30%; 1:2.3 (your ฿2.3 against our ฿1)
- Sheep will not be operating in 12 months
60%; 1:0.66 (you risk ฿0.66 against our ฿1)
The ฿4 are currently stored in 1AZvaBEJMiK8AJ5GvfvLWgHjWgL59TRPGy
(proof of control: IOqEiWYWtYWFmJaKa29sOUqfMLrSWAWhHxqqB3bcVHuDpcn8rA0FkEqvRYmdgQO4yeXeNHtwr9NSqI9J79G+yPA= is the signature by 1Az of the string "This address contains bitcoins for the BMSheep bet run by gwern.").
- BMR = kss62ljxtqiqdfuq.onion
- Sheep = sheep5u64fi457aw.onion
- The exact definition of 'not operating' includes but is not limited to this: on noon EST of 30 April 2013 (6-months) or 30 October 2014 (12-months), if Nanotube can visit the relevant black-market, create a buyer account, deposit bitcoins, and order an item, then the site is operating. If deposits or new accounts or purchases are not allowed or not possible, it is not operating.
At his own discretion, the arbitrator can take into account other factors, like widespread reports that a market has been raided and turned into a sting operation.
Arbitration & escrow are being provided by Nanotube, a long-time Bitcoin
user & -otc trader
, who has handled some past bets (most famously, the ฿10,000 bet between the Ponzi schemer pirateat40 & Vandroiy
) and I believe can be trusted to escrow this one as well; he has agreed to a nominal fee of 1%.
(I am not using Bets of Bitcoin because they have a dishonest & exploitative rule-set, and I am not sure Predictious
would allow these bets.)
If you disagree and are man enough to take our bets, post the amount you are betting on which bet, and Nanotube will supply an address for you to transfer your bitcoin to. When it arrives in his wallet, then our bet will be in effect.
May the most accurate beliefs win.
I saw this posted in the SR forum and figured I would repost in case others have difficulty accessing the forums. Hi all,
It has come to our attention that some users on Silk Road believe the following;
1. That I am a scammer and was involved in a Ponzi scam on Silk Road. 2. The moderators at Atlantis market are deleting user comments. 3. Our forums term of use policy is aimed to arrest people and record information. 4. That we are DDoS'ing Silk Road. 5. Our PGP system is crackable.
I'd like to take the time to address each point and if you have any questions, please don't hesitate to reply to this thread. The staff members at Atlantis and I are happy to address your questions.
1) This belief has come into existence as 'Vladimir' was a scammer on Silk Road and thus people thought I was the same person as him. Unfortunately without knowing Vladimir's past history, this is my name and the one I have chosen to use. Hypothetically if I was Vladimir, why would I use a scammers alias at a market place which deals directly with user funds? It wouldn't help build trust in our market place and doesn't make any sense at all. Its the equivalent of pirateat40 creating a new Bitcoin Savings and Trust scheme and asking people to re-invest in it. We're proud to say that in our 7 weeks of operation, we have suffered no down time, no users have lost funds and security concerns have been addressed promptly (like increasing PGP key support up to 16Kbits).
2) We have deleted posts only related to spam, posts involving unfounded claims or accusations (FUD) and have deleted no posts in which people have given us criticism, bug reports or requests about improving security. You can check the relevant forum sections to find examples of this. We actively encourage this feedback as it helps us create a better market place. We are here to help users and are happy to reply to any security concerns or criticism you have. We have also created a sticky topic in the general forums for people to post whatever conspiracy theories they like. We will not be moderating this thread however the other forum rules still apply.
3) We used the default term of service which comes with the forum software. You can find an exact replica when you download and install the SMF software. This has now been updated.
4) We believe competition is healthy and believe that Dead Pirate Roberts is a great leader. We also need to shed the light that Silk Road has had technical issues in the past, even when we weren't around. Things like item listing image hijacking, denial of service attacks, site upgrades and switching hosting providers all caused down time. Although it would assist in us gaining more market share if our largest competitor is down, we have no desire to resort to dodgy tactics. We believe that what goes around comes around.
5) The auto-encryption service only works IF the user or vendors uploads their PGP public key (we support key sizes of 1024 - 16384 bits). However, Atlantis also supports manual encryption outside of Atlantis in which users can use a PGP client to encrypt their message. Atlantis administrators and law enforcement could not decipher the encrypted message without the users private key. With all this said, the security comes down to the end user. If they don't trust the auto-encryption service, they can STILL manually encrypt the message outside of Atlantis and thus there is absolutely no risk of anyone being able to decipher the message. To this day, PGP with large key sizes (>= 4096bits) is still uncrackable, you can find more information about it here: http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Security_quality
. Noting: 'there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means.'
As stated earlier, if you have any concerns please don't hesitate to reply to this thread. Lastly, we'd like to thank all the people who have put their trust in Atlantis and believe in where we are heading. The ride is only just starting and we're glad to have you as part of Atlantis http://atlmlxbk2mbupwgr.onion/index.php?topic=235.0
If you were around the Bitcoin scene last year, you’ll remember the build-up and crash-out of the largest Bitcoin pyramid scam yet, run by “pirateat40“.. Turns out they got him. What’s encouraging is not just that he was caught, but that the American law seem to be treating Bitcoin and its community with a certain amount of respect, with a lot of the SEC release having fairly positive ... Bitcoin is a distributed, worldwide, decentralized digital money … Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts. r/Bitcoin. log in sign up. User account menu. 26. Alleged 500kBTC (~5M USD) scammer, pirateat40, posts a Q&A, saying payments may begin as early as Oct. 12th. Close. 26. Posted by. u/bdcs. 6 years ago. Archived. Alleged 500kBTC (~5M ... History of bitcoin. Quite the same Wikipedia. Just better. To install click the Add extension button. That's it. The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time. ... From Bitcoin Wiki. Jump to: navigation, search. Trendon Shavers (known as Pirateat40 or simply Pirate) was the operator of the largest scam in bitcoin history: he operated a ponzi scheme which initially promised a guaranteed a daily profit of 1%, and then disappeared with an unknown amount of bitcoins in August 2012. Thoughts were that the amount was about 500,000 bitcoins, valued around US $5 ... Home › Web of Trust › Web of Trust Data › Rating Symmetry for pirateat40