Image via Flickr/Mike Haller
Yesterday, Sheep Marketplace, an anonymous digital narcotics bazaar that grew popular after the shutdown of the Silk Road, announced that it had been robbed of 5,400 bitcoins—the equivalent of $6 million at current exchange rates—and then promptly shut itself down. This came just days after Black Market Reloaded announced it would be shutting down due to an inability to absorb a massive influx of new users leaving Sheep Marketplace.
Writing on the marketplace's homepage, the administrators claimed that one of its vendors, EBOOK101, had exploited a bug in the system that allowed them to pilfer the bitcoins.
“This vendor found [a] bug in the system and stole 5,400 BTC—your money, our provisions, all was stolen,” the Sheep Marketplace's message read. “We were trying to resolve this problem, but we were not successful.”
The announcement did nothing to quell rumors that the site was in fact an elaborate scam. If these rumors are to be believed, then it’s a short step toward wondering if the 5,400 BTC theft was an act of misdirection, and not a separate incident by unknown assailants.
Making money in digital back alleys isn't hard, if you know what you're doing. Among the many revelations to emerge from the Silk Road's implosion was that Ulbricht made a great deal of money on bitcoin transaction fees—millions, in fact. This model of direct user fees helps to eliminate users' fear that any particular marketplace is running a scam.
The mysterious shutdown of Sheep Marketplace, which relies on vendor fees for funds, follows a tumultuous few weeks for the site and its vendors. Beginning November 20, or in the days following, large volume Sheep vendors found that they were unable to withdraw their bitcoins. These vendors and other Sheep users took their complaints to the site’s forum and Reddit. Sheep admins addressed these complaints by assuring users that the site was experiencing technical problems related to the update of an automatic tumbler used to disguise transactions. (The site’s timeline of erratic behavior was arranged semi-coherently by the person or people behind SheepMarketScam.com, a site that is compiling the updates of multiple Reddit and Sheep forum threads.)
By November 27, Sheep Marketplace claimed 90 percent of users were now able to withdraw bitcoins. This turned out not to be the case. Two days later, admins announced that users would be able to withdraw 1 BTC, but only after a 22-hour countdown clock had expired. According to updates on SheepMarketScam, the clock appeared to be operating according to some wacky kind of Einsteinian relativity. Adding insult to injury, many vendors were unable to withdraw bitcoins after the 22 hours had elapsed. With bitcoin’s valuation skyrocketing following a positive reception in Congress two weeks ago, this behavior looked suspicious to Sheep users and observers.
Admins of the Sheep Marketplace then claimed (the chronology here is fuzzy) that they didn’t want to flood the bitcoin network with small transactions, another curious move given bitcoin’s booming business. The vendors who were able to withdraw, according to SheepMarketScam, had less than 1 BTC in their accounts to begin with. The implication here being that many vendors with larger vaults of bitcoins were unable to withdraw, leaving the alleged scammers free to cherry pick the most fruitful accounts.
The same day, in a bit of circumstantial Monday morning quarterbacking, Reddit user throwme1121 posted a new thread on the Sheep Marketplace subreddit, acknowledging that he/she was now convinced the Sheep was a scam. The new theory: a couple of vendors had slashed drug prices like infomercial salesmen right around the time the site started experiencing technical difficulties.
“We all know that Sheep is Czech owned,” wrote throwme1121 in his original subreddit post, claiming Czech vendors were also involved in the site's administration; namely, ctrlaltweed and PREMIUMGOODS, who are apparently friends. “These 2 vendors have dropped their prices like CRAZY on ALL products,” added throwme1121. “In addition, they have added new products like Cocaine and MDMA that they have NEVER stocked before, and they are using stock images not their own. And you guessed it—FE ['finalize your transactions early'] on everything because of Sheep withdrawal issues.”
Under this theory, if ctrlaltweed and PREMIUMGOODS could convince buyers to purchase both existing and new drugs at deep discount, they could flood their accounts with bitcoins. That would leave the site's creators or hackers—either of which theoretically could have created the above vendors as dummy accounts—free to potentially run with the money. (It’s worth noting that ctrlaltweed was a well-known and respected Silk Road vendor before jumping ship to the Sheep.)
One day later, Sheep users, working off of numbers from the bitcoin monitoring site Blockchain, posted on Reddit that 39,918 BTC ($40 million) simply disappeared into the digital ether—making EBOOK101’s alleged 5,400 ($6 million) heist look like chump change. This mysterious exodus of 39,918 BTC seems to have occurred only after administrators blocked users from withdrawing their bitcoins from the site. This move, according to a Y-combinator blog post, is the hallmark of a virtual drug market scam. While all of this might smell like a smoking gun, determining if EBOOK101 was a rogue vendor or a dummy account behind a larger Sheep Marketplace scam could prove difficult given the anonymity of virtual black markets.
By November 30, Sheep Marketplace, feeling the heat of scam accusations, took their forum offline and posted the following message: "We are enabling a spam filter for the forums, as the number of posts had got out of control. We will be enabling the forum once this is in place. Please try to stay calm. This is a temporary measure, and we will keep everybody updated when we have further information".
Reddit user RilkSoad thought the movement of bitcoins could, as the site claimed, have something to do with the administrators performing a “tumbler integration.” This, in layman terms, is a means of obscuring transactions on virtual black markets. “Maybe they've completed tumbler integration for incoming transfers and have moved the existing money out so that they can tumble it back in and increase all of our security?” RilkSoad wondered. “I'm just playing devil's advocate here really, while I'd obviously prefer this not to be a scam I have to keep the possibility in mind.”
So, was the Sheep Marketplace a scam, or was the site, as its admins claim, the victim of theft? The consensus on Reddit, SheepMarketScam, and the site's forum is that the black market's creators were the thieves. Sheep Marketplace, for its part, isn’t doing much to help its cause or assuage its users.
Assuming the Sheep was behind the scam, it would seem that deep web and bitcoin anonymity might have guaranteed a perfect digital heist. But, the site's founders may have left virtual cookie crumbs leading back to their identity. As Silk Road's Dread Pirate Roberts so perfectly illustrated in his downfall, even the most powerful anonymity tools will not cover up carelessness. Could the same hold true for the Sheep Marketplace founder?
On November 2, writer and researcher Gwern Branwen appeared in the Silk Road subreddit to post about a then-unnamed marketplace. “I have been given some interesting information,” wrote Branwen. “I would like to establish priority and timing for it ... if you have a moment, please do me a favor by quoting the hash"—a "cryptographic hash precommitment proof of knowledge," which he appended to establish that he possessed certain information without revealing it—"in a comment; if a few accounts do it, it will make it easier to confirm that I did in fact post this hash on 3 November 2013 and have the information I will claim to have had.”
Sunday, around 7:00pm EST, Branwen uploaded a Pastebin page divulging the information gleaned from the anonymous hacker. It turns out the unnamed marketplace was Sheep Marketplace.
The leaker claims you can see the Tor icon if you zoom in on Jiřikovský's computer screen.
“On 2 November 2013, I was contacted on IRC by a pseudonymous chatter, 'an anonymous security hobbyist,'” wrote Branwen. “He said he had some information for me if I would swear to keep it secret. I agreed as long as it didn't involve violence like hitmen.” The security hobbyist had recently read Branwen's bet that BMR and SMP would die in a year, but thought he could do Branwen one better: He would provide evidence that Sheep Marketplace was created by Tomáš Jiřikovský, an accused bitcoin scammer.
The hacker also let Branwen know that he'd passed this information on to the FBI (more on that below). According to Branwen, the mysterious figure also took credit for leaks related to Black Market Reloaded and Project Black Flag (itself a victim of bitcoin theft). Branwen read the results, checked the links, and agreed that Jiřikovský was the likely creator of Sheep Marketplace. Then, as noted in his Pastebin post, Branwen organized his notes, made copies of all linked webpages, and prepared it all in a single compilation available for download via Dropbox.
The documents note, among other things, that Jiřikovský owns the Sheep Marketplace VPS hosting service, and controlled several other domains on that service, Old Cans and Font Park being two of them; that he was the earliest Sheep Marketplace promoter, advertising it on other sites earlier this year; that he is a Czech developer who runs Ubuntu, just like the Sheep Marketplace developer; and that his email address is listed on the Bitcoin Scammer List. They also prove that Branwen’s source had identified ctrlaltweed as a suspicious moderator and vendor almost a month before throwme1121 did so.
Even before the mysterious leaker’s help, Branwen smelled something fishy with the goings-on at Sheep Marketplace. “The veriest Google search [of Sheep Marketplace] would turn up that clearnet site,” wrote Branwen in his Reddit post The Bet: BMR and Sheep to die in a year. “And it has been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service.”
Branwen then criticized Sheep Marketplace’s official explanation for the clearnet mirror site, which was that “fans” had set up the fully-functioning mirror on cloned software many months before the Deep Web site started attracting the Silk Road exodus hordes.
Does this definitively prove Jiřikovský’s involvement in Sheep Marketplace, let alone the bitcoin theft? The information gleaned by Branwen’s source seems pretty damning. The evidence could lead to vigilante justice by scorned buyers and sellers, by hackers, and by law enforcement. If bitcoin is to be made palatable for the masses, especially in the wake of the recent effusive praise on Capitol Hill, those invested in the cryptocurrency's future will want to bring the Sheep Marketplace thieves down, and prevent similar scams from happening again.
Which raises a third interesting scenario that could explain the Sheep Marketplace mayhem. As the mysterious hacker who doxed Jiřikovský told Branwen, he passed the information to the FBI on November 2. That means the FBI had an 18-day head start on its investigation (assuming it undertook one) before the site started experiencing problems. That would be more than enough time for the FBI to reverse-engineer the Sheep creator’s identity, as they had done with Silk Road’s Ulbricht.
Considering the FBI puppeteered Anonymous informant Sabu, convincing Jeremy Hammond to dump the Stratfor data onto the bureau’s servers, would it be very surprising if the feds commandeered Sheep Marketplace? It's possible that, with information on Jiřikovský, perhaps the FBI was able to track the Sheep’s bitcoin transactions, and nab careless vendors.
In this anonymous free-market matrix, there is no legal recourse for the scammed. Every user is anonymous and making transactions in anonymous currency. That makes it harder for law enforcement to bring their digital surveillance tools to bear on the drug war, but it also makes it harder to establish human trust on the deep web. Amidst the meteoric rise of bitcoin, and the promise of the security and anonymity that comes with cryptographic currencies, the people of virtual black markets—especially ones named "Sheep"—have forgotten the age-old maxim that a fool and his money are soon parted.