Silk Road 1: Theory & Practice

History, background, visiting, ordering, using, & analyzing the drug market Silk Road 1
cryptography, statistics, nootropics, politics, predictions, Bitcoin, Silk-Road, interview, R, survival-analysis, survey, Bayes, tutorial
2011-07-112018-09-29 finished certainty: likely importance: 9

The cypher­punk move­ment laid the ide­o­log­i­cal roots of Bit­coin and the online drug mar­ket Silk Road; bal­anc­ing pre­vi­ous empha­sis on cryp­tog­ra­phy, I empha­size the non-cryp­to­graphic mar­ket aspects of Silk Road which is rooted in cypher­punk eco­nomic rea­son­ing, and give a fully detailed account of how a buyer might use mar­ket infor­ma­tion to ratio­nally buy, and fin­ish by dis­cussing strengths and weak­nesses of Silk Road, and what future devel­op­ments are pre­dicted by cypher­punk ideas.

The web­site 1 (SR1), a drug mar­ket­place oper­at­ing in pub­lic, needs lit­tle intro­duc­tion at this point, after Gawker’s 2011 arti­cle went viral, draw­ing fire from the likes of US fed­eral Sen­a­tors Schumer & Manchin. It was prob­a­bly the sin­gle most famous com­mer­cial enter­prise using ; some spec­u­lated that demand from SR patrons sin­gle-hand­edly pushed the exchange rate up by $5 the week­end of the Gawker arti­cle. It then flour­ished until its bust in 2013-10-02.


Esti­mates of SR’s size have been done sev­eral ways: most pur­chases entail a review at the end, and reviews are dis­played on the front page, so one can mon­i­tor the front page and extrap­o­late to esti­mate aver­age num­ber of trans­ac­tions per day or week, and from there esti­mate turnover and what SR’s com­mis­sions total to: eg. ~100 trans­ac­tions a day over 2 years and aver­ag­ing ~$150 is . (Christin 2013) spi­dered Silk Road for 8 months (2011-2012) and did some­thing sim­i­lar by record­ing all pub­lic prices, feed­back indi­cat­ing how much had been sold, and cal­cu­lat­ing a monthly turnover of $1.2m for annual rev­enue of ~$15m; the differ­ence in esti­mates seems explained by my esti­mate of daily trans­ac­tions being con­sid­er­ably too low.1 The DHS in Novem­ber 2013 esti­mated Mt. Gox alone “was mov­ing approx­i­mately $60 mil­lion per month into a num­ber of Inter­net-based hid­den black mar­kets oper­at­ing on the Tor net­work, includ­ing Silk Road” around the time of Gox seizures in May 2013, although this turnover seems too high given other monthly esti­mates.

Another way is to look in the blockchain for SR-re­lated addresses or trans­ac­tions; one pos­si­ble address had a 2012-06-23 bal­ance of ₿450,825 or $2,885,280. Since it is unlikely there are ~$3m of trans­ac­tions active or sit­ting in wal­lets that day on SR when the largest pre­vi­ous Silk Road scam­mer (Tony76)—pulling out all the stop­s—­got away with an order of mag­ni­tude less mon­ey, this is highly likely to rep­re­sent Silk Road’s profits or profits plus bal­ances & escrows; which at a com­mis­sion of 5-10% implies a total Silk Road turnover of >$28m. Inter­est­ing­ly, Christin 2013’s analy­sis con­cluded that Silk Road was by July 2012 receiv­ing $92k monthly or $1.7m yearly in com­mis­sions (and twice that yearly fig­ure is larger than that address bal­ance—as it should be, being an upper bound). On 2013-04-09, a sin­gle trans­ac­tion of ₿69471 was made by the address 1BAD...GuYZ, and may have been related to the SR coin­tum­bler. For fur­ther dis­cus­sion, see “A Fist­ful of Bit­coins: Char­ac­ter­iz­ing Pay­ments Among Men with No Names”, Meik­le­john et al 2013.


I know of one com­pet­ing Eng­lish Bit­coin+­Tor mar­ket­place as of 2011-06-09, named Black­Mar­ket Reloaded which lives at 5onwnspjvuk7cwvk.onion (non-Tor mir­ror); informed 2011 opin­ion seemed to be that it is low-vol­ume and stag­nant, but it appar­ently has improved sub­stan­tially and as of Feb­ru­ary 2013, has grown sub­stan­tially with ~$700k monthly turnover and begun to rival SR; with the fall of SR, it attracted sub­stan­tially more atten­tion, some of which extracted the site’s source code and copied its data­base, lead­ing BMR to shut down tem­porar­ily in 2013-10-17.2 A third rival, Atlantis (atlantisrky4es5q.onion; mir­ror) was launched 2013-03-14 and has report­edly turned over >$500k between March and June 2013; it had a much more appeal­ing glossy Web-2.0 look than the SR’s rel­a­tively old design, but made some ques­tion­able choices like pro­vid­ing “con­ve­nient” in-browser encryp­tion and using rather than Bit­coin. Atlantis shut down in Sep­tem­ber 2013, after telling DPR1 that “they shut down because of an FBI doc leaked to them detail­ing vul­ner­a­bil­i­ties in Tor.” The main rival to BMR was a small new site which started up in early 2013, called Sheep Mar­ket­place (sheep5u64fi457aw.onion), which in late Novem­ber 2013 halted with­drawals, top ven­dors began scam­ming users, and Sheep essen­tially shut down 2013-11-29 after exfil­trat­ing >₿39,644 & appar­ently sell­ing some on BTC-E. Final­ly, there was a “Deep­bay” (deepbay4xr3sw2va.onion), appar­ently started in early 2013 as well and going pub­lic in June; lit­tle has been said about it and its secu­rity is unknown, but it report­edly stole all user bit­coins start­ing some­where around 2013-11-04.

There are 2 Russ­ian com­peti­tors, RAMP” & “Shop of Magic Prod­ucts” (Wired; short inter­view), which have been com­pared to SR and BMR (re­spec­tive­ly).


Nei­ther Bit­coin nor the Silk Road should be under­stood out­side their ide­o­log­i­cal and his­tor­i­cal con­text: the now-ob­scure move­ment.

The “cypher­punk” group was a loose affil­i­a­tion of cryp­to­graphic researchers and enthu­si­asts cen­tered on the epony­mous email list in the 1980s and 1990s who devel­oped many novel ideas and approaches to com­mu­ni­ca­tion, eco­nom­ics, and pol­i­tics. Achieve­ments of theirs included devel­op­ing (in­spir­ing the ), help­ing defeat the Clin­ton-era and set­ting a key prece­dent, and help­ing defeat USA (key to safe Inter­net com­merce out­side the USA; the costs of export restric­tions can be seen to this day in South Korea, which locked itself into a Microsoft/Internet Explorer com­puter mono­cul­ture). No event marked their dis­so­lu­tion, but through the ’90s, they grad­u­ally lost cohe­sion and inter­est as var­i­ous ideas were suc­cess­ful and oth­ers remained bar­ren. ( remarked in 1994 that an accept­able dig­i­tal cur­rency may take sev­eral years to devel­op, but that he had been that opti­mistic years before as well; we could date the ful­fill­ment of the dream to Bit­coin—14 years lat­er—in 2008.) For­mer cypher­punks include large cor­po­ra­tions to tech­no­log­i­cal inno­va­tion (, descend­ing from ) to niche groups like (dig­i­tal cur­rency inven­tor Wei Dai) to activism (, ) etc.

The cypher­punk par­a­digm can be sum­ma­rized as: “replac­ing cen­tral­ized sys­tems of inter­ac­tions enforced by coer­cion with decen­tral­ized sys­tems of vol­un­tary inter­ac­tion whose rules are enforced by mathematics/economics”. Desider­ata for sys­tems include: com­mu­ni­ca­tions pri­vate from all third-par­ties, anony­mous, prov­ably untam­pered with, and prov­ably from par­tic­u­lar par­ties; social mech­a­nisms like rep­u­ta­tion replaced by for­mal­ized sys­tems like feed­back; and legal mech­a­nisms like anti-fraud statutes super­seded by mech­a­nisms such as or bonds (which can be for­ti­fied by cryp­to­graphic tech­niques as mul­ti­ple-party sig­na­tures).

The ideal cypher­punk sys­tem is self­-en­forc­ing, self­-reg­u­lat­ing, and can­not be attacked directly by out­siders because they do not know where it is or how to affect it.

Julian Assange et al 2012 write:

The new world of the inter­net, abstracted from the old world of brute atoms, longed for inde­pen­dence. But states and their friends moved to con­trol our new world – by con­trol­ling its phys­i­cal under­pin­nings. The state, like an army around an oil well, or a cus­toms agent extract­ing bribes at the bor­der, would soon learn to lever­age its con­trol of phys­i­cal space to gain con­trol over our pla­tonic realm. It would pre­vent the inde­pen­dence we had dreamed of, and then, squat­ting on fiber optic lines and around satel­lite ground sta­tions, it would go on to mass inter­cept the infor­ma­tion flow of our new world – its very essence even as every human, eco­nom­ic, and polit­i­cal rela­tion­ship embraced it. The state would leech into the veins and arter­ies of our new soci­eties, gob­bling up every rela­tion­ship expressed or com­mu­ni­cat­ed, every web page read, every mes­sage sent and every thought googled, and then store this knowl­edge, bil­lions of inter­cep­tions a day, undreamed of pow­er, in vast top secret ware­hous­es, for­ev­er. It would go on to mine and mine again this trea­sure, the col­lec­tive pri­vate intel­lec­tual out­put of human­i­ty, with ever more sophis­ti­cated search and pat­tern find­ing algo­rithms, enrich­ing the trea­sure and max­i­miz­ing the power imbal­ance between inter­cep­tors and the world of inter­ceptees. And then the state would reflect what it had learned back into the phys­i­cal world, to start wars, to tar­get drones, to manip­u­late UN com­mit­tees and trade deals, and to do favors for its vast con­nected net­work of indus­tries, insid­ers and cronies.

But we dis­cov­ered some­thing. Our one hope against total dom­i­na­tion. A hope that with courage, insight and sol­i­dar­ity we could use to resist. A strange prop­erty of the phys­i­cal uni­verse that we live in. The uni­verse believes in encryp­tion. It is eas­ier to encrypt infor­ma­tion than it is to decrypt it. We saw we could use this strange prop­erty to cre­ate the laws of a new world. To abstract away our new pla­tonic realm from its base under­pin­nings of satel­lites, under­sea cables and their con­trollers. To for­tify our space behind a cryp­to­graphic veil. To cre­ate new lands barred to those who con­trol phys­i­cal real­i­ty, because to fol­low us into them would require infi­nite resources. And in this man­ner to declare inde­pen­dence.

The decen­tral­iza­tion is key. Cen­tral­iza­tion is unac­cept­able for many appli­ca­tions: cen­tral­iza­tion means any com­mer­cial or polit­i­cal inter­est can inter­fere for any pur­pose, be it ren­t-seek­ing or tax­a­tion, pros­e­cut­ing eco­nomic war­fare against another par­ty, intended to ham­per orga­nized crime or ter­ror­ism, etc.

This fear of cen­tral­iza­tion is not idle. The ring of power offered by cen­tral­iza­tion has been grasped on many occa­sions: rang­ing from Pay­pal ham­per­ing its com­peti­tors to US-led crack­downs on ancient finan­cial sys­tems & Islamic char­i­ties in the name of coun­ter-ter­ror­ism to the US suing the pre­dic­tion mar­ket (with the assis­tance of the Cen­tral Bank of Ire­land) to credit card com­pa­nies’ near-fa­tal boy­cott of Wik­iLeaks to Iran’s severe infla­tion after eco­nomic embar­goes. Pre­vi­ous like or suffered the expected fates, and more point­ed­ly, an ear­lier online drug mar­ket (the “Farmer’s Mar­ket”) was shut down and prin­ci­pals indicted using scores of trans­ac­tion details stored by banks & Pay­pal & West­ern Union.


The fun­da­men­tal chal­lenge con­fronting any elec­tronic cur­rency is cop­ing with the : when trans­ac­tions con­flict (eg. spend­ing twice the same unit of cur­ren­cy), which trans­ac­tion takes pri­or­i­ty? Dou­ble-spends are diffi­cult to per­form with non-elec­tronic money since you can­not give a dol­lar bill to one per­son while simul­ta­ne­ously giv­ing it to anoth­er, but triv­ial with elec­tronic mes­sages.

One solu­tion is to cen­tral­ize trans­ac­tions: if you over­draw your bank account with 2 checks, the bank will choose one to bounce and one to hon­or. Sim­i­larly for credit card trans­ac­tions. An elec­tronic cur­rency like Pay­pal processes each trans­ac­tion in real­time, so you can­not log into your Pay­pal account in 2 browsers and send your entire bal­ance to 2 differ­ent peo­ple. With cen­tral­iza­tion, there is some­one or some­thing which ‘decides’ which of the 2 con­flict­ing trans­ac­tions will become the real trans­ac­tion. Cen­tral­iza­tion appears in many guises in cur­rency sys­tems: cryp­to­graphic pio­neer could guar­an­tee com­plete anonymity to any­one “spend­ing” a coin, solv­ing the dou­ble-spend prob­lem by devis­ing things so that a dou­ble-spend leaks enough infor­ma­tion that the anonymity evap­o­rates, but the math only works with a cen­tral “bank” which could be attacked. Chaum’s sys­tem never took off, for sev­eral rea­sons, but this cen­tral­ized point of fail­ure is one.

If we avoid the prob­lems of cen­tral­iza­tion and resolve on a decen­tral­ized sys­tem, we face a differ­ent but equally severe set of prob­lems: with­out cen­tral­iza­tion, in a dis­trib­uted sys­tem in which no party has veto power (and any party can be anony­mous or for another par­ty), how and who decides which of 2 con­flict­ing trans­ac­tions is the “real” trans­ac­tion? Must a dis­trib­uted sys­tem sim­ply allow dou­ble-spends, and thus be use­less as mon­ey?

No. The is that it says that the valid trans­ac­tion is sim­ply “the one which had the most com­put­ing power invested in pro­duc­ing it”. Why does this work? In the Bit­coin dis­trib­uted sys­tem, there are many ‘good’ par­ties at work pro­duc­ing new trans­ac­tions, and they will inde­pen­dently latch onto one of the two com­pet­ing trans­ac­tions pro­duced by an attacker and incor­po­rate it into future trans­ac­tions; the amount of com­put­ing power nec­es­sary to out­-in­vest those other par­ties quickly becomes too enor­mous for any one entity to invest. Within hours, one trans­ac­tion will be uni­ver­sal, and the other for­got­ten.

Hence, Bit­coin is an accept­able cypher­punk cur­ren­cy: it is decen­tral­ized, par­ties par­tic­i­pate out of self­-in­ter­est, and it is eco­nom­i­cally infea­si­ble to attack Bit­coin direct­ly.

Silk Road as Cyphernomicon’s black markets

The Silk Road (SR) is a web­site acces­si­ble through the Tor anonymiz­ing net­work. Tor is descended from cypher­punk designs for anony­mous email: mes­sages are swapped by servers in the “mix” net­work with chang­ing cryp­to­graphic wrap­pers, so observers can­not tell what server a mes­sage ulti­mately ends up at nor who sent a mes­sage. Buy­ers cre­ate accounts, send bit­coins to SR-con­trolled address­es, browse seller pages, and order quan­ti­ties sim­i­lar to any e-com­merce site. (Con­trary to descrip­tions of SR as “the eBay of drugs”, SR is more akin to shop­ping on Ama­zon Mar­ket­places than eBay: there are no auc­tion fea­tures.) SR has been cov­ered in the media for years and is still oper­at­ing suc­cess­ful­ly, indeed, Christin 2013 cal­cu­lated a monthly turnover of ~$1.2m for annual rev­enue of ~$15m from 2011-2012, with daily sales vol­ume:

“Fig­ure 12: Esti­mate of the total amount of daily sales (in ₿) occur­ring on SR. Each point cor­re­sponds to an aver­age over the prior thirty days.” –Christin 2013

The design of SR could be taken straight out of early ’90s cypher­punk—­most of the design can be jus­ti­fied in Tim­o­thy C. May’s 1994 , itself mostly a sum­mary of much ear­lier dis­cus­sions. (In an amus­ing his­tor­i­cal coin­ci­dence, May hap­pens to men­tion an old dig­i­tal cur­rency pro­posal called… “The Dig­i­tal Silk Road”.) The SR is an unreg­u­lated black mar­ket­place which is:

  • reached via a anonymiz­ing mix net­work
  • made up of pseu­do­ny­mous enti­ties, who
  • com­mu­ni­cate pri­vately and securely via to arrange pur­chases
  • using escrow schemes for pay­ment of sell­ers only on receipt of goods
  • said sell­ers post the equiv­a­lent of bonds as surety before being allowed to sell
  • and buy­ers pub­licly rate their sell­ers (so the mar­ket­place avoids becom­ing a )

From an eco­nomic point of view, sev­eral mea­sures serve to make incen­tives align:

  • SR is paid as a per­cent­age of trans­ac­tions; hence, it is moti­vated to encour­age as high a turnover as pos­si­ble, and main­tain the sat­is­fac­tion of both buy­ers and sell­ers. This makes SR a rel­a­tively trust­wor­thy agent because too much abuse will cause buy­ers or sell­ers to leave and cease pay­ing the per­cent­age, espe­cially if there are any com­pet­ing mar­ket­places. (This is the same dynamic that kept users on Lib­erty Reserve before it was shut down.)
  • Sell­ers are encour­aged to not scam buy­ers because they will not gain access to bit­coins in escrow and enough vio­la­tions will for­feit their deposit held by SR
  • Buy­ers have lim­ited incen­tive to scam sell­ers because their bit­coins are paid in advance and not under their con­trol; SR arbi­trates dis­putes and more than a few bad trans­ac­tions can lead to their bal­ances for­feited and being black­list­ed, lim­it­ing their abil­ity to scam large amounts

And as far as peo­ple out­side the mar­ket­place are con­cerned, there is a net­work effect at play: the bet­ter incen­tives align, the more buyer and sell­ers there will be, and they will lead to bet­ter selec­tions and lower prices. All famil­iar eco­nomic results about nor­mal thick com­mod­ity mar­kets, but per­haps unex­pected to see in such an exotic mar­ket­place.


One aspect of the incen­tives deserves cov­er­age as most pre­sciently dis­cussed by the cypher­punks and under­ap­pre­ci­ated by users: the use of escrow.

Tim­o­thy C. May’s chap­ter 12 (“Legal Issues: Loose Ends: Escrow Agents”) lays out the neces­sity of escrow when a mar­ket­place uses both pseu­do­nymity and untrace­able dig­i­tal cash:

On-line clear­ing has the pos­si­ble dan­ger implicit in all trades that Alice will hand over the mon­ey, Bob will ver­ify that it has cleared into his account (in older terms, Bob would await word that his Swiss bank account has just been cred­it­ed), and then Bob will fail to com­plete his end of the bar­gain. If the trans­ac­tion is truly anony­mous, over com­puter lines, then of course Bob just hangs up his modem and the con­nec­tion is bro­ken. This sit­u­a­tion is as old as time, and has always involved pro­to­cols in which trust, repeat busi­ness, etc., are fac­tors. Or escrow agents.

…In steps “Esther’s Escrow Ser­vice.” She is also untrace­able, but has estab­lished a dig­i­tal­ly-signed pres­ence and a good rep­u­ta­tion for fair­ness. Her busi­ness is in being an escrow agent, like a bond­ing agen­cy, not in “burn­ing” either par­ty. (The math of this is inter­est­ing: as long as the profits to be gained from any small set of trans­ac­tions is less than her “rep­u­ta­tion cap­i­tal,” it is in her inter­est to forego the profits from burn­ing and be hon­est. It is also pos­si­ble to arrange that Esther can­not profit from burn­ing either Alice or Bob or both of them, e.g., by suit­ably encrypt­ing the escrowed stuff.) Alice can put her part of the trans­ac­tion into escrow with Esther, Bob can do the same, and then Esther can release the items to the par­ties when con­di­tions are met, when both par­ties agree, when adju­di­ca­tion of some sort occurs, etc. (There a dozen issues here, of course, about how dis­putes are set­tled, about how par­ties sat­isfy them­selves that Esther has the items she says she has, etc.)

“Esther” is SR, “on-line clear­ing” is bit­coins, Alice is a buyer and Bob the sell­er, but oth­er­wise the logic is clear and unmis­tak­able: lack of escrow leads to a for Bob to scam Alice.

We can see the proof in prac­tice. For var­i­ous rea­sons, SR pro­vides buy­ers the option of releas­ing their funds from escrow to the sell­er, called “early final­iza­tion”; early final­iza­tion is one of the lead­ing mech­a­nisms for seller scams on SR. The car­di­nal exam­ple is the April 2012 scam where a trusted seller took the occa­sion of a SR-wide sales event (where SR waived its fees) to announce unusu­ally low prices, took in hun­dreds of large orders total­ing thou­sands of bit­coins (the equiv­a­lent of >$50,000) but requir­ing early final­iza­tion, with­drew all funds, and never deliv­ered. A sim­ple enough scam, yet highly effec­tive: as May and other cypher­punks pointed out decades before, one should never entrust a pseu­do­ny­mous agent with more liq­uid anony­mous cash than its “rep­u­ta­tion cap­i­tal” is worth! One can entrust the agent with less liq­uid anony­mous cash (not enough to burn one’s rep­u­ta­tion in exchange for), or one could entrust the agent with more escrowed anony­mous cash (so they can­not “rip-and-run”), but not both more and un-e­scrowed (which is pay­ing them to scam you).

(This could be helped slightly by pro­vid­ing more infor­ma­tion about sell­ers, like list­ing the out­stand­ing bal­ance for sell­ers so buy­ers can be wary of any seller with an unusu­ally large out­stand­ing bal­ance; but buy­ers will still be attracted by sales as excuses for final­iz­ing ear­ly, and sell­ers could sim­ply split their activ­ity over mul­ti­ple accounts. Escrow remains the best solu­tion.)

Silk Road as a marketplace

“Silk Road does­n’t really sell drugs. It sells insur­ance and finan­cial prod­ucts,” says Carnegie Mel­lon com­puter engi­neer­ing pro­fes­sor Nico­las Christin. “It does­n’t really mat­ter whether you’re sell­ing T-shirts or cocaine. The busi­ness model is to com­modi­tize secu­ri­ty.”3

Beyond the basic cryp­to­graphic tools and fea­tures of the site itself, SR embod­ies the cypher­punk dream of let­ting free-mar­ket forces oper­ate to inform buy­ers and let them find sell­ers with whom they can reach mutu­ally accept­able agree­ments. There is no bet­ter way to demon­strate this dynamic than with a detailed exam­ple using real SR data of a hypo­thet­i­cal buyer com­pil­ing the infor­ma­tion SR pro­vides, mak­ing infer­ences on the pro­vided data, apply­ing his desires to appraise each sell­er’s wares, trad­ing off var­i­ous cri­te­ria such as risk ver­sus price, and finally set­tling on a par­tic­u­lar prod­uct.

But one won­ders: what is using it like? Does it have a decent selec­tion? Is it safe? Rid­den with scam­mers? Has it suc­cumbed to an (“I used SR when it was still under­ground”)? Should­n’t we keep quiet about it like Fight Club?


The purity and safety of SR wares, while vary­ing con­sid­er­ably from seller to sell­er, batch to batch, and drug to drug, seems to have gen­er­ally been high. For exam­ple, the LSD Avengers’ lab test­ing kept the LSD sec­tion’s qual­ity up, and the FBI in its JTAN search war­rant request did its own lab test­ing:

Since Novem­ber of 2011, law enforce­ment agents par­tic­i­pat­ing in this inves­ti­ga­tion have made over 70 indi­vid­ual pur­chases of con­trolled sub­stances from var­i­ous ven­dors on the Silk Road Under­ground Web­site. The sub­stances pur­chased have been var­i­ous Sched­ule I and II drugs, includ­ing ecsta­sy, cocaine, hero­in, LSD, and oth­ers. As of April 2013, at least 56 sam­ples of these pur­chases have been lab­o­ra­to­ry-test­ed, and, of the­se, 54 have shown high purity lev­els of the drug the item was adver­tised to be on Silk Road.

Suc­cess­ful deliv­ery rates of real drugs were high; the DHS agent Jared Deryeghi­ayan report­edly tes­ti­fied that of >50 orders, “All but 1-2 shipped the adver­tised drug.”

Sub­se­quent DNMs like­wise appear to have high puri­ties on aver­age. For exam­ple, the Span­ish drug test­ing ser­vice Energy Con­trol found as of March 2015 that “Users are asked about the type of sub­stance they believe they have pur­chased. In 120 of 129 sam­ples (93%), the main result of the analy­sis was con­sis­tent with the infor­ma­tion pro­vided by the user”4


The safety of using Tor dark­net mar­kets is a major ques­tion (and wor­ries about safety are, accord­ing to Bar­ratt et al 2013’s sur­vey analy­sis, a major rea­son peo­ple don’t use SR), and one I find inter­est­ing. Unsur­pris­ing­ly, it’s hard to find solid infor­ma­tion on how many peo­ple have been busted using SR or what hap­pened to them, and the con­se­quences will depend on the spe­cific sub­stance and amounts. For exam­ple, modafinil seems to be de facto not pros­e­cuted in the US, and the fail­ure rates of import­ing from online phar­ma­cies seem to be in the <10% range accord­ing to buyer anec­dotes and 1 sell­er. Some users report occa­sional inter­cep­tions like when Forbes ordered 3 items in 2013 & 1 failed to arrive, but oth­ers claim flaw­less deliv­ery records (even some­one claim­ing to buy $50k of opi­ates a year on SR). Gen­eral descrip­tions of drug impor­ta­tion also sug­gest low inter­cep­tion rates (as makes sense given the very large quan­ti­ties of drugs sold every day); the large Cana­dian LSD seller Tes­sel­lated esti­mated in July 2013 that “less than 1% of our pack­ages are reported miss­ing (some of this may be cus­tomers lying)” and 2 Eng­lish drug jour­nal­ists in Decem­ber 2012 dis­cussing their most recent book:

Q: “How much of the drugs that enter the coun­try are actu­ally seized by police?”

A: “I think the fig­ure that’s quoted in our book is about 1%; it really is a frac­tion of what gets in. There was one con­ver­sa­tion I had with a chap who had access to the Seri­ous Organ­ised Crime Agency who said that if peo­ple knew how easy it was, then more peo­ple would do it.”

Buy­ers and sell­ers seem to be treated differ­ently as well: in the 2012 bust of the inse­cure Farmer’s Mar­ket (see later foot­note), the indict­ment only lists sell­ers and no buy­ers.


Due to length, this sec­tion has .

LE reports

Secu­ri­ty-wise, SR seems to be receiv­ing pass­ing grades from law enforce­ment agen­cies inter­nal­ly; a leaked FBI report men­tioned no attacks against SR, an anony­mous fed­eral source reports frus­tra­tion5 (although these sources may just be echo­ing pub­lic infor­ma­tion6), anony­mous anec­dotes claim the DEA is stymied7, while a May 2012 Aus­tralian doc­u­ment report­edly praised the secu­rity of seller pack­ag­ing and gen­eral site secu­ri­ty, with a pseu­do­ny­mous SR forums user claim­ing to sum­ma­rize it:

Recent­ly, I gained access to an inter­nal con­fi­den­tial report dis­trib­uted to sev­eral Aus­tralia LE agen­cies and a few inter­na­tional anti-nar­cotic bod­ies regard­ing pos­si­ble meth­ods of com­bat­ing ille­gal activ­i­ties involv­ing BC. Of course SR was a main fea­ture of said report…So here are the nuts and bolts of the report, spread the infor­ma­tion as far and wide as pos­si­ble friends:

  1. PGP is ter­ri­fy­ing them, every new user who learns it and helps oth­ers learn, closes a pos­si­ble loop­hole they were plan­ning to exploit.
  2. User igno­rance of the tech­nol­ogy being used (Tor, PGP etc) is their sin­gle best hope for any kind of seri­ous action against the SR com­mu­ni­ty.
  3. Nar­cotic trade his­tor­i­cally involves exploita­tion and vio­lence. Users work­ing together as a com­mu­nity for a greater good and towards the same goals has made all pre­vi­ous inter­dic­tion train­ing basi­cally obso­lete. In other words, every user who helps new­com­ers learn how to be safe and secure espe­cially through the use of PGP for all trans­ac­tions and com­mu­ni­ca­tion is a nail in LEO’s coffin.
  4. A total lack of vio­lence and exploita­tion is very much work­ing in our favor. So in other words, the idea of a com­mu­nity work­ing together to pro­tect the new and vul­ner­a­ble has been iden­ti­fied as a huge obsta­cle for any kind of seri­ous attempt to stop SR.
  5. Their morale regard­ing fight­ing SR and BC is very low at the moment, mainly because very few LEO have the capac­ity to com­pre­hend how the whole sys­tem works, but unfor­tu­nate­ly, recent media cov­er­age demands some kind of action, so they are going to have to show the pub­lic they are doing some­thing to com­bat SR, they just aren’t sure what yet.


In par­tic­u­lar, I am impressed that after years of oper­a­tion as of April 2013, SR seems to have never been seri­ously hacked or bro­ken into: in that time, there have been many hacks of other sites and >9 hacks of Bit­coin cur­rency exchanges. There has been a peren­nial forum spam prob­lem, and in late 2012, there was a SQL injec­tion attack lead­ing to images being cor­rupted with false addresses and a few peo­ple los­ing their money by not being sus­pi­cious, but that seems to be it. And SR is the biggest tar­get out there besides MtGox, for mul­ti­ple rea­son­s—the sheer amounts that pass through it, the poten­tial of it being a small team rather than a pro­fes­sional group (how do you hire pen­e­tra­tion testers when you’re SR?), the unusual prod­ucts you can order, the noto­ri­ety one would earn, and final­ly, the “lulz” value of their data­bases (sup­pose some­one were able to har­vest addresses & names that are fool­ishly sent to sell­ers in the clear & unen­crypt­ed; imag­ine the lulz value of releas­ing them all in a big dump! Peo­ple would be wet­ting their pants world­wide, since despite all warn­ings, there are always a great num­ber of users who will not bother encrypt­ing their address­es.)

My belief is that SR can be taken down; how­ev­er, I am not sure LE (law enforce­ment) has per­mis­sion to use the tac­tics nec­es­sary—­ex­plain­ing the lack of sug­gested attacks or real­is­tic attacks in the leaked FBI Bit­coin paper and sum­maries of the leaked Aus­tralian SR paper (re­spec­tive­ly). My two sug­gested attacks are

  1. ing the SR site, ren­der­ing it unus­able (and con­gest­ing the over­all Tor net­work)
  2. fake buyer & seller accounts lead­ing up to a sin­gle large scam.

Attack #1 would make the site sim­ply unus­able, and can be done on any address SR runs on since the address has to be widely known or how will the buy­ers & sell­ers know where to go? This would require a few dozen nodes, at least, although I’m not actu­ally sure how hard it is to DDoS a Tor hid­den server—re­port­edly the DDoS which took down SR for weeks was being run by a sin­gle indi­vid­ual in their spare time8, and by the very nature of the Tor anonymiz­ing net­work, it should be diffi­cult to do any­thing at all about a DoS attack since how do you iden­tify the end-n­odes respon­si­ble, as opposed to the relays pass­ing on their mes­sages? And the obvi­ous coun­ter-mea­sure, run­ning through many .onion address­es, even one for every user, would sub­stan­tially reduce the actual anonymity of the SR servers. That a weak DDoS attack was already so suc­cess­ful against SR raises seri­ous doubts in my mind about the abil­ity of hid­den ser­vices to resist a real DDoS attack like by a medi­um-sized bot­net.

Attack #2 would require a fairly sub­stan­tial finan­cial invest­ment to pay the ~$500 deposit required of each seller account, but depend­ing on how effec­tive the final step is, may actu­ally run at a profit: it’s not hard to get $500 of orders at any time, since you can build up a rep­u­ta­tion, and then when you decide to burn the account, you can solicit orders for weeks due to ship­ping delays, and then delay the res­o­lu­tion even longer. Cer­tainly the many FE scam­mers like Tony76, who have made off with hun­dreds of thou­sands of dol­lars, have demon­strated that this is per­fectly doable and claims to the con­trary are wish­ful think­ing; and cer­tainly LE is patient enough to do this tac­tic since it’s exactly what they did with Farmer’s Mar­ket & & other forums/sites too obscure to be remem­bered. Repeat­ed, this would mas­sively destroy buy­ers’ trust in SR, espe­cially since there are usu­ally only a few hun­dred active sell­ers at any point. (pine, com­ment­ing on how the com­pet­ing dark­net mar­ket Atlantis did in-browser encryp­tion which I crit­i­cized as secu­rity the­ater & Hush­mail redux, points out the ver­sion of this sce­nar­io: the more new­bie buy­ers who are too lazy or arro­gant to use PGP (~90% of users, accord­ing to the Atlantis admin­is­tra­tors in June 2013; >50%, accord­ing to a for­mer SR1 sell­er; >30% of Sheep Mar­ket­place users accord­ing to the seller “hay­denP” on 2013-11-22; DPR2 esti­mated “between 8% and 12%” on SR2 on 2013-12-06; 90%, an Evolution/The Mar­ket­place sell­er; <10%, an Agora sell­er; >75%, the Project Black Flag hacker; 46% & 52%, the Evo­lu­tion seller fun-gee; 10%, Grand­Wiz­ard­sLair & 1-2% use mul­ti­sig when avail­able; a large frac­tion of AlphaBay users in 2016/2017 accord­ing to peo­ple who saw the leaked PMs) the more attrac­tive an attack on SR becomes to pick up all the buyer addresses being sent in the clear and the more fea­si­ble a mass raid becomes.)

For­tu­nate­ly, I don’t think LE is autho­rized to engage in cyber­war (#1) or mass entrap­ment & fraud (#2)—and who knows, maybe SR could sur­vive both. We’ll see.

Fight Club

When­ever clas­sic (and ille­gal) cypher­punk appli­ca­tions are imple­mented using Bit­coin, you are sure to find some­one com­plain­ing that you must not talk about Fight Club—how will that play in Peo­ria⸮ You will find quite a few, actu­al­ly, as much as one would expect Bit­coin to select for hard-core lib­er­tar­ian types9 or techies who have inter­nal­ized the ; indeed, the mod­er­a­tors of the Bit­coin forum have—in a crime against his­to­ry—deleted the early threads about SR, includ­ing the thread that saw SR announced. (I posted a short thread link­ing this page, and I give it about 25% odds of being moderated/deleted; a few hours lat­er, the thread had been delet­ed. I had dras­ti­cally under­es­ti­mated the cow­ardice of the forum mod­er­a­tors.)

This is a cer­tain dou­ble-bind and unfair­ness in such crit­i­cism. Would such crit­ics be con­grat­u­lat­ing me if this arti­cle turned out to help Bit­coin by dis­cussing and doc­u­ment­ing a demand dri­ver and impor­tant test-case? I sus­pect they would­n’t. Their argu­ment is unfal­si­fi­able and based more on their prej­u­dices than hard data.

To such peo­ple, my gen­eral reply is: what makes you think I want Bit­coin to suc­ceed? It’s inter­est­ing but that does­n’t mean I have drank the Kool-Aid. If SR cov­er­age hurt Bit­coin, I may not care.

And I would argue the con­trary: I believe SR cov­er­age helps Bit­coin. SR has not been harmed by its national cov­er­age; the num­ber of accounts and trans­ac­tions have all increased dra­mat­i­cal­ly, and SR’s admin has stated his sat­is­fac­tion with the new sta­tus quo on the SR forums and on Gawker, and said later that “Silk Road was never meant to be pri­vate and exclu­sive.” (2012-01-09, “State of the Road Address”); as has a co-founder of a British Bit­coin exchange.

Not that the SR admin ever sought secre­cy—he announced SR’s offi­cial open­ing on the Bit­coin forums! Pur­chases of Bit­coin notice­ably spiked after the Gawker arti­cle as already men­tioned, and one can­not buy that much pub­lic­i­ty. One might say of self­-cen­sor­ship that “C’est pire qu’un crime, c’est une faute.

And sup­pose SR cov­er­age did hurt Bit­coin even to the extent that it would be worth devot­ing one neu­ron to think­ing about it; I would pub­lish any­way because that would mean that the Bit­coin exper­i­ment has failed and must be ter­mi­nated imme­di­ately. If Bit­coin is not safe for the drug deal­ers, then it is not safe for any­one; if Bit­coin can be hurt by the truth, then it is already doomed—you can­not build on quick­sand, and Good game, chaps, let’s all meet back here when the next Satoshi Nakamoto fig­ures out how to patch the vul­ner­a­bil­i­ties.


But besides all that, how well does it work? No way to know but to go. So, let’s take a ‘brazen’ stroll down the SR.

SR’s 2 tech­ni­cal claims to fame are the exclu­sive use of Bit­coins for pay­ment, and access only through the , on which SR and the SR forum live as —both you and the server fun­nel your requests into a set of Tor nodes and you meet in the mid­dle. (This isn’t as slow as it might sound, and hid­den sites elim­i­nate the main secu­rity weak­ness of Tor: .) Tor itself is secure, but this does­n’t mean as much as one might think it means: while Tor itself is basi­cally the securest soft­ware you will ever use (or at least, it is far from the weak­est link in your chain), what always kills you is what you choose to com­mu­ni­cate over Tor: what you browser sends or does­n’t send, or the per­sonal details you put on your seller page or brag about on Tum­blr/Insta­gram with pic­tures/Venmo (mak­ing for easy arrests), or the mail­ing address you fool­ishly choose to send over it plain­text & unen­crypted (vul­ner­a­ble until the item ships) or the reveal­ing mes­sage (vul­ner­a­ble >2 months)10, or the pseu­do­nym you choose to con­fide in, etc. Tor is a tool which does one thing very well: keeps secret the com­mu­ni­ca­tion between your com­puter and some­one else’s com­put­er. It does noth­ing what­so­ever about any­thing that other com­puter may be able to fig­ure out or record about you or what you choose to send. The per­fectly secure enve­lope does lit­tle good if the per­son you’re mail­ing your con­fes­sion to is a police­man.

But as any kid­nap­per knows, you can com­mu­ni­cate your demands eas­ily enough, but how do you drop off the vic­tim and grab the suit­case of cash with­out being nabbed? This has been a severe secu­rity prob­lem for­ev­er. And bit­coins go a long way towards resolv­ing it. So the addi­tional secu­rity from use of Bit­coin is non­triv­ial. As it hap­pened, I already had some bit­coins. (Typ­i­cal­ly, one buys bit­coins on an exchange like Mt.­Gox, although the routes are always chang­ing, so see the Bit­coin wik­i’s buy­ing guide; the era of easy profitable ‘min­ing’ passed long ago.) Tor was a lit­tle more tricky, but on my Debian sys­tem, it required sim­ply fol­low­ing the offi­cial install guide: apt-get install the Tor and Polipo pro­grams, stick in the proper con­fig file, and then install the Tor­but­ton. Alter­nate­ly, one could use the Tor browser bun­dle which pack­ages up the Tor dae­mon, proxy, and a web browser all con­fig­ured to work togeth­er; I’ve never used it but I have heard it is con­ve­nient. Other options include entire OSes like Tails or Lib­erté Linux, which can be used on bootable Flash dri­ves. (I also usu­ally set my Tor instal­la­tion to be a Tor server/middleman as well—this gives me more anonymity, speeds up my con­nec­tions since the first hop/connection is unnec­es­sary, and helps the Tor net­work & com­mu­nity by donat­ing band­width.)

Silk Road

With Tor run­ning and the Tor­but­ton enabled in the browser (along with any ), we can eas­ily con­nect to SR; we sim­ply visit silkroadvb5piz3r.onion11. (New­bies to Tor might won­der why the gib­ber­ish address. The address is derived from the pub­lic key of the server, mak­ing it more diffi­cult for an attacker to pre­tend to be the real SR or do a .)

Upon con­nect­ing, you will see a bare log-in form:

2011 SR log-in form on the home­page

Alter­nate­ly, you might see an error page like the fol­low­ing; SR is occa­sion­ally down for main­te­nance & new fea­tures or tem­porar­ily over­loaded. Usu­ally wait­ing a minute is enough, and longer down­times are dis­cussed on the SR forums.

2011 server error exam­ple

Click on the join, and you will be taken to another page for reg­is­ter­ing your account, much like any other site. Invi­ta­tions are not cur­rently required, although to reg­is­ter a seller account is nei­ther easy nor cheap, see later sec­tions. (I sug­gest pick­ing a strong pass­word12. Learn from the Mt.­Gox fias­co.) With your new account, you can now log in and see what there is to see on the main page:

The front page, dis­play­ing ran­dom images of mer­chan­dise on offer, cat­e­gories of list­ings, and recent feed­back posted by buy­ers
At another time
And another time

Notice at the bot­tom, below the ran­dom selec­tions, is a sec­tion list­ing all the most recent reviews from buy­ers; feed­back from buy­ers, like on Ama­zon or eBay, is cru­cial to keep­ing the sys­tem hon­est:

Seller feed­back

The stim­u­lants cat­e­gory con­tains much what you’d expect:

2011 list­ing of stim­u­lants: Adder­all, 4-FA, metham­phet­a­mine, cocaine

Mov­ing on, we have the sec­tion for sell­ing forg­eries:

Forgery selec­tion


Well, you’ve browsed through the SR prop­er. You can also visit the offi­cial SR forums at dkn255hz262ypmii.onion. The dis­cus­sions are indis­pens­able tools for learn­ing about sell­ers and get­ting the lat­est rumors like indi­ca­tors of FE scams, but the forums are also where offi­cial rule changes to SR are announced by the SR admin­is­tra­tor.

We have win­dow-shopped long enough. It’s time to take the plunge and buy some­thing. Bit­coin devel­oper Jeff Garzik is quoted in the Gawker arti­cle as say­ing that “Attempt­ing major illicit trans­ac­tions with bit­coin, given exist­ing sta­tis­ti­cal analy­sis tech­niques deployed in the field by law enforce­ment, is pretty damned dumb.” For­tu­nately I do not plan ‘major’ trans­ac­tions, and in any case, I tend to sus­pect that said sta­tis­ti­cal tech­niques are overblown; a few aca­d­e­mics have pub­lished ini­tial inves­ti­ga­tions into trac­ing trans­ac­tions and exam­in­ing the larger Bit­coin econ­o­my, and have linked trans­ac­tions to indi­vid­u­als, but as of 2012 have only done so with addresses pub­licly linked to iden­ti­ties, and not bro­ken the anonymity of peo­ple try­ing to be anony­mous.

The pub­lic nature of trans­ac­tions means that can be gen­er­ated and ana­lyzed. But for­tu­nate­ly, it’s straight­for­ward to anonymize Bit­coin trans­ac­tions (mix­ing ser­vices13) by a method anal­o­gous to the Tor net­work we are rely­ing upon already: route the money through sev­eral inter­me­di­aries in sev­eral quan­ti­ties and recon­struct­ing the path back­wards becomes non­triv­ial.

My own method was to route 4 bit­coins through Mt.­Gox (this was before the hack­ing, a series of events which con­firmed my own res­o­lu­tion to keep a bal­ance at Mt.­Gox for as short a time as pos­si­ble; a ret­ro­spec­tive analy­sis of Bit­coin exchanges sug­gests that for every month you keep a bal­ance at an exchange, you run a ~1% chance of los­ing your mon­ey), then through MyBit­coin (which at the time was still con­sid­ered trust­wor­thy)14. This was straight­for­ward—sign up for a throw­away account:

MyBit­coin (de­funct) login page

Then deposit to the one-use address:

MyBit­coin deposit inter­face

A day or three lat­er, I am tired enough of the game to route my Bit­coins into the last set of anonymiz­ing mix­es, SR’s own coin­tum­bler. How do we do a deposit? We click on the link in the pro­file and see:

SR bit­coin deposit form inter­face

No big sur­prise there—it’s another one-time address which expired at noon, so there’s no time to shilly-shal­ly:

SR deposit instruc­tions: send bit­coins to this address etc

Once deposits have been made or pur­chases entered into, one’s pro­file page begins to look like this:

A record of deposits and with­drawals


After some brows­ing, I per­son­ally decided on an offer­ing of the nootropic . Safe, poten­tially use­ful, and not even espe­cially ille­gal. The price was right:

Bare-bones selegi­line list­ing

Should I buy it?

Evaluating sellers

Now, you will notice that for most sell­ers, there is no ‘(99)’ or ‘(100)’ after the sell­er’s name; for exam­ple, this ran­dom seller has no such indi­ca­tor:

seller pro­file page with pub­lic key

This is due to the sim­ple fact that when I joined, the post-Gawker rush had resulted in mem­ber­ship jump­ing from the high-hundreds/low-thousands range to north of 10,000 accounts, and while many trans­ac­tions had been entered into, the reviews and clo­sures of trans­ac­tions had only start­ed. So I was not too both­ered by the lack of feed­back on this seller pro­file. I also used the handy SR forums and found no bad men­tions of the sell­er. The user num­ber was not ter­ri­bly high, the descrip­tion was detailed enough that it looked like he took sell­ing seri­ous­ly, there are no bad reviews, they posted a pub­lic key, etc. So, I was will­ing to take a chance on him.

Both the seller and the exam­ple above had stan­dard -com­pli­ant posted (the long string of gib­ber­ish under that odd head­er—quite unmis­tak­able), which one will need to encrypt the per­sonal infor­ma­tion one sends the seller15. (It is a given on SR that sell­ers have pub­lic keys; any sell­ers who does not pro­vide pub­lic keys should be shunned no mat­ter how good they seem, and you instantly fail at secu­rity if you send the seller the address unen­crypt­ed. You are also mak­ing SR a big­ger tar­get by doing stuff in the clear, because the site is hold­ing more valu­able infor­ma­tion.) Pub­lic-key cryp­tog­ra­phy is an old and vital con­cept to under­stand, and there are a great many descrip­tions or intro­duc­tions online so I will not explain it fur­ther here.

I add it to my cart:

Selegi­line: shop­ping cart for­m—­fill in form and push the but­ton, if you dare

Notice the address field. Now, I could be a chump and put down my friend’s address in the clear. But what if SR itself is com­pro­mised? Right now, SR does­n’t have any­thing about me, but the address is a good start­ing place for find­ing me. So, I go to the sell­er’s pro­file, and like the exam­ple above, my seller has posted his pub­lic key. I want to encrypt the address against that pub­lic key. How?


There are a great many guides to GPG; the offi­cial GPG hand­book, the Ubuntu guide, Hein­lein’s “Quick Start”, the PGP Encryp­tion Video Tuto­r­ial, & /r/SilkRoad wiki work well enough. To sum­ma­rize what I did:

  1. I copy the pub­lic key into a text file named key.txt

  2. I tell GPG to mem­o­rize it: gpg --import key.txt

    GPG will spit out some out­put about how it now knows the pub­lic key of etc.

  3. I write down her address in a file, address.txt,

  4. and I encrypt it: gpg --recipient --encrypt address.txt --output address.gpg --armor

    Hope­fully the options make sense. (We need --armor to get an ASCII text encrypted file which we can copy­-and-paste into the shop­ping cart’s address form, rather than a smaller file of binary gib­ber­ish.) An exam­ple of doing this right:

Selegi­line shop­ping cart: with the encrypted address to send the selegi­line to

Now, one might won­der how one would post one’s own pub­lic key in case one asks ques­tions and would like the answers from the seller to be as encrypted as one’s address­es. It’s easy to make one with gpg --gen-key and then a gpg --armor --export USERNAME, but where to post it? It used to be that you could sim­ply push a but­ton in your pro­file to reg­is­ter as a seller and then fill your own pro­file field with the pub­lic key like any sell­er, and I did just that. But SR closed free seller accounts and required large up-front deposits, and has announced that they are being auc­tioned off. The jus­ti­fi­ca­tion for this is SR claims to have received an anony­mous threat to reg­is­ter many free seller accounts and sim­ply mail poi­soned pills out (which he alluded to ear­lier). Hope­fully buy­ers will soon be able to edit their pro­file, but until then, there is a thread on the SR forums devoted to buy­ers post­ing their pub­lic keys.

Now what?

Once you have sub­mit­ted the order, the ball is in the sell­er’s court. The order is listed in your shop­ping cart as ‘pro­cess­ing’:

And done

Your bal­ance also instantly decreases by the price, and if you look at your balance/transactions page, you will notice that that amount is listed as in escrow16. SR holds onto your Bit­coins until you final­ize17 the trans­ac­tion with a review—one of the pro­tec­tions for the buy­ers.

It’s worth not­ing that the buy­ers bear the real risk on SR. A seller can eas­ily anonymize them­selves and send pack­ages with­out diffi­cul­ty: sim­ply drive out of town to an obscure post office and mail it, leav­ing behind fuzzy sur­veil­lance record­ings, if even that18. Even using the —pho­tographs taken by the USPS of the exte­rior of all pack­ages mailed in the USA, data heav­ily exploited—data­base would not help because pre­sum­ably no gen­uine infor­ma­tion about the sender is recorded on pack­ages, although the USPS hid­den cam­era sur­veil­lance would. (The SR forums had a sub­fo­rum on ship­ping, as do the replace­ment forums.) A buy­er, on the other hand, must at some point be phys­i­cally present to con­sume the ordered drugs or items. There’s no way to cleanly sep­a­rate her­self from the ship­ment like the seller can. Ship­ping is so safe for the seller that many of them will, with­out com­plaint, ship world­wide or across national bor­ders because cus­toms so rarely stops drug ship­ments. For exam­ple, only 1 of my ship­ments of any sup­ple­ment or sub­stance I have ordered has been held for a sig­na­ture; the other few dozen have never been stopped or appar­ently looked at hard by a Cus­toms offi­cial. In the 2 SR orders’ cas­es, this turned out to be irrel­e­vant as both sell­ers were in-coun­try. Christin 2013 remarks with sur­prise on how freely sell­ers sell inter­na­tion­al­ly, but rightly looks to the min­i­mal risks sell­ers bear and incen­tive they have for broad mar­kets to explain this casual dis­re­gard. One of the corol­lar­ies of this shift of risks from the seller to the recip­i­ent is that a viable method of attack­ing some­one is to get their address and order, say, heroin for them off SR as hap­pened to secu­rity jour­nal­ist in July 2013 (Krebs enjoys another dubi­ous dis­tinc­tion: being a vic­tim of ). Sheep Mar­ket­place decided to shut down its gun offer­ings 2013-11-08 due to “actions under­taken by a par­tic­u­lar gun ven­dor where he threat­ened to kill a users fam­ily and began expos­ing addresses” (pos­si­bly “gun­san­dammo”).

I check in 1 day lat­er: the order still pro­cess­ing. Items appar­ently aren’t pub­lic once you’ve escrowed your dosh. 2 days lat­er: still pro­cess­ing. 3 days lat­er: can­celed! My Bit­coins are unlocked, of course, but I’m not keen on order­ing again right away. Need to browse more and look for deals. The can­cel­la­tion mes­sage is not very infor­ma­tive:

Order can­celed, funds refunded

Well sure, but why was it can­celed? I spec­u­late the seller decided he did­n’t want to send out­side the EU despite his list­ing claim­ing he would—per­haps ship­ping cost more than he had fac­tored into his price. (I checked back a few weeks lat­er, and the seller says he can­celed all orders and got a new pub­lic key because the Mt.­Gox exploits have made him para­noid. I can’t really fault him with that ratio­nale. I wish he had men­tioned it before, I would have cut him some slack.)

Try, try again

After some more brows­ing, I decide to go with either the cheap­est or the new post­ing, which men­tioned being Provig­il. (Here it was that I decided my order­ing risk is very small, for a vari­ety of rea­sons19, and to go for­ward with my inves­ti­ga­tion.) But is it real branded Provigil or just the usual Indian gener­ics? Also, the Adder­all seller has no pub­lic key list­ed! I take this oppor­tu­nity to mes­sage the two, ask­ing for more infor­ma­tion and to post a pub­lic key, respec­tive­ly.

Both have replied the next day; the Adder­all seller has put up his pub­lic key, and the modafinil seller clar­i­fies it’s Indi­an—but it does­n’t mat­ter since the item’s page has dis­ap­peared, indi­cat­ing some­one bought it already. Nat­u­ral­ly, I reply and then delete all mes­sages. One must assume that SR will be com­pro­mised at some point… But the Adder­all it is. The list­ing looks pretty good, and the price per pill is supe­rior to that I was quoted by one of my col­lege-age friends (less than 1/3 the price, although to be fair it was near­ing exams time) and also bet­ter than the Adder­all price quote in the New Yorker, $15 for 20mg:

Adder­all item list­ing

1 day after order­ing: still pro­cess­ing, and 2 days, ‘in tran­sit’:

Check­ing in on the Adder­all order: seller is still prepar­ing to send
And now the seller says he’s mailed it

Evaluating and reviewing

3rd day: still in tran­sit. 4th day: the pack­age arrived! I go over imme­di­ate­ly, and it’s this harm­less-look­ing lit­tle padded mail­er. One would not sus­pect it of any­thing nefar­i­ous, not with those cute stamps20:

Pack­age of Adder­all as received, before open­ing

The con­tents are as described, 10 blue Adder­all, in a dou­ble ziplock baggy (the vac­u­um-sealed bags are not needed for a drug this low on the impor­tance scale—there are no for Adder­al­l):

The Adder­all pills them­selves in plas­tic bags

While I have never used Adder­all before, the effects are notice­able enough that I am con­vinced after the first dose that they are gen­uine (I have con­tin­ued to exper­i­ment with them to some­what lesser effec­t). The very sharp-eyed will notice that these are the ‘generic’ Adder­all pills, but as it turns out, the generic Adder­all pills are man­u­fac­tured by the exact same phar­ma­corp as the branded Adder­al­l—the two prod­ucts are prob­a­bly a case of . Eco­nom­ics can be a coun­ter-in­tu­itive thing. I also ordered generic with sim­i­lar steps since the armodafinil was notice­ably cheaper than the reg­u­lar Indian generic modafinil:

4 of the pills are left after I tested the first one overnight.

They work fine (I have begun exper­i­ment­ing with them), and I leave the seller a nice review. My third order pro­ceeds as straight­for­wardly as the sec­ond order, and results in an even bet­ter pack­aged ship­ment of prod­uct that seems to be gen­uine as far as I can tell. Heed­ful of the risks and prob­a­bil­i­ties, I leave another nice review; the review form (reached when you click the ‘final­ize’ link) is as straight­for­ward as the rest of the process:

The feed­back form, after a suc­cess­ful order

Feed­back is an impor­tant part of the process. I was sur­prised to revisit one of my sell­er’s page when 3 or 4 of his trans­ac­tions has caused him to go from no reviews to 4 pos­i­tive reviews, and see that his prices had increased a good 30 or 40%. Appar­ently he had been sell­ing at a con­sid­er­able dis­count to drum up reviews. This sug­gests to me, at least, that exist­ing SR users are a bit too chary of new sell­ers.

Another trans­ac­tion; 10x100mg Modalert ordered from an Eng­lish sell­er, arrived in larger than one would expect pack­ag­ing (which con­tained a pretty nifty way to hide a ship­ment, but I will omit those detail­s):

The Modalert pack­age as received

The Modalert was what one would expect:

Foil pack­ag­ing, front
Foil pack­ag­ing, back

A final exam­ple: I search for modafinil:

Search results for the query ‘modafinil’

I finally decide to order 80x150mg armodafinil from a French seller (not so cheap as before):

Cart report

2 weeks lat­er, it arrived in heav­ily folded paper inside this envelope:

a mes­sage from France

Con­tain­ing the agreed-upon pur­chase:

the booty

LSD case study

With Adder­all & modafinil, the seller choices were restricted enough and scams rare enough that I did not need to think hard about the process. When I became inter­ested in run­ning my , I looked at the LSD sell­ers, and this ease van­ished; scam­mers were an acknowl­edged plague, and there was a bewil­der­ing array of options:

The first page of LSD list­ings on SR in Sep­tem­ber 2012

Where does one start? I decided to turn my shop­ping frus­tra­tions into a case study of a sys­tem­atic approach to eval­u­at­ing the avail­able infor­ma­tion (but mostly an excuse to col­lect some unusual data and apply some sta­tis­ti­cal rea­son­ing).

Seller table

Back­ground read­ing: “Offi­cial dis­cus­sion thread of cur­rent LSD ven­dors”, “The Avengers LSD Ven­dors Review”, & “Col­lec­tive Acid Data­base”.

This table of blot­ter list­ings <₿12 which ship to USA was com­piled 2012-09-03 from SR search results for “LSD. Note that the table is now entirely obso­lete, but I believe the over­all appear­ance is rep­re­sen­ta­tive of the SR LSD mar­ket­place.

List­ing # μg S&H μg/ Tran­sit User Age (days) FE Feed­back Weighted μg/ Threads LSD reviews Forum hits
Matrix™ 5 250 11.67 1.75 93 inter­na­tional EnterThe­Ma­trix 360 yes? 300(98.7%) 9021 EnterThe­Ma­trix reviews many many
Alice in Won­der­land 5 120 6.99 0.42 81 inter­na­tional aakoven 360 no?22 300(93.7%) 74 aakoven reviews >6 18023
Hoff­man Now 2 110 2.96 0.34 7024 inter­na­tional Pre­mi­um­Dutch 360 yes 300(97.3%) 67 N/A 2 6025
5LSD Blot­ter 5 200 7.45 0.58 125 inter­na­tional juer­gen2001 360 yes 300(95.1%) 115 juer­gen2001 reviews >18 90
Trip 5 150 8.02 0 94 domes­tic lonely kamel 120 no 173(93.4%) 84 LK 1 LK 2 0 2027
2 pcs Maya 2 250 4.12 1.42 104 inter­na­tional Vita­Cat 120 no? 300(99.9%) 103 Vita­Cat reviews many many28
5 pcs Maya 5 250 10.21 1.42 107 inter­na­tional Vita­Cat 120 no? 300(99.9%) 106 Vita­Cat reviews many many
Pre­mium LSD tabs 5 ? 6.99 0 72 domes­tic No FE ever 60 no 68(99.1%) 67 NFE 1, NFE 2 2 2229
Mayan 1 1 125 0.83 0.32 143 inter­na­tional nip­ple­suck­canuck 60 yes? 127(97.6%) 134 nip­ple­suck­canuck reviews ? 11
Mayan 2 10 125 7.19 0.49 163 inter­na­tional nip­ple­suck­canuck 60 yes? 127(97.6%) 153 nip­ple­suck­canuck reviews 3 11
Shiva 2 100 2.18 0.18 85 domes­tic graffen­burg 30 no 76(100%) 82 N/A 0 930
Hoff­mann bike rides 5 150 7.53 0 100 inter­na­tional Machine Maid 30 no 10(100%) 74 N/A 0 1
3Jane Lat­est 5 100 7.36 0.59 63 domes­tic Molly Want a Cracker 24 no 28(100%) 57 Molly reviews 0 9
Bee­tles Stamps 5 150 4.28 0 175 domes­tic USAReshipper 10 no 0(?%) 88 N/A 0 331
5 strip Real Love 5 150? 6.41 0.29 112 domes­tic Lady­lucy 4 ? 0(?%) 56 Lady­lucy reviews 0 3
Koi Fish 1 250 2.51 0.6 80 inter­na­tional acid­dot­com 7 yes 0(0%) 40 N/A 0 0

An anony­mous email pro­vided me in Novem­ber 2012 with a cat­a­logue from a Dutch bulk seller who sells LSD (among other things); their listed prices serve as a use­ful com­par­ison:

Blot­ter brand Dose (μg) Unit-count unit-price (€) min. total cost (€) min. μg/
Fat & Fred­dy’s 200-250 100-1000 4.75 475 42.1
Fat & Fred­dy’s 200-250 2000-4000 4.25 8500 47
Fat & Fred­dy’s 200-250 5000-9000 3.90 19500 51.3
Fat & Fred­dy’s 200-250 10000+ “nego­tiable” ? ?
Gane­sha 100-120 100-1000 2.50 250 40
Gane­sha 100-120 2000-4000 2.25 4500 44.4
Gane­sha 100-120 5000-9000 1.70 8500 58.8
Gane­sha 100-120 10000+ “nego­tiable” ? ?
Hof­mann bicy­cle man 100-120 100-1000 2.50 250 40
Hof­mann bicy­cle man 100-120 2000-4000 2.25 4500 44.4
Hof­mann bicy­cle man 100-120 5000-9000 1.70 8500 58.8
Hof­mann bicy­cle man 100-120 10000+ “nego­tiable” ? ?

To con­vert ₿ to € (as of 2012-09-03), we mul­ti­ply by 8.3. So for com­par­ison, the top Dutch blot­ter was 58.8μg/€, and the top unweighted SR blot­ter was 163μg/₿; in €, the SR becomes 163μg/8.3₿ or 19.64μg/€, indi­cat­ing that a small SR pur­chase with S&H will have a unit-price 3x of a large Dutch pur­chase minus S&H.

A fac­tor of 3 seems pretty rea­son­able, given the very large markups along the LSD sup­ply-chain. 2003 trial tes­ti­mony32 for the Amer­i­can LSD chemist stated that his whole­sale cus­tomers paid him ~$0.3 per 100μg, or (as of 2012-09-03) 0.0286₿ per 100μg, or 3497μg/₿. (A stark con­trast to 163μg/₿!)


Some gen­eral obser­va­tions on this table of a sub­set of LSD sell­ers:

  1. There’s a strik­ing num­ber of new sell­ers: list­ings from ‘young’ accounts (<=2 months old) make up more than half the table. I’ve seen many com­plaints about a lack of US sell­ers but it seems the mar­ket is respond­ing.

  2. There are dis­may­ingly few LSD reviews on the forums for any seller except EnterThe­Ma­trix; this seems to be par­tially due to the pres­ence of many sell­ers not spe­cial­iz­ing in LSD.

  3. Long-term feed­back below 95% is a warn­ing sign. Of the 3 ‘old’ sell­ers with ~95% or less feed­back (aakoven, juer­gen2001, & lonely kamel), all 3 have plenty of bad feed­back on the forums. If it were just one that had both bad feed­back and bad forum com­ments, it might be some sort of astro­turfing or ‘hat­ing’ (as aakoven pre-emp­tively accuses his bad feed­back rat­ing), but when all 3 have both bad forums and feed­back rat­ings? Makes one won­der… Nor is that the ‘cost of doing busi­ness’ for very old seller accounts, since we see that the sim­i­larly old EnterThe­Ma­trix33 & Pre­mi­um­Dutch rat­ings are solidly bet­ter.

    Since their μg/₿ are not stel­lar (save juer­gen2001’s), it’s not clear why any­one would buy from them.

  4. Some of the new sell­ers seem to have a lot of feed­back (eg. No FE ever or nip­ple­suck­canuck), but look­ing at their feed­back, we see a great deal of early final­iza­tion! This ren­ders them pretty sus­pect. And of course, the 3 youngest sell­ers have no feed­back at all. This is a prob­lem because scam­mers are a seri­ous prob­lem with LSD sell­ers; a quick read of forum threads lists 5 scam­mers over the past 3 months: Kat, Gar, Bloom­ing­col­or, Frac­taldelic, & DiMen­sion­al­Trav­el­er.

  5. The range of μg/₿ is inter­est­ing: a full order of mag­ni­tude is rep­re­sent­ed, from the low of 63μg/₿ to 175μg/₿.

    Per­haps sur­pris­ing­ly, this range does­n’t go away when I try to adjust for risk based on reviews: now the full range is 40μg/₿ (acid­dot­com) to 153μg/₿ (nip­ple­suck­canuck).



In my I dis­cussed some basic sta­tis­ti­cal tech­niques for opti­miz­ing orders under uncer­tain­ty: one-shot order­ing, repeated order­ing with free learn­ing, & repeated order­ing with expen­sive learn­ing.

In this case, it’s a sin­gle order, so one-short order­ing it is. One-shot order­ing sim­ply coun­sels order­ing from a mix of the cheap­est and the safest sell­er—what max­i­mizes one’s (EV), which is just . The reward is easy: total dose divided by total cost. The risk is hard­er: the sell­ers do not con­ve­niently vol­un­teer how likely you are to be scammed.

The obvi­ous way to quan­tify risk is to just take the feed­back at face-val­ue: a 97% rat­ing says I am tak­ing a 3% chance I will be screwed over. Mul­ti­ply that by the reward, sort to find the largest EV, and we’re done.

An objec­tion: “Are you seri­ously say­ing that a seller with 1 bad review out of 100 is equally trust­wor­thy as a seller with 3 bad reviews out of 300, and that both of them are less trust­wor­thy than a ven­dor with 0 bad reviews out of 10?” It does seem intu­itive that the 300 guy’s 99% is more reli­able than the 100 guy’s 99%; the 10 guy may have a per­fect 100% now, but could eas­ily wind up with some­thing much lower after he’s sold 100 or 300 things, and we would rather not be one of the buy­ers who causes those shifts down­ward.

So. Sup­pose we pre­tended reviews were like polling or sur­veys which are draw­ing votes from a pop­u­la­tion with an unknown num­ber of bad apples. We could call it a draw from a . We’re not inter­ested in the opti­mistic ques­tion of “how good could these sell­ers turn out to be?”, but rather we are inter­ested in find­ing out how bad these sell­ers might truly be. What’s the worst plau­si­ble ven­dor future rat­ing given their exist­ing rat­ings? We can ask for a and look at the lower bound. (Lower bounds remind us no ven­dor is 100% trust­wor­thy, and indeed, pace the , the higher their rat­ing the greater their incen­tive to require FEs and dis­ap­pear with one last giant haul; the actual SR feed­back sys­tem seems to use some sort of weighted aver­age.) This gives us the pes­simistic per­cent­age of feed­back which we can then inter­pret as the risk that we will be one of those bad feed­backs, and then we can finally do the sim­ple expect­ed-value cal­cu­la­tion of “μg/₿ times prob­a­bil­ity of being happy”. What are the results? The num­bers were cal­cu­lated as fol­lows:

# Frequentist analysis:
y <- function(ugbtc,n,pct) {((binom.test(round((pct/100)*n),n,conf.level=0.90))$ * ugbtc}
# Binomial CI doesn't work on 0 data; what do we do? Punt with the age-old 50%/coin-flip/equal-indifference
# Why 90% CIs? Fake feedback skews the stats up and down, so we might as well get narrower intervals...
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
    y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143 127,97.6), y(163,127,97.6), 175*0.5)
 [1]  56.60766  66.66799  67.11326  45.00000  73.58456  81.71468  90.18671
 [8]  84.31314  74.11344  56.00000 115.50641 134.43170 153.23333  87.50000

# Question: what if we use a Bayesian Jeffreys interval?
y <- function(ugbtc,n,percent) {binomCI(x=round((percent/100)*n),n=n,conf.level=0.90,
                                method ="jeffreys")$CI:1 * ugbtc }
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
     y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143,127,97.6), y(163,127,97.6), 175*0.5)
 [1]  58.85933  66.81522  67.96488  45.00000  73.74114  82.88563  90.39917
 [8]  84.64024  82.92269  56.00000 115.75319 135.22059 154.13256  87.50000
# Answer: it's almost identical.

# If Bayesian and frequentist methods differed much, one would be wrong and no one would use it!
# let's look in further, how *exactly* do the ug/₿ ratings differ?
binom <- c(56.60766, 66.66799, 67.11326, 45.00000, 73.58456, 81.71468, 90.18671, 84.31314, 74.11344,
                       56.00000, 115.50641, 134.43170, 153.23333, 87.50000)
jeffreys <- c(58.85933, 66.81522, 67.96488, 45.00000, 73.74114, 82.88563, 90.39917, 84.64024,
                82.92269, 56.00000, 115.75319, 135.22059, 154.13256, 87.50000)
mapply(function(x,y) round((x-y)/y * 100,digits=2), binom, jeffreys)
#  [1]  -3.83  -0.22  -1.25   0.00  -0.21  -1.41  -0.24  -0.39 -10.62   0.00
# [11]  -0.21  -0.58  -0.58   0.00
## in 1 case, for Machine Maid, the ug/₿ estimates differ by 10.62%, which is interesting

(This demon­strates, inci­den­tal­ly, that feed­back rat­ings don’t start yield­ing very high assur­ance until a sur­pris­ingly large num­ber of reviews have been made.)

Now we have risk fac­tored in from just the quan­ti­ta­tive data of the feed­back amount & per­cent­age. But we must be more sub­jec­tive with the other fac­tors.


We have to look at more qual­i­ta­tive infor­ma­tion and start com­par­ing & rank­ing pos­si­bil­i­ties. There are a few cri­te­ria that one should val­ue; in roughly descend­ing order of impor­tance:

  1. old > new
  2. high weighted-μg/
  3. many reviews on SR & forums
  4. no FE > FE
  5. domes­tic > inter­na­tional
  6. has feed­back thread

For a first cut, we look at all items meet­ing #2, where a good cut off seems to be weighted-μg/₿>90; this is just EnterThe­Ma­trix, juer­gen2001, Vita­Cat, and nip­ple­suck­canuck. A sec­ond cut is #1, which deletes nip­ple­suck­canuck for being too new. #3 is use­less, but #4 is help­ful: we can scrap juer­gen2001 for requir­ing FE; #5 is now use­less as both are inter­na­tion­al, as is #6 since both have feed­back threads.

So we’re down to Vita­Cat and EnterThe­Ma­trix. On most of the listed met­rics, they are about equal—En­terThe­Ma­trix seems to have an edge in feed­back due to greater vol­ume, but it’s hard to say for sure. Going with Vita­Cat promises to save a lit­tle bit of money since his weighted-μg/₿ is ~10 greater. So our analy­sis winds up with the con­clu­sion of order­ing from Vita­Cat, who has a rea­son­able-look­ing pro­file:

Home­page of the Vita­Cat LSD seller on Silk Road

And whose Maya list­ing looks per­fectly accept­able:

Vita­Cat’s 250μg LSD blot­ter list­ing


Was this the right choice? I have no idea. The best I can say is that check­ing the SR forums in Decem­ber 2012, by which time any Sep­tem­ber order would have been deliv­ered or not, there were no reports of that seller being a scam­mer or hav­ing engaged in a rip-and-run, while some of the low­er-ranked sell­ers seem to have dis­ap­peared.

I bought the 2-dose item since I could­n’t afford the 5-dose one. (It would’ve been use­ful but I was­n’t sure I wanted to sink in that much mon­ey, 2 doses should suffice, and it was highly likely that he would sell out before I had con­verted any more money into Bit­coin—as indeed he did sell out.) So instead I paid extra for track­ing. Order­ing was like any other SR order; I filled out the cart:

SR1 cart show­ing my order from Vita­Cat

Was able to check the details to make sure every­thing was right:

Order details

Waited impa­tiently while it was pro­cess­ing to see if he would accept my over­seas order:

Order sta­tus page show­ing order has been marked as ‘pro­cess­ing’

And when he did, sat back and wait­ed:

Order sta­tus page: in tran­sit

It came with­out any issue:

Pho­to­graph of enve­lope con­tain­ing my LSD order from SR1’s Vita­Cat


Because it’s just paper imbued with a tiny dose of the chem­i­cal, it’s easy to mail LSD around with­out issue. If any­thing, the pack­ag­ing was a bit too clev­er, mas­querad­ing as ordi­nary busi­ness mail with a coupon:

Decoy let­ter

The attached “coupon” or 2 tabs (in a sealed plas­tic coat­ing, so the frag­ile LSD does­n’t degrade) was smaller than I had expect­ed:

2 250μg doses of LSD on “Mayan” blot­ter paper, shipped from Ger­many in a sealed plas­tic sheet

VoI: Ehrlich test

We have one last ques­tion about order­ing: should we buy an “Ehrlich test”?

An is a rea­gant for , a cat­e­gory which includes psy­che­delics like LSD & psilo­cy­bin. As such, it can be used as a kind of qual­ity check. How­ev­er, while any LSD prod­uct will prob­a­bly trig­ger a pos­i­tive, so will other chem­i­cals; and the test itself may sim­ply be wrong.

Is an Ehrlich test worth buy­ing? This sounds like a clas­sic Value of Infor­ma­tion prob­lem.

The only SR list­ing for an Ehrlich test is a Synap­tic list­ing (a seller who I have already crit­i­cized for shoddy secu­rity prac­tice) which both costs >$40 and has a highly neg­a­tive review! Googling on the open web leads quickly to eztestk­its sell­ing for £4.99, which with S&H is prob­a­bly $10-15, and Avalon Magic Plants for a sim­i­lar price. Synap­tic’s list­ing is clearly a fool’s buy (and I heard later he was banned), but the lat­ter two may not be.

The fun­da­men­tal ques­tion of a VoI analy­sis is: how would this infor­ma­tion change your actions? If the test being pos­i­tive rather than neg­a­tive would not lead you to do any­thing differ­ent­ly, then the infor­ma­tion has no (di­rect) val­ue.

This leads to a quick answer: if I tested a Vita­Cat dose (de­stroy­ing >$20 of LSD) and it was neg­a­tive, would I throw the rest out? No. I would be too curi­ous, and I would have spent too much to tran­quilly chuck it based on one test which I do not trust as com­pared against a very rep­utable sell­er. (I would be too curi­ous since I do not plan to order again.) There­fore, the VoI is zero; and a value of zero does not jus­tify spend­ing the money on buy­ing a kit and wast­ing LSD and time. I would just find out the hard way.


There is no proof of all of the above—any­thing here could have been faked with Pho­to­shop or sim­ply reused (per­haps I have a legit­i­mate Adder­all pre­scrip­tion). Take it for what it is and see whether it con­vinces you: argu­ment screens off author­ity.

But look­ing back, I have been lucky: from read­ing the forums, it’s clear that there are scam­mers on SR34, and ship­ments do get lost in the mail or seized or oth­er­wise not deliv­ered. (I do not expect any legal prob­lems; law enforce­ment always go after the sell­ers, to achieve max­i­mum impact, and SR presents both tech­ni­cal and juris­dic­tional prob­lems for law enforce­men­t.) This is inher­ent to the idea of an anony­mous mar­ket­place, but the sys­tem worked for me. SR describes it well in one of his mes­sages:

Things are going really well here. There are many new buy­ers and sell­ers work­ing well togeth­er, our servers are secure and hum­ming along, and you may even start to feel com­fort­able. DO NOT get com­fort­able! This is not wal-mart, or even ama­zon.­com. It is the wild west and there are as many crooks as there are hon­est busi­ness­men and women. Keep your guard up and be safe, even para­noid. If you buy from some­one with­out rep­u­ta­tion, get to know them really well through pm, and even then be sus­pi­cious. Unfor­tu­nately it only takes one bad apple to spoil the bunch, and there are bad apples out there.

On SR, there are lions and tigers and pigs oh my, but: alea iacta est! Like Bit­coin, SR may live another few months, or another few years, but will it? Like using SR, there’s no way to know but to go.

Future Developments

So, we have seen that Bit­coin sat­is­fies an old dilemma bedev­il­ing the early cypher­punks; and we have cov­ered how SR fol­lows rec­om­mended design prin­ci­ples in achiev­ing their dream of self­-en­forc­ing mar­ket­places, and then went through a lengthy exam­ple of how buy­ers can ratio­nally order and thereby con­tribute to the nec­es­sary dynam­ics.

The drug mar­ket has grown and thrived beyond all expec­ta­tions, despite an extra­or­di­nary—per­haps unprece­dent­ed—level of media cov­er­age and trans­parency of oper­a­tion. By its mere exis­tence, it lays bare the uni­ver­sal­ity of illicit drug use; by its sales vol­ume, it pro­vides a bench­mark for under­stand­ing what esti­mates of the global black mar­ket really mean: if the SR has turnover of $20m a year and the black mar­ket turn over closer to $100b a year, then the lat­ter is equiv­a­lent to 5000 SRs. By its use of pub­lic tech­nol­ogy (even imma­ture & hard to use tech­nolo­gies) and ordi­nary postal ser­vices, it demon­strates the infea­si­bil­ity of the long-s­tand­ing War on Drugs; and by tam­ing drug use, turn­ing it from a vio­lence-prone seamy affair to a smooth com­mer­cial trans­ac­tion, it sug­gests that there is no neces­sity for the War on Drugs.

What is next?

No one fore­saw Bit­coin in 2008; and the suc­cess of SR in 2011 took many by sur­prise (in­clud­ing the author) who had assumed that it would quickly be shut down by law enforce­ment, fall vic­tim to hack­ers seek­ing a lucra­tive pay­day, or at best devolve into a lemon mar­ket with a few over­priced goods. All three of these pos­si­bil­i­ties still exist; lengthy SR down­time in Novem­ber 2012 fueled spec­u­la­tion that law enforce­ment had finally found a viable attack or that SR was suffer­ing a (DoS) attack. SR’s admin­is­tra­tor stated the down­time was due to “record” num­bers of users; but if large num­bers of legit­i­mate users can acci­den­tally take down the site, clearly a ful­l-fledged DoS attack is fea­si­ble. A real DoS attack by a sin­gle attacker in April 2013 degraded access for a week and essen­tially blocked all access for ~2 days, prompt­ing SR to sus­pend its com­mis­sions for sev­eral days to encour­age pur­chas­es.

But sup­pos­ing that SR con­tin­ues to have an annual turnover of mil­lions of dol­lars of drugs and other goods? Two strik­ing pos­si­bil­i­ties come to mind.

  1. the next devel­op­ment may be “infor­ma­tion mar­kets”: dark­net mar­kets for leaked data, whistle­blow­ers, cor­po­rate espi­onage, per­sonal infor­ma­tion such as credit card num­bers, etc. Exist­ing “card­ing forums” may be a mar­ket niche to usurp, as they have had prob­lems with law enforce­ment infil­tra­tion and would ben­e­fit from increased secu­ri­ty. Sim­i­lar­ly, Wik­iLeaks has report­edly tried to auc­tion off access to doc­u­ments in its pos­ses­sion, and while the auc­tions appar­ently failed, this may be due to defec­tions and severe inter­nal tur­moil and not flaws in the fun­da­men­tal idea.

  2. The most extreme cypher­punk pro­posal was con­cepts pub­lished the 1997 essay “Assas­si­na­tion Pol­i­tics”: a in which par­tic­i­pants lay bets on when the exact day a par­tic­u­lar per­son will die; when the total bets become large enough, they func­tion as a bounty on that per­son­—i­nas­much as a would-be hit man knows when the per­son will die and can profit hand­some­ly. Assas­si­na­tion mar­kets were to be a weapon against gov­ern­ment oppres­sion, but such mar­kets could be used against any non-anony­mous but pow­er­ful humans.

    This would seem to be much less plau­si­ble than either a drug mar­ket or an infor­ma­tion mar­ket: both drug & infor­ma­tion dark­net mar­kets are mar­kets which exist offline and online already, with ille­gal drugs rep­re­sent­ing a global mar­ket best mea­sured in hun­dreds of bil­lions of dol­lars of turnover (against the SR’s mil­lions) with scores of mil­lions of drug users world­wide, so cypher­punk-style imple­men­ta­tions are in a cer­tain sense just ‘busi­ness as usual’ with a very large cus­tomer base eager to par­tic­i­pate and moral respectabil­ity to salve the con­science. Demand for hit men, on the other hand, is rare out­side orga­nized crime and gov­ern­ments, diffi­cult for any ordi­nary per­son to jus­tify the use of, and usu­ally con­fined to par­tic­u­lar regions such as Mex­ico or Afghanistan. Fur­ther, a large drug deliv­ery facil­i­tated via SR will usu­ally go unno­ticed by the world as the recip­i­ent has no incen­tive to reveal it; a ‘large’ assas­si­na­tion, on the other hand, will be global news and may trig­ger a back­lash large enough to take down the site, or in gen­eral degrade Tor & Bit­coin to the point where they can­not sup­port large enough boun­ties on any indi­vid­ual to mat­ter.

    In July 2013, claim­ing to be inspired by Silk Road, the pseu­do­ny­mous pro­gram­mer “Kuwa­batake San­juro” () set up what he claimed to be the first func­tion­ing assas­si­na­tion mar­ket at assmkedzgorodn7o.onion (2013-11-21 mir­ror) named sim­ply “Assas­si­na­tion Mar­ket”; he pub­li­cized it in Novem­ber 2013 with an inter­view with Forbes. The obvi­ous inter­pre­ta­tion is that it is a scam: while it pro­vides pub­lic Bit­coin addresses allow­ing ver­i­fi­ca­tion that ~₿150 are at those address­es, and its pro­to­col should allow a par­tic­i­pant to prove that they were not paid, none of the tar­gets are likely to die for years, if not decades, at which point San­juro can sim­ply steal all the bit­coins trusted to him—it does­n’t mat­ter if par­tic­i­pants can then prove they were not paid and Assas­si­na­tion Mar­ket was a scam, because he would have made off with more than enough to jus­tify the total effort of writ­ing & run­ning Assas­si­na­tion Mar­ket.

    This raises an inter­est­ing obser­va­tion: a drug DNM can boot­strap from noth­ing through users risk­ing rel­a­tively low-cost trans­ac­tions like buy­ing $50 of a drug to test the mar­ket out, and Silk Road did just this (with Ulbricht report­edly grow­ing mush­rooms to sell at the start); but how does an assas­si­na­tion mar­ket boot­strap? Mur­ders come in dis­crete units: some­one is either dead or not. Even if AM is for real and there is a mar­ket out there for it and it would not be destroyed by any back­lash, assas­si­na­tion mar­kets may turn out to be impos­si­ble because there is no way to incre­men­tally build up trust between its “buy­ers” and “sell­ers”. This boot­strap prob­lem seems like a fatal issue, but there are other prob­lems with attempt­ing to build an assas­si­na­tion mar­ket on top of or other dis­trib­uted pre­dic­tion mar­ket pro­pos­als.

    The ‘host’ pre­dic­tion mar­ket has strong incen­tive to cen­sor or boy­cott assas­si­na­tion mar­ket con­tracts because the first seri­ous suc­cess­ful use could eas­ily trig­ger gov­ern­ment coun­ter-at­tacks in the hun­dreds of mil­lions or bil­lions of dol­lars on it (imag­ine the reac­tion if a head of state of a G-8 coun­try was assas­si­nat­ed, given the level of EU reac­tions to some used gun sales on the DNMs…). Such com­mu­nity norms could be eas­ily imple­mented as a rule that con­tracts involv­ing any con­tin­gency on death (eg con­tracts on whether a pres­i­dent will fin­ish their term are, in gen­er­al, a legit­i­mate top­ic) sim­ply can­not be more tem­po­rally pre­cise than 1 year, reduc­ing the lever­age avail­able to an assas­sin. Blockchains may be hard to cen­sor, but they are far from invul­ner­a­ble, espe­cially given their small sizes in 2016. The assas­si­na­tion mar­ket can be effec­tively shut down by a major­ity of pre­dic­tion mar­ket users sim­ply vot­ing the oppo­site of the truth in any con­tract that seems like it might be incen­tiviz­ing assas­si­na­tions, deter­ring would-be assas­sins. Even if the blockchain is not able to be cen­sored or DoSed, the assas­si­na­tion mar­ket boot­strap is some­how solved, and it begins oper­a­tion, a pre­dic­tion mar­ket is inher­ently based on pub­lic infor­ma­tion and can be spoofed by tar­gets fak­ing their own deaths upon observ­ing spikes in mar­kets on them or spoofed by gov­ern­ments who can sim­ply say a tar­get was killed on the wrong day, wait for all the funds to pay­out to the wrong pre­dic­tors, and then announce that the per­son is in fact alive—in­deed, should such mar­kets become highly active, this becomes a lucra­tively self­-fund­ing wit­ness pro­tec­tion pro­gram. (Such a strat­egy also works for actual assas­si­na­tions: offi­cially announce the death hap­pened a day or two lat­er; the pre­dic­tion mar­ket has no rea­son to try to ques­tion the offi­cial death date, but the assas­sins must now spread bets across an increas­ing num­ber of days to get any pay­men­t.)

    Over­all, I am skep­ti­cal San­juro’s “Assas­si­na­tion Mar­ket” will last very long, and I cer­tainly don’t expect any of the tar­gets to be assas­si­nat­ed.

Regard­less, 2 key pieces of cypher­punk tech­nol­ogy are now in place and already enabling remark­able new sys­tems. Both researchers and dig­i­tal entre­pre­neurs may ben­e­fit from tak­ing a look back at some for­got­ten pio­neers and re-e­val­u­at­ing their pro­pos­als in the light of recent suc­cess­es.



“If you’re gonna play the game, boy, ya gotta learn to play it right: / You got to know when to hold ’em, know when to fold ’em, / Know when to walk away—­know when to run.”

Don Schlitz,

Watch­ing the fall of Atlantis, SR, and BMR, I have derived some basic rec­om­men­da­tions for future dark­net mar­ket oper­a­tors (which I do not expect to be pop­u­lar among them because it’s addi­tional work & some rec­om­men­da­tions reduce their poten­tial profits or abil­ity to scam user­s):

  1. data reten­tion poli­cies should be as aggres­sive as fea­si­ble. Data should be deleted the moment it is not nec­es­sary. Avoid unnec­es­sary pre­ci­sion; for exam­ple, there is no need to keep track of how many orders a seller has car­ried out beyond, say, 300. Pri­vate mes­sages should be auto­mat­i­cally deleted after weeks, not months. And so on.

  2. use of PGP encryp­tion should be manda­to­ry. One good way is to have the site ver­ify that all address sub­mis­sions and pri­vate mes­sages are PGP mes­sages and reject unen­crypted mes­sages. This will annoy buy­ers & sell­ers, but this is for their own good. (The lib­er­tar­i­ans may com­plain that they should be free to be lazy & endan­ger them­selves, but this is bull­shit which ignores the neg­a­tive exter­nal­i­ties of not using PGP: it dam­ages .)

    It may also be a good idea to require sell­ers to rotate their PGP key every so often, as a par­tial way to attain . (They would post the new pub­lic key signed by the old pub­lic key, and then hope­fully delete the old secret key.)

  3. the DNM oper­a­tors should spec­ify in advance how long they will run the site, at what level of com­mis­sions they will cash out, and pre­com­mit to shut­ting down the site or hand­ing it over to a new oper­a­tor when­ever either con­di­tion comes to pass. This enforces com­part­men­tal­iza­tion, impedes any ongo­ing inves­ti­ga­tions or later infor­ma­tion leaks, and the oper­a­tor avoids com­mit­ting and —where they never stop oper­at­ing the site, and just keep run­ning it until they are finally arrest­ed. If Ross Ulbricht had passed SR on as he claimed in the Forbes inter­view, say after he made his first ₿111k, it is likely that SR would not have been busted as soon as it was, he may never have been arrested because he could not be irrefutably tied to oper­at­ing the site, and he would have had a chance to enjoy his for­tune. An old proverb comes to mind:

    If you must play, decide on three things at the start: the rules of the game, the stakes, and the quit­ting time.

  4. a num­ber of post-SR1 buyer & seller busts seem to be tied to the sell­ers keep­ing copies of the buy­ers’ addresses & infor­ma­tion in unen­crypted PMs. There is noth­ing a site oper­a­tor can do directly about this prob­lem, as they can­not know what goes on in the sell­er’s com­put­er, but they can at least insti­tute a clear “death penalty” for any seller who reveals a buy­er’s address, threat­ens to reveal it, or claims to reveal it. The site oper­a­tors of SR and BMR declined to sanc­tion their sell­ers who did this (eg. MMM/Moramoru on BMR), and thereby simul­ta­ne­ously put all buy­ers at risk and incen­tivized police raids on sell­ers (there is spec­u­la­tion that the SR seller Plu­topete, who sold legal prod­ucts, was tar­geted because they hoped to seize buyer addresses from him).

    This does not con­flict with the manda­tory use of PGP encryp­tion, as if a buyer claims a seller threat­ened him in a PGP-encrypted mes­sage, the site oper­a­tor can demand the secret key from the buy­er—s­ince they’re mak­ing the claim, the onus is on them, after all—and decrypt the stored copy of the sell­er’s mes­sage to the buy­er.35 If the buy­er’s claims are true, the seller is imme­di­ately banned and their Bit­coin bal­ance con­fis­cat­ed; while if the buyer lied, they are banned instead. To incen­tivize rev­e­la­tion of the sell­ers’ mis­be­hav­ior, the site oper­a­tor can offer as a bounty to buy­ers what­ever Bit­coin bal­ance the seller had.

  5. Early Final­iza­tion should not be offered as a fea­ture, or if it is, it should be auto­mat­i­cally lim­ited only to young buyer accounts or sim­i­lar sit­u­a­tions.

  6. A large part of site com­mis­sions should be ear­marked for hir­ing pen­e­tra­tion testers and secu­rity boun­ties, and de-anonymiz­ing attacks on the site oper­a­tor.

    Post on forums that you’re offer­ing a Bit­coin boun­ty. (Heck, with Bit­coin, you can prob­a­bly even script up a block which auto­mat­i­cally pays—­for exam­ple, you could announce that you’ve cre­ated a dummy user X, with an unknown pass­word Y, which unlocks a bit­coin trans­ac­tion of 100btc. Any­one who can break into the user data­base can extract the pass­word Y, and claim the boun­ty.)

  7. Backup with­drawal addresses should be imple­ment­ed. In par­tic­u­lar, the with­drawal addresses should be manda­tory for users, and beyond that, bal­ances should be flushed at inter­vals.

    The fall of SR caused tremen­dous prob­lems for many users because they had fool­ishly let bal­ances build up in SR rather than get around to with­draw­ing them. SR had an “auto-with­drawal” fea­ture (doc­u­mented on the SR wik­i), but the mil­lions of dol­lars’ worth of Bit­coin seized on the SR server proves that very few sell­ers used it. Poli­cies must be exer­cised or they are worth­less.

  8. The server archi­tec­ture must fol­low a nested vir­tu­al-ma­chine in which all mar­ket-re­lated soft­ware is iso­lated in a vir­tual machine and the VM itself is forced through Tor by the host OS, akin to .

    Almost no soft­ware, whether it be OS or web libraries or HTTP servers, is designed with any con­sid­er­a­tion towards pre­serv­ing anonymi­ty, those which are have been audited min­i­mal­ly, and many choose to actively destroy anonymity (Apache error mes­sages and phpinfo() pages hap­pily hand out IP address data, since it’s so use­ful for debug­ging, or a fea­ture inher­ently destroys anonymi­ty, like CMS soft­ware which sends out email­s). Mul­ti­ple DNMs have leaked their IP; Ross Ulbricht’s jour­nal notes that SR1 leaked its server IP on mul­ti­ple occa­sions, some of which were pub­licly noted (and FBI agent Tar­bell asserts that another such IP leak, in the CAPTCHA code, was what lead them to the SR1 server and from there to Ulbricht him­self). It’s diffi­cult enough to assure sim­ple secu­ri­ty, one must assume that the server will be de-anonymized at some point, and the only way to ensure that there is no infor­ma­tion leak from the OS or server soft­ware is to make sure that infor­ma­tion is not avail­able in the first place! A gate­wayed VM archi­tec­ture ensures that one does not at least lose anonymity to triv­ial con­fig­u­ra­tion mis­takes or libraries try­ing to be “help­ful”.

  9. Source code for the site should be avail­able. does not work.

    We learned what SR & BMR were hid­ing behind their obscu­ri­ty—a bla­tant breach of anonymity (DPR’s hard­wired non-Tor IP login), and incom­pe­tent code with SQL injec­tion vul­ner­a­bil­i­ties among other issues (BMR’s source code leak). If a site oper­a­tor men­tally quails at releas­ing the source code—­good! That sub­con­scious fear means they have just real­ized that they have linked their DNM with their real iden­ti­ty, or they left in some detail like DPR’s IP address, or there’s vul­ner­a­bil­i­ties that need to be fixed. Source code also means that users can ver­ify that many of the secu­rity fea­tures are in fact imple­mented and work­able (so the site oper­a­tor would have to be out­right mali­cious to keep more data than claimed, etc).

  10. PHP should be avoid­ed.

  11. Role-sep­a­ra­tion & the prin­ci­ple of least priv­i­lege: accounts should be locked as buy­ers, sell­ers, and staff, and no min­gling per­mit­ted.

    Sell­ers who buy from other sell­ers using a known seller pseu­do­nym are paint­ing a tar­get on their back. A staffer order­ing from a seller is a per­fect tar­get for a con­trolled deliv­ery if the seller is an under­cover agent or has been or will be flipped. (If a seller wants to buy, they can sim­ply reg­is­ter a new buyer account like every­one else.) This has been a seri­ous prob­lem thus far: Silk Road 1 was busted due to lack of com­part­men­tal­iza­tion (a staffer took an order from an under­cover agent; Ulbricht bought mar­i­juana & fake IDs, addi­tional evi­dence against him); at least one Silk Road 1 seller was suc­cess­fully tar­geted appar­ently because they bought from a flipped seller using their seller account (while the flipped sell­er’s oth­er, nor­mal, cus­tomers seem to have been spared; see dig­i­talink); Utopia Mar­ket­place’s entire staff was arrested when an inves­ti­ga­tion of their BMR activ­i­ties (based ini­tially on offline sales but adding in their online sales) wound up. A mar­ket­place is nat­u­rally com­part­men­tal­ized and resis­tant to infil­tra­tion—if every­one sticks to their assigned roles.

See Also


The first ver­sion of this arti­cle was com­mis­sioned by Bit­coin Weekly, which ulti­mately decided to not run it36; it is based on my expe­ri­ences May-June 2011, and may be out­-dat­ed. “Trust, but ver­i­fy.” I main­tained it up until 2015, when I stopped my DNM research.



BBC questions

In mid-Jan­u­ary 2012, a reporter from BBC Radio’s “ Inves­ti­gates” emailed me ask­ing whether I’d answer ques­tions for their 5 Feb­ru­ary show they were doing on Bit­coin & Silk Road; I agreed. The fol­low­ing is the tran­script:

How did you find out about Silk Road?

I saw the orig­i­nal announce­ment of it on the Bit­coin forums when it was linked on Red­dit. I fig­ured it would fail, and then a few months lat­er, I saw the Gawker arti­cle on it and appar­ently Silk Road was actu­ally work­ing!

What attracted you to using Silk Road?

Once I heard, I just had to look into it more—it was too inter­est­ing not to. Tim­o­thy May and other cypher­punks had been spec­u­lat­ing about black mar­ket web­sites using cryp­tocur­rency since the early ’90s, and here was a real live exam­ple. I looked at their offer­ings and saw they had some offers I might want at rea­son­able price, and that set­tled it for me.

What is the differ­ence between order­ing your drugs from Silk Road and get­ting them on the street?

Modafinil is pretty hard to get on the street because every­one gets it either with a pre­scrip­tion or from an online phar­ma­cy, so I have no idea. While I was still check­ing out Silk Road, I asked a friend in col­lege how much Adder­all would be and he told me he could get them for $9-10 a pill (it was close to the end of the semes­ter); it cost half that on Silk Road, so I went with them rather than him. I’ve always found it hard to resist a ‘bar­gain’.

How is Silk Road differ­ent to other web­sites where you can buy drugs?

My first-hand expe­ri­ence with modafinil is that I much pre­fer to buy on Silk Road than the phar­ma­cies.

With them, your dol­lar pay­ment can fail at any point. For exam­ple, Mon­ey­Gram once blocked a pay­ment of mine. Very frus­trat­ing! Bit­coin is much more reli­able: I can see where my bit­coins go until they enter Silk Road prop­er.

And then there’s the split between Silk Road itself and all the sell­ers, which makes things safer­—ev­ery­one encrypts their phys­i­cal address before sub­mit­ting it to Silk Road, and the seller decrypts it him­self. If Silk Road is untrust­wor­thy, they can only steal my bit­coins but not my address; if the seller is untrust­wor­thy, they can only steal my address and not my bit­coins. Whereas with the phar­ma­cies, they both get my money and my address.

What have you ordered from the site and how often?

I don’t order very often because I like to thor­oughly exper­i­ment with things, and my tests take a while to set up and run. I think so far I’ve done one order of Adder­all, one order of armodafinil, and two orders of modafinil; another order of selegi­line was can­celed.

How impor­tant is anonymity to you? Do you think the tech­nol­ogy really pro­tects your iden­ti­ty?

It’s not very impor­tant because I have lit­tle inter­est in the drugs law enforce­ment is most inter­ested in, like heroin or cocaine. Modafinil can be shipped with­out much dan­ger, with Cus­toms only seiz­ing the pack­age if they notice it and noth­ing more. Adder­all isn’t very dan­ger­ous either—ev­ery­one knows it’s all over col­lege cam­pus­es, so what are they going to do, arrest me? I don’t even have any Adder­all left!

(To make a his­tor­i­cal anal­o­gy, it’s like hav­ing some wine dur­ing Pro­hi­bi­tion; no one thinks much of it, and the cops are busy with the gang­ster­s.)

How impor­tant is Bit­coin?

I’d say the Bit­coin part is prob­a­bly even more impor­tant than Tor. Law enforce­ment is not known for its NSA-style traffic analy­sis because it would­n’t be usable in court37, and the other ben­e­fit is that there’s no domain name to be seized or fil­tered; but nei­ther of these is very impor­tant. They can be got­ten around or dealt with.

But being able to get money to the sell­ers, and the sell­ers being able to turn it back into usable cash on Mt.­Gox or another exchange, that is cru­cial. You can­not buy and sell drugs for free.

What do you think the future holds for Silk Road, do you think the author­i­ties will shut it down or do you think it will con­tinue to grow?

I would be fairly sur­prised if it was shut down; there’s no obvi­ous way to do so. The real dan­ger is inter­nal: that the com­mu­nity itself might be skewed towards scam­mers and buy­ers just give up and buy some­where else. It’s the same dilemma eBay faced: you don’t want to scare off the sell­ers by too many rules, but if you don’t do some­thing, scam­mers will fleece the buy­ers. So far, the admin­is­tra­tors have done a pretty good job of keep­ing every­thing run­ning and main­tain­ing the bal­ance.

How impor­tant is the com­mu­nity side of Silk Road.

Extreme­ly. The com­mu­nity is what deter­mines whether Silk Road will decline or con­tinue grow­ing with the gen­eral growth of Bit­coin.

What sort of peo­ple use the site?

It’s hard to tell, but from read­ing the forums, it seems like it is mostly tech­ni­cally adept young peo­ple in West­ern Europe and Amer­i­ca. Tor and Bit­coin and encryp­tion are a chal­lenge to use for most peo­ple, and older peo­ple have con­tacts they know how to use when they want var­i­ous drugs.

Is Silk Road just about scor­ing drugs safely or you and other users feel you are mak­ing a greater state­ment about soci­ety the drugs law?

I know other users dis­agree and take it only as a use­ful ser­vice or some­thing of a FU to The Man, but many of us do see it as a prin­ci­pled state­ment. I believe that I am capa­ble of research­ing and eval­u­at­ing drugs, that I can accept the risks, and see how they do or do not work, and that the gov­ern­ment should not be coer­cively impos­ing its beliefs on me.

I am also hor­ri­fied by the effects of the War on Drugs, which has been a greater dis­as­ter than Pro­hi­bi­tion (which we at least had the sense to repeal after a few years). Buy­ing on the Silk Road and writ­ing about it is, if you will, my bit of patri­o­tism. It’s not very hero­ic, and I’ve never claimed to be a hero or to be doing any­thing par­tic­u­larly note­wor­thy, but per­haps it will change some­one’s mind—ei­ther that drugs are not so bad or that the War is not so prac­ti­ca­ble.

Mike Power questions

November 2013

On 2013-11-29, jour­nal­ist Mike Power (of Drugs 2.0) asked me a few ques­tions

1. What will be the cul­tural and tech­no­log­i­cal impact of the Silk Road bust, in your view?

The cul­tural impact is that even more peo­ple are aware of SR. The flurry of cov­er­age, while very neg­a­tive and unflat­ter­ing to SR (the attempted hits have badly tar­nished SR’s rep­u­ta­tion), still serves to spread the news that there was a real func­tion­ing drug DNM just as claimed, and that it worked fab­u­lously well. This part of the pro-drug move­ment in Amer­ica right now, in con­junc­tion with the fact that mar­i­juana legal­iza­tion seems to be basi­cally work­ing out in the West, with min­i­mal “reefer mad­ness”, is help­ing nor­mal­ize illicit drug con­sump­tion and make a mock­ery of the War on Drugs. It’s one thing for peo­ple to won­der if the per­se­cu­tion is more harm­ful than treat­ment would be, and to note that drugs con­tinue to be avail­able on the street, and quite another to real­ize it’s almost as easy as order­ing off Ama­zon!

2. What future do you see for bit­coin, Tor and the new Silk Road?

Bit­coin seems to be going from strength to strength. As an admirer of Bit­coins from when I first learned of them in 2010, I am pleased by its suc­cess and I think it will make the Inter­net much more use­ful for com­merce. (I should note that the cur­rent price increases seem unsus­tain­able to me, and I expect there to be a large cor­rec­tion at some point before ~$2600/₿, which is appar­ently roughly where this bub­ble will equal the pre­vi­ous bub­ble’s per­cent­age increas­es, but though there will no doubt be many nay-say­ers at that point, I expect Bit­coin to keep steadily grow­ing.)

I don’t expect Tor to be affect­ed. Tor’s prob­lems stem from the recent research on it plus the rev­e­la­tions about the state of NSA attacks on Tor from 6 years ago; I would not be sur­prised if the NSA could now iden­tify hid­den servers. The ques­tion is whether they are will­ing to use that capa­bil­ity on DNMs. Given how many DNMs fall to inter­nal fac­tors (At­lantis, PBF, Deep­bay, Sheep), the NSA would­n’t need to spend a cut­ting-edge attack on them.

The DNMs them­selves seem to be fol­low­ing the path set by Bit­Tor­rent: now that the busi­ness model has been proven beyond a doubt with audited fig­ures about profitabil­ity (you can thank the FBI for that one), every geek in the world under­stands that they can become a mil­lion­aire if they dare38. It’s back to whack­-a-mole: new mar­kets will pop up, and will run until they get ham­mered down or rip-and-run. Evo­lu­tion means the ones who leak their iden­ti­ties like Silk Road or Sheep, or who write bad code, like BMR, will either fix their prob­lems or get weeded out & replaced.

3. How would you sum­marise and char­ac­terise your expe­ri­ences with ?

I found no ben­e­fits from it, and I’m not sure how mean­ing­ful my results are for other peo­ple. I would­n’t call it my best self­-ex­per­i­ment ever, but not a waste of time either.

4. Do you feel that gov­ern­ments have the right to police the com­puter activ­i­ty, or the mind­states, of those who elect them?

I think com­puter activ­ity is, like any other activ­i­ty, sub­ject to gov­ern­ment inter­ven­tion if it is really jus­ti­fied (which it rarely is); tak­ing place on a com­puter does not make it unreal or exempt. Polic­ing mind­states, on the other hand, should basi­cally be banned for all the same rea­sons we have free speech.

5. What do you think of the mar­ket­place, over on ? is it as seri­ous as it looks to a non-coder, like myself?

I have not actu­ally set up I2P yet, so I’ve seen none of the I2P mar­kets.

May 2014

From 2014-05-26, for a Guardian arti­cle:

1. Is the dark net drug scene grow­ing or con­tract­ing since the silk road bust (dis­claimer, I know it’s grow­ing, just need some­one with insight such as yours to tell me on the record :-)

The DNM scene is over­all grow­ing, although it has frag­mented a great deal. Due to this frag­men­ta­tion and to the lax mod­er­a­tion on some of the largest sites like Pan­dora and Silk Road 2, it’s diffi­cult to say how much larger or how fast it’s grow­ing, but it does seem safe to say that it’s recov­ered from the fall of Silk Road 1. I sus­pect it’s grow­ing slower than before because of the addi­tional trou­ble users have in find­ing trust­wor­thy ven­dors & mar­kets dur­ing the tur­moil of Decem­ber 2013-April 2014; we may see an uptick in the next half-year or so as the mar­kets sort them­selves out, mul­ti­-sig escrow becomes more com­mon, and busi­ness resumes as usu­al.

2. How busy are these sites—is this a niche inter­est or is it becom­ing more pop­u­lar?

Judg­ing by the decreas­ing tech­ni­cal com­pe­tence of users on the rel­e­vant forums and sub­red­dits, the DNMs seem to be reach­ing a wider audi­ence and not just geeks.

3. Why do you think peo­ple use them? Is it the qual­ity of drugs sold, the buzz of adding a bunch of ille­gal stuff to a bas­ket, the min­i­mal risk of cap­ture, or the vari­ety and purity of the offer­ing?

The advan­tage I see men­tioned time and again is the con­ve­nience & min­i­mal risk of cap­ture for buy­ers, fol­lowed by the sheer vari­ety of offer­ings on the largest mar­kets, then the rel­a­tive safety & purity of the drugs them­selves; I don’t think there’s much of a buzz after the first order.

4. Which is the fastest grow­ing mar­ket? Why is it doing so well?

The cur­rent fastest grow­ing mar­ket seems to be Evo­lu­tion. It’s a cen­tral­ized Tor site which recently got some mul­ti­sig sup­port and runs faster & more reli­ably than some of its com­peti­tors like Ago­ra; oth­er­wise, it has no unique tech­ni­cal fea­tures. Its main advan­tage seems to be that it grew out of the Tor Card­ing Forum com­mu­ni­ty, which had been doing per­son­-to-per­son trades for drugs and fraud-re­lated items until the forum was hacked, and this meant the mar­ket had a com­mu­nity from day 1, which helped it pick up sell­ers and then buy­ers, and net­work effects have helped it grow ever since.


On 16 Decem­ber, Alan Feuer of The New York Times emailed me with some ques­tions about the recent (2013-11-29) fail­ure of Sheep Mar­ket­Place & theft of its user funds. I answered as best I could:

1. Why in gen­eral were you skep­ti­cal about SMP’s sur­vival in the first place? What about it struck you as unsus­tain­able?

In gen­er­al, DNMs are not very sta­ble: the mar­ket dynam­ics that power them and ren­der them self­-reg­u­lat­ing and made Silk Road such a won­der­ful way to buy drugs require spe­cific con­di­tions to work, but con­di­tions are always chang­ing. This does­n’t mean you can’t get drugs from them, any more than restau­rants always going out of busi­ness means you can’t get good Mex­i­can food when you want it, but it does mean that any par­tic­u­lar DNM can’t be expected to hang around more than a year or two. The SR mod­el, with a sin­gle cen­tral­ized site both buy­ers and sell­ers have to trust, did work but that trust can be abused by the site oper­a­tor39. So inher­ently one expects DNMs to have fairly short life­times. (They are sur­pris­ingly like reg­u­lar busi­nesses or web­sites in this respec­t.)

Sheep Mar­ket­Place in par­tic­u­lar struck me as dubi­ous because it was so obvi­ously mod­eled after SR (indi­cat­ing a lack of orig­i­nal­ity and pos­si­ble get-rich-quick men­tal­i­ty), the oper­a­tors did not speak Eng­lish well (de­spite Eng­lish being the inter­na­tional lan­guage of pro­gram­mer­s), it was hardly used (mean­ing that there was no feed­back and it had not with­stood any hack­ers the way SR had), and it received the lion’s share of the post-SR mar­ket for no par­tic­u­lar merit of its own other than its visual appear­ance and lin­ger­ing dis­trust of Black­Mar­ket Reloaded.

  1. What do you feel is the most con­vinc­ing evi­dence that Jiřikovský is/was con­nected to SMP?

The clear­net site. It was exactly the sort of rookie error I expected from some­one with a casual atti­tude to secu­ri­ty: that they could pro­mote their site as they pleased, and as long as they main­tained some level of plau­si­ble denial­a­bil­i­ty, it was safe. Except secu­rity & anonymity are not a court­room with all its legal niceties, cir­cum­stan­tial evi­dence is pow­er­ful, and once you began exam­in­ing Tomas, every­thing falls into place. At that point, it’s almost irrel­e­vant if you find some­thing like, for exam­ple, Tomas being the first per­son online to dis­cuss the exis­tence of Sheep Mar­ket­place (the same mis­take Ross Ulbricht/“altoid” made, inci­den­tal­ly). You’ve already done most of the intel­lec­tual work nec­es­sary to iden­tify the oper­a­tor of SMP. Sim­ply by being so closely asso­ci­ated with a server that could only have been set up by some­one work­ing with SMP, he for­feited most of his anonymity and claims to inno­cence.

(To under­stand what I mean by “most of the work”, it may be help­ful to read my hope­ful­ly-en­ter­tain­ing essay on .)

Inci­den­tal­ly, you should prob­a­bly see the Red­dit trans­la­tion & dis­cus­sion of Tomas’s inter­view with Lidové Noviny on SMP for Tomas’s gen­eral fail­ure to respond to the pre­sented evi­dence, fail­ure to say who was run­ning the clear­net site on his server if not him, and in some cas­es, like his early men­tion of SMP, clear lying.

3. I had a bit of diffi­cultly under­stand­ing the facts and sig­nifi­cance of the Clear­net site. Would you help me under­stand that?

See above. The clear­net site is very sim­i­lar to how “altoid” posted on some forums about a new site called Silk Road, was the first iden­ti­fi­able per­son to ever dis­cuss Silk Road, and then proved to be the account of a guy called Ross Ulbricht. It’s incred­i­bly sus­pi­cious and exactly what you might expect the oper­a­tor to do in an attempt to drum up inter­est and attract atten­tion and so is the best start­ing point for an inves­ti­ga­tion. It’s not enough to prove in court he ran Silk Road­—but we are not in court.

4. Is it your belief that the “heist” was in fact per­pe­trated by SMP’s admins them­selves?

The heist was clearly per­pe­trated by the oper­a­tor of SMP; even the SMP forum mod­er­a­tors admit as much.

If you mean the story about “EBOOK101” hack­ing the site… I am agnos­tic on the top­ic.

While it is a rea­son­able trig­ger for why Tomas might decide to grab the money and run, and we saw a sim­i­lar hack prompt back­opy to decide to close down BMR ful­ly, the prob­lem with the story is that no one seems to have ever dealt with an EBOOK101, EBOOK101 has not left any taunt­ing mes­sages or clues like the BMR hacker did, and SMP in ret­ro­spect seems to have been orches­trat­ing the scam for at least a week in advance by shut­ting down with­drawals (on the pre­text of adding tum­bling), coax­ing peo­ple into deposit­ing even more mon­ey, and delay­ing tac­tics like adding a fancy count­down timer.

And in any event, it’s mostly a moot point: SMP stole far more money from its users than EBOOK101 was sup­posed to have. And sup­pose the story were true—­Tomas’s will­ing­ness to imme­di­ately give up after the hack sug­gests to me that he would not have been con­tin­u­ing SMP much longer regard­less…

5. And your take on the FBI’s role in all of this?

I only know what my infor­mant has told me; since he pre­sented a con­vinc­ing case for Tomas to me which he did not have to, I assumed he was also telling me the truth about him telling the FBI and them being very inter­ested in what he had to say. So I assumed that they were on the case and under­stood the need for prompt action. But the FBI has issued no state­ments on the top­ic, I have not con­tacted Christo­pher Tar­bell myself, and thus far there have been no arrests or other law enforce­ment action I am aware of. I am a lit­tle bewil­dered by the com­plete silence. So I no longer have any idea on their role. For all I know, they’ve com­pletely given up. Or maybe they’ll announce arrests tomor­row. You should ask Tar­bell.

I’m curi­ous what you think about the sub­red­dit post­ings by the two hack­ers who osten­si­bly “chased” the thief through cyber­space. Was it real chase against the wrong per­pe­tra­tor or another part of Jiřikovský’s ruse?

It was a real chase, but nei­ther of them are very famil­iar with blockchain analy­sis, and so they wound up even­tu­ally reach­ing false con­clu­sions like “Sheep stole 97k bit­coins”.

This is a com­mon prob­lem with blockchain analy­sis. Peo­ple at first think that Bit­coin trans­ac­tions are com­pletely anony­mous, then when they learn the truth, they vul­garly go to the oppo­site extreme and assume that because every trans­ac­tion is pub­lic, it’s com­pletely track­able and there is no pri­vacy and analy­sis is a sim­ple mat­ter of fol­low­ing trans­ac­tion­s—not real­iz­ing that at every trans­ac­tion, you have to make a men­tal leap and assume you are still fol­low­ing the same per­son or bit­coins, an assump­tion which is frag­ile, eas­ily bro­ken, and diffi­cult to ever jus­ti­fy.40

Also did your infor­mant tell you why he/she reached out to you instead of him post­ing the sus­pi­cions about SMP online him­self?

Well, he did­n’t post pub­licly at the time because he did­n’t want to inter­fere with the FBI inves­ti­ga­tion. Why did­n’t he post after Tomas had been doxed by the other Red­di­tor, when I felt free to post his results? I’m not sure. I get the impres­sion he does­n’t much care about pub­lic­ity or help­ing out the DNM com­mu­ni­ties, so while he allowed me to post what I knew, he felt no par­tic­u­lar need to post any­thing him­self. As well, my pre­com­mit­ment and rep­u­ta­tion meant that any post­ing would mean more com­ing from me.


On 2013-02-07, I answered some ques­tions from Paul-Philipp Hanske of the Ger­man mag­a­zine about the DNMs and Sheep in par­tic­u­lar:

So, I would take the lib­erty of ask­ing some ques­tions about the SMP scam and black mar­kets in gen­er­al. As I told it before: many thanks in advance for answer­ing them…

Accord­ing to this report the chase for the thief went wrong. What’s your esti­ma­tion? What hap­pened?

What hap­pened was sim­ple: the bit­coins got moved around, and at some point, the thief was given unlinked bit­coins, with­out the hob­by­ists real­iz­ing it. The prob­lem with the blockchain is that peo­ple start off think­ing Bit­coin is com­pletely anony­mous; when they real­ize they are wrong, they flip to assum­ing it’s com­pletely pub­lic & trans­par­ent & any trans­ac­tion can be eas­ily under­stood, which is less wrong but still not right. At any trans­ac­tion, con­trol can be trans­ferred with­out any vis­i­ble sign. The trans­ac­tion could have been to an online wal­let, an exchange, a pre­dic­tion mar­ket, a DNM, a laundry/mixer, Shared Send, etc. The blockchain merely records trans­ac­tions among addresses and it does not give you any mean­ing beyond that. Peo­ple for­get the lim­i­ta­tions and esca­lat­ing uncer­tain­ty, and so the Sheep chasers found them­selves at a BTC-E cold wal­let address. Pre­sum­ably the Sheep thief then with­drew bit­coins (be­ing paid from the then-hot-wal­let) or sold & with­drew some fiat or both.

If the chasers traced the wrong amount of bit­coins: how could the thief hide such a big amount? Do you think he sold it?

The amount in Bit­coins can be eas­ily hid­den: just scat­ter it among mul­ti­ple addresses to make the bal­ances small enough they would not draw any atten­tion. I don’t know if he sold it. I think he should not sell much, as to han­dle a large amount would require an exchange which might require paper­work & using his real iden­ti­ty; but then, I would not have wasted hun­dreds of bit­coins try­ing to send such a huge sum through the Bit­coin Fog mix, so I do not think the Sheep thief is the most ratio­nal or knowl­edge­able per­son around.

what’s your esti­ma­tion how much was stolen?

The best esti­mate right now seems to be ~₿39k, although some of this may have been what the hacker (ap­par­ently a Pro­fe­sor­house) earned.

Is there still strong evi­dence that Jiřikovský is part of the scam?

The evi­dence remains largely the same, I think. Jiřikovský backed down on his threats of legal action against a Czech red­di­tor, and he gave a strange inter­view with a Czech papers which struck me as ignor­ing most of the cir­cum­stan­tial evi­dence, arro­gant, and mak­ing incoherent/wrong tech­no­log­i­cal claims. I have heard of no related arrests, but that does­n’t mean much: Ross Ulbricht was­n’t arrested for almost a year after pay­ing for a hit with his Aus­tralian bank account, after all, and many inves­ti­ga­tions take longer.

If he (or his group) would be part of it: isn’t it now ter­ri­bly dan­ger­ous for them? A lot of peo­ple are angry…

Prob­a­bly. But it’s unlikely any­one will act on spec­u­la­tion.

What’s your lat­est esti­ma­tion about the role of the FBI in this case?

I don’t think they’re doing much but wait­ing. If there’s active inves­ti­ga­tions, I’d guess all the work is being done by agen­cies in the EU with phys­i­cal access.

Do you think any­one com­plained to the police because of the scam?

No. I’m impressed that Plu­topete has the chutz­pah to chal­lenge the Silk Road seizure, but I still can’t see any­one actu­ally com­plain­ing to the police about losses on an ille­gal DNM.

One last ques­tion con­cern­ing black mar­kets: I’m very fas­ci­nated by oper­a­tors of these web­sites. What do you think is their moti­va­tion? Only earn­ing mon­ey?

Of the oper­a­tors of the ~20 sites active at this moment, the major­ity seem to be entirely non-ide­o­log­i­cal and prag­mat­ic: a few seem to have mixed motives relat­ing to cryp­top­unk or mar­i­juana or pub­lic ser­vice, and SR2’s DPR2/Defcon/Hux may be lib­er­tar­i­ans (as­sum­ing they’re not just imi­tat­ing Ulbricht), but the rest? They’re in it for the mon­ey.

One of the inter­est­ing parts of the post-SR fall­out and the new crop of mar­ket­places is see­ing to what extent SR’s longevity was due to Ulbricht’s prin­ci­ples. It may be that we over­es­ti­mated the value of run­ning a mar­ket­place, that the incen­tives to scam first-gen­er­a­tion mar­ket­places (with­out mul­ti­-sig­na­ture escrow) are too great.

Or also some lib­er­tar­ian beliefs as Ross Ulbricht claimed to have?

I don’t see any rea­son for skep­ti­cism about that.

In gen­er­al: how strong do you think is the con­nec­tion between black mar­kets and lib­er­tar­ian think­ing?

It was strong in the begin­ning, but like Bit­coin itself, I think it’s become too pop­u­lar­ized to remain strongly ide­o­log­i­cal. I sus­pect most users strongly agree with the lib­er­tar­ian posi­tion on the War on Drugs, but maybe not much beyond that.

What do you think is the best black mar­kets in the moment?

From a design per­spec­tive, I’m inter­ested in The Mar­ket­place for pio­neer­ing what I think may be the next step for­ward for DNMs, mul­ti­-sig­na­ture escrow; they’ve used it longest, and from a secu­rity per­spec­tive, that puts them ahead of almost all of their com­peti­tors. From a more prac­ti­cal per­spec­tive, SR2 still seem to have the widest selec­tion and most busi­ness, although their prob­lems with get­ting basic func­tion­al­ity work­ing has dri­ven off a lot of buy­ers & sell­ers.

Where did the most ven­dors go to? (it would be great if this mar­ket would be so big that you could also browse for Ger­man ven­dors… ;)

It’s hard to esti­mate since I haven’t yet extracted counts of prod­ucts and ven­dors, but the biggest sites seem to be SR2, Ago­ra, Pan­do­ra, Blue Sky, and The Mar­ket­place. I’m sure there are Ger­man sell­ers on some of them.

The author­i­ties are really upset about the Tor/deep-net-market-thing. What can they do against it? Do they have any pos­si­bil­i­ties? Do you think the deep­-net-mar­ket-scene will still exist in 5 years?

Even if Tor turns out to be irre­deemably com­pro­mised, there’s still I2P, and beyond I2P, there’s also Freenet. When cur­rent mar­kets are busted or go down, given how many peo­ple have tasted the for­bid­den fruit, there will still be plenty of demand for replace­ments. I expect there will still be a DNM scene in 5 years using one of the net­works, and if there isn’t, it’ll be because some tech­ni­cally supe­rior approach has obso­leted all the cur­rent mar­kets. (Pe­ri­od­i­cally peo­ple sketch out designs for fully dis­trib­uted DNMs; none of them have made any seri­ous pro­gress, but on the other hand, peo­ple were spec­u­lat­ing about dig­i­tal cur­ren­cies for many years before Bit­coin came along…)


Jor­dan Pear­son, “Moth­er­board”, 2015-03-19:

What is your moti­va­tion for releas­ing the tor­rent file [of the Evo­lu­tion mar­ket­place and forums]? How will this help with the Evo fall­out? What was your role on Evo (ven­dor? mod?)

Scrapes of the mar­ket are use­ful for peo­ple try­ing to cope with the fall­out. If you need to look up a ven­dor’s con­tact info so you can email them, or if you did­n’t save the PGP key of your favorite ven­dor & want to ver­ify the Agora one isn’t a fake, or can’t quite remem­ber their name though you’d rec­og­nize their list­ings… Plus, since every­one knows I scrape, they’ll be ask­ing me to look things up or for copies, and it’s eas­ier to make a tor­rent.

I had no role on Evo (I was, if any­thing, a crit­ic). I am an inde­pen­dent writer/researcher and I scrape all the mar­kets for research.

How long were you scrap­ing Evo for?

Pretty much from when it opened to buy­ers to when it shut down a few days ago: 2014-01-21 to 2015-03-17.

And dur­ing this time you noticed some stuff that alerted you to the notion that the admins could pull an exit scam? What was that?

Exit scams are always a pos­si­bil­ity for cen­tral­ized-e­scrow mar­kets. (Evo­lu­tion had a mul­ti­sig option, but it was not true mul­ti­sig and no one used it.) I was always par­tic­u­larly dis­trust­ful of Evo­lu­tion because their well-known roots in carding/fraud & allow­ing list­ings like poi­sons & guns meant they both had no morals and were par­tic­u­larly likely to be infil­trated or bust­ed; either way, loss of coins was a major risk. I expected them to die well before this, how­ev­er, and even odds of it dying by LE raid.

You’re a researcher-why help peo­ple track down their deal­ers?

Because it’s help­ful. I have the mir­rors, so I might as well do some­thing use­ful with them.

These deal­ers are osten­si­bly mov­ing to differ­ent mar­kets, some of which are pop­ping up right now (i.e. Iron­clad). What do you think of that? A lot of chat­ter right now about moths rush­ing to the lat­est flame in terms of scammy sites.

That’s always a prob­lem when a big mar­ket goes down—the sud­den dias­pora can over­load the older trust­wor­thy mar­kets, and the newer untrust­wor­thy ones see a large inflow. eg SR1 indi­rectly knocked out BMR and led to the rise of Sheep. Right now the big ques­tion is whether Agora will last: they are older than Evo­lu­tion, IIRC, and must be tempted to exit scam for the same rea­sons, espe­cially since the LE atten­tion on Evo­lu­tion will be forced to move onto Ago­ra. If they stay open, they’re the mar­ket of choice for every­one, but if they dis­ap­pear too, peo­ple will be forced to choose from among the exist­ing small mar­ket­s—Nu­cle­us, Abrax­as, Dia­bo­lus, Black Bank, Mid­dle Earth, Kiss, Out­law, etc. If the smaller mar­kets are ambi­tious, this will be their golden oppor­tu­nity to ascend and become the new top mar­ket, but of course, they could dis­cover the risk feels too much and the cen­tral­ized escrow is too tempt­ing… We went through a few iter­a­tions of this after SR1 before things sta­bi­lized under the Agora/Evolution duop­oly.

(LE is another ques­tion-mark; by now, with Evo­lu­tion over a year old and TCF before that and at least 3 ven­dors bust­ed, they should have man­aged to infil­trate at least one employee into Evo­lu­tion, but we won’t know for months whether they had enough to bust any­one else before Evo­lu­tion closed and effec­tively ter­mi­nated their inves­ti­ga­tion­s.)


Thomas Fox-Brew­ster, 2015-03-23:

Some deal­ers I’ve spo­ken to think set­ting up a bespoke mar­ket is the way to go. Think that’s the case? Are you plan­ning to set one up if you don’t have one already?

By bespoke mar­ket, I assume you mean a ven­dor shop. Those are defi­nitely dead end­s—they do not solve the trust issues of rat­ing and escrow. (For exam­ple, one scam is to set up a ven­dor shop and tell cus­tomers to use an obscure third-party escrow ser­vice; nat­u­ral­ly, this escrow ser­vice is run by the same peo­ple, and when the mark sends the bit­coins to buy some­thing, they keep it.) They also aggra­vate issues of hacks, since a drug ven­dor is not likely to also be a great web pro­gram­mer & sysad­min. Ven­dor shops have never scaled, and never will with­out solv­ing decen­tral­ized mar­kets.

Can we trust any of the big mar­kets any­more?

You could never trust any of the big mar­kets. Evo exit scam­ming is just peo­ple wak­ing up from their dreams and learn­ing from his­tory the hard way. All this has hap­pened before, and will hap­pen again.

Is the dream of a decen­tralised mar­ket even close to hap­pen­ing?

I don’t think so. Open Bazaar, last I heard, had next to no anonymity and I don’t know how far any of the oth­ers have got­ten. If they did exist, I’m not sure any­one would use them; they will likely be intrin­si­cally hard to use, like mul­ti­sig, and may see the same lack of adop­tion. They work in the­ory but not prac­tice. Mar­ket exit scams, for all the hyper­bolic media cov­er­age, are sim­ply an ordi­nary and accept­able cost of doing busi­ness.

Sep­a­rate­ly, why do most deal­ers I speak with use Lelan­tos?

Gmail etc are well-known for hand­ing over email infor­ma­tion to law enforce­ment; Safe-mail used to be pop­u­lar but peo­ple seem to have finally real­ized that any secu­rity there is illu­sory and it’s another Hush­mail in the mak­ing; Rise-up is a bit hard to get accounts on; and Tor­mail has been gone for years. So I guess Lelan­tos is just the best bal­ance avail­able?

Reddit advice

A list of tips from an anony­mous Red­di­tor, pre­sented for what they are worth (not all are nec­es­sar­ily impor­tan­t):

This guy’s mis­takes:

  • Get­ting 41 pounds of weed sent to him. That’s a lot of weed.
  • Get­ting weed sent through the mail at all (it’s easy to detec­t).
  • Sign­ing under a false name.
  • Sign­ing for a pack­age at all41.
  • Had a scale in his house at the time of deliv­ery.
  • Never sign for pack­ages. Never get them sent under false names. Do not open them imme­di­ate­ly. Never have para­pher­na­lia or any­thing incrim­i­nat­ing in your house at the time of deliv­ery. Always use bit­coin. Use PGP wher­ever pos­si­ble. Always ask for a lawyer but oth­er­wise don’t talk to cops.


  • Be sure to read both the guides for sell­er’s and buy­er’s on Silk Road.
  • Make sure that your ven­dor ships via USPS. Ratio­nale: USPS must get a war­rant to open your mail. Also, USPS han­dles much more mail than UPS or FEDEX. I don’t know this for sure, but I’d bet their screening/tracking of sus­pected drug importers is prob­a­bly laxer than UPS/FEDEX.
  • Open a large PO box (big enough to hold a USPS Pri­or­ity mail enve­lope (11.625 inches X 15.125) with­out fold­ing). Ratio­nale: Most sam­ples will fit in an enve­lope less than this in size. Order­ing a big mail­box means that you don’t have to go to the counter to pick it up.
  • Open your box at a “Mom and Pop” ser­vice, not a UPS store or USPS PO Box. “Mom and Pop” shops don’t have the resources to track sus­pi­cious pack­ages. And USPS PO Box’s won’t accept pack­ages from UPS or FEDEX. (While you spec­ify that you only accept USPS, you should be pre­pared to accept pack­ages from other ven­dors.)
  • Make sure you have 24 hour access. Ratio­nale: Pick it up after hours with­out meet­ing face to face. Also allows for faster pick­up–the less time spent in the sys­tem, the bet­ter.
  • Send a test pack­age before order­ing drugs. Ratio­nale: You want to make sure you can receive mail at that address with­out prob­lems before order­ing drugs.
  • Order only from domes­tic sources. Ratio­nale: If it does­n’t cross an inter­na­tional bor­der, it does­n’t have to go through cus­toms screen­ing.
  • If you must order from over­seas, order from UK or Ger­many, not Nether­lands or other com­mon drug source coun­try. Ratio­nale: Anec­do­tal reports sug­gest that ship­ments from com­mon drug source coun­tries get closer screen­ing.
  • Order small amounts (gram or less). Ratio­nale: Law enforce­ment has lim­ited resources. Odds are, they’re not going to bother with small amounts.
  • Use your real name and address on all forms. Ratio­nale: Any­one (such as a vin­dic­tive ex, or an ene­my) could send you drugs. If you get caught receiv­ing mail with drugs in it, you can deny that it’s yours. A fake name destroys your plau­si­ble deni­a­bil­i­ty, as it indi­cates an intent to deceive.
  • Order nor­mal stuff to your box on a reg­u­lar basis. Ratio­nale: You want to make your box stand out as lit­tle as pos­si­ble.
  • Refuse to sign for any drug pack­age. Ratio­nale: Remem­ber, those drugs aren’t yours. If you sign for it, it’s evi­dence that you were expect­ing the pack­age.
  • Don’t order too many drugs at once. Ratio­nale: Many ven­dors don’t include any iden­ti­fy­ing info., so you may end up with a bunch of pack­ets of white pow­der, with lit­tle idea of what’s in each pack­et.
  • Use GPG to encrypt your mes­sages to the ven­dors. Ratio­nale: While this does­n’t pro­tect you if the ven­dor is com­pro­mised, it does pre­vent your name and address from being stored ‘in the clear’ in Silk Road’s data­base.
  • Don’t order out of escrow. Ratio­nale: Your only pro­tec­tion from bad ven­dor behav­ior is their rep­u­ta­tion and escrow. And some ven­dor’s don’t care about their rep­u­ta­tion.
  • Read up on ven­dor’s in the forums. Ratio­nale: You’ll get a much bet­ter idea of their prod­uct qual­ity than you can get from their offi­cial ratings/reviews alone.

A mole?


In March 2013, I learned of a rumor that a par­tic­u­lar fake ID seller on SR1, “KingOf­Clubs”, was actu­ally a fed­eral mole. It came from a per­son who claimed that the forum which had been busted in early 2012, was undone by an agent who infil­trated it over 2 years as a user named “celtic” by sell­ing high­-qual­ity fake IDs to mem­bers (ac­cord­ing to Wired’s July 2013 cov­er­age, Celtic was a real carder who had been busted & his iden­tity assumed). This is per­fectly plau­si­ble as one of the stan­dard law enforce­ment strate­gies to take down card­ing or drug forums is infil­trat­ing forums (eg. , Carder­s­Mar­ket, Carder­Planet,, tak­ing them over, or even set­ting up their own fake forums as hon­ey­pots (the “Carder Profit” forum).

He thought that the seller had a sim­i­lar modus operandi, mak­ing the fol­low­ing com­par­isons:

  1. celtic sold fake cus­tom IDs from 15 states; the seller like­wise sells these spe­cific states
  2. celtic sold a large vari­ety of IDs; the seller sells a wider vari­ety than oth­ers,
  3. celtic adver­tised with lengthy detailed descrip­tions; the seller has descrip­tions which are much more than a few lines, like some other SR sell­ers
  4. celtic sold expen­sive high­-qual­ity IDs, with diffi­cult new secu­rity fea­tures; like­wise
  5. celtic adver­tised his wares as “nov­elty IDs”
  6. celtic implied he was Russ­ian
  7. celtic asked for the nec­es­sary infor­ma­tion to be sent via email and required 2 email addresses
  8. celtic had his non-anony­mous pay­ments sent within Nevada
  9. celtic had oper­ated on the forum for over 2 years; the seller was at the 1 year mark.

They also men­tioned that after con­tact­ing the SR admins, they were blocked from access­ing SR under that or other accounts.


This rumor struck me as unusu­ally detailed, plau­si­ble, and inter­est­ing. It would also be cool to scoop an inves­ti­ga­tion. So I looked into the mat­ter more deeply; I started by com­pil­ing an archive of all KoC’s list­ings, reviews on Red­dit, and list­ings by other ID sell­ers for com­par­i­son (archive; con­tains MAFF & MHT), and noted the fol­low­ing:

  1. the mole sup­pos­edly sold 15 states’ IDs and so does KoC. But KoC’s cur­rent pro­file lists only the fol­low­ing:

    Prod­uct Price
    Mon­tana Dri­ver’s License (Holo­grams + Scannable) ₿6.61
    Indi­ana Dri­ver’s License (Holo­grams + Scannable) ₿6.61
    Wis­con­sin Dri­ver’s License (Holo­grams + Scannable) ₿6.61
    Alaska Dri­ver’s License (Holo­grams + Scannable) ₿6.61
    New Cal­i­for­nia Dri­vers License (Holo­grams + Scans) ₿6.61
    Rhode Island Dri­ver’s License (Holo­gram+S­cannable) ₿6.60
    Idaho Dri­ver’s License (Holo­grams + Scannable) ₿6.60
    Ten­nessee Dri­ver’s License (Holo­grams + Scannable) ₿6.60
    Ari­zona Dri­ver’s License (Holo­grams + Scannable) ₿6.60
    New York Dri­ver’s License (Holo­gram + Scannable) ₿6.60
    Ontario Dri­ver’s License (Raised Let­ter­ing, Scans) ₿6.60
    New Texas Dri­vers License(Raised LTR, Holo, Scans) ₿6.60
    Texas Dri­vers License (Holo­grams + Scannable) ₿6.60
    subto­tal: 13
    New South Wales Dri­ving License (Holo­gram­s+S­cans) ₿6.61
    Man­i­toba Dri­ver’s License (Scannable Tracks 1,2,3) ₿6.60
    Que­bec Dri­ver’s License (Scannable Magstripe1,2,3) ₿6.60
    Alberta Dri­ver’s License (Holo, Raised LTR, Scans) ₿6.60
    UK Dri­ving License (Holo­grams + Scannable) ₿6.60
    subto­tal: 5
    total: 18 (ex­cludes combo offers)

    No mat­ter how you sum it, that’s not 15 states.

  2. It’s not clear that celtic or KoC’s vari­ety is unusu­al. For exam­ple, in the indict­ment 2 of the defen­dants, Hag­gerty or “Wave” & John Doe or “Gru­ber”, actu­ally sound almost iden­ti­cal to this “celtic”: they coun­ter­feited dri­ver’s licenses in 15 states; this does not seem con­sis­tent with their story and under­mines the value of any obser­va­tion of KoC sell­ing 15 states since that’s at least 2 peo­ple who also sold for 15 states—­sug­gest­ing that 15 states is sim­ply what is eas­ily han­dled by avail­able equipment/techniques, are favored due to hav­ing many res­i­dents being tourists, or some­thing like that.

  3. On the SR side of things, KoC does not seem all that unusu­al. Some sell­ers talk a lot and sell a lot, oth­ers don’t. For exam­ple, the seller namede­clined has some­thing like 21 differ­ent items in the forgery & fake ID sec­tions, and is pos­i­tively pro­lix about one I ran­domly clicked on, his fake Geico insur­ance card.

  4. If his cards were being done with gov­ern­ment equip­ment, or top of the line any­way, they ought to be excel­lent and might as well be cheap to attract as many sus­pects as pos­si­ble. But there are many com­plaints in the SR forums & Red­dit that his rather expen­sive cards weren’t very good and in some cases were very poor. He also isn’t all that cool with cus­tomers, eas­ily los­ing his tem­per. All this is reflected in his feed­back score, which is not ter­ri­ble but also is not great.

  5. KoC using the term “nov­elty ID” does­n’t mean much. As far as I know, all the Chinese/Asian sell­ers use that excuse as well: “oh, they’re not fake IDs, they’re nov­elty IDs; we can’t be blamed if our cus­tomers mis­use them.”

  6. KoC does­n’t make it sound like he’s Russ­ian. He comes off as Amer­i­can, and his list­ings imply he’s ship­ping domes­ti­cal­ly.

  7. obvi­ously in buy­ing cus­tom fake IDs, cus­tomers need to pro­vide the rel­e­vant info like age and a photo of the per­son who will be using the ID. KoC pro­vides a pub­lic key, accepts encrypted pri­vate mes­sages on SR for the form, and links repeat­edly to a hid­den ser­vice for image uploads; he does list a email address as an option, but you can just con­nect to’s hid­den ser­vice (that’s the point of it) and send an email via them. You would have to be lazy or fool­ish to send such an email from your reg­u­lar email address before he would have access to your email, and there is no men­tion of requir­ing 2 email addresses

  8. while KoC seems to have accepted West­ern Union, Mon­ey­gram, and Mon­ey­pak early on (like a mole might), he seems to have dropped them entire­ly: his pro­file specifi­cally dis­claims accept­ing any­thing but bit­coin. Why would a mole do that?

  9. Many sell­ers are less than 2-3 years old, since SR is still rel­a­tively new and it was­n’t clear early on that it would sur­vive or be worth doing busi­ness on; given that new sell­ers prob­a­bly drop quickly as they stop sell­ing for var­i­ous rea­sons (they were scam­mers, it turned out to be too much work, what­ev­er), we would expect to see mostly medi­um-aged accounts sell­ing.

Two addi­tional points I would make:

  • while the media does con­firm that mem­bers used fake IDs, this is com­mon to many or all card­ing forums; more impor­tant­ly, I can­not con­firm their account of the demise of based on the 2012 indict­ment, and no one in Google men­tions any “celtic” in com­bi­na­tion with The redac­tions make it diffi­cult to be sure, but they do not seem to have usu­ally redacted the user­names or pseu­do­nyms or nicks (eg pg40), and in the lists of redacted defen­dants’ offens­es, few short­-names come off with large quan­ti­ties of forged items or other such vio­la­tions. While the Farm­ers Mar­ket indict­ment listed enough details that I could be sure that it was mostly due to Hush­mail rolling over (as indeed proved to be the case), here I’m not sure of any­thing; the indict­ment goes into the wrong details for me to feel I can infer any­thing.
  • At least one of their claims seems false: yes, SR might ban an account for fil­ing a false report against a sell­er. But it can’t lock you out based on your IP or some­thing like that; the Tor hid­den ser­vice archi­tec­ture sim­ply does­n’t allow for that, as far as I know. The most it could do is maybe set a cookie and not let any­one with a cookie from a banned account log in or reg­is­ter an account, but that is triv­ially bypassed by delet­ing all cook­ies or using an incog­nito mode or using a differ­ent brows­er.

A coun­ter-ob­jec­tion is that celtic-KoC might have delib­er­ately dropped Nevada IDs and non-bit­coin pay­ment to throw off any­one famil­iar with the pre­vi­ous iden­ti­ty. But in this sce­nar­io, pre­sum­ably the absence would be for pub­lic con­sump­tion and any­one request­ing either would get what they asked for as they became juicy tar­gets for his inves­ti­ga­tion. This can be eas­ily tested just by ask­ing; so 2 throw­away accounts mes­saged KoC on those issues:

  1. First con­ver­sa­tion:

    • “I know they’re not list­ed, but would it be pos­si­ble for you to do either a Utah or Nevada license? (Ide­ally with UV and holo­gram.)”

    • “I won’t be able to do Nevada but I may be able to do Utah with UV and holos, i’ll get back to you in the next cou­ple days on that”

  2. Sec­ond:

    • “bro how are you, do you make Nevada license and do you accept WU OR MG thanks”

    • “I don’t do Nevada DL’s at the moment but I can do a bunch of differ­ent states that aren’t list­ed, what else are you inter­ested in? I don’t accept WU or MG but if you go under the ‘Money’ sec­tion of SR and go to the ven­dor ‘FreeMoney’ he will be able to exchange your WU or MG or Mon­ey­pak for ₿. Regards.”

While his con­sis­tent dis­avowal of both non-bit­coin pay­ments and mak­ing Nevada licenses might sim­ply be try­ing to be con­sis­tent in his per­sona, that would imply con­sid­er­able para­noia on his part about being rec­og­nized—and makes this pos­si­bil­ity that much more unlike­ly.


When will we know? The indict­ment was signed 2012-01-10. The ear­li­est dates men­tioned in it are in 2007, but most of the early dates seem to be in 2009, in line with a >2 year infil­tra­tion which sug­gests a 2-3 year lag (or pos­si­bly as much as 5 years). The KoC account is listed as 1 year old and con­sis­tent with that, he has ini­tial forum posts dat­ing back to March 2012. That sug­gests any busts will come March 2014-2015, up to 2017. (I can’t guess whether the hypo­thet­i­cal SR bust would be faster or slower than SR is much more secure and decen­tral­ized from a sell­er’s point of view, so one might expect it to take longer; but SR is also much higher pro­file as far as I can tell and so one could expect there to be much more pres­sure to deliver some sort of vic­to­ry.)

What’s my cur­rent opin­ion? Read­ing through all of the above, think­ing about the diffi­cul­ties of attack­ing SR (KoC can only have access to small fry buy­ers, not SR staff like Dread Pirate Robert­s), I feel that I can only assign 20% to a pre­dic­tion that by March 2015, “there will have been a bust (>10 named defen­dants) related to forged IDs eg. dri­ver’s licens­es, linked to the SR ven­dor KoC”.

We’ll see.


In Octo­ber 2013, SR1 was raided and its oper­a­tor Ross Ulbricht was arrest­ed; a few months lat­er, sev­eral employ­ees were also arrest­ed.

Part of the ini­tially released evi­dence was a pho­to­graph of sev­eral fake IDs for Ulbricht pur­chased on SR1 (which he seems to have used for buy­ing server host­ing) which had been inter­cepted by Cus­toms around 2013-07-10. This was strik­ing, and some peo­ple claimed the IDs in the photo looked like KoC’s IDs. This was con­firmed in a Decem­ber 2014 fil­ing in his trial42

Is this con­fir­ma­tion? Well, the fil­ing does not describe KoC as a CI or UC, but it also does not describe how the KoC pack­age was inter­cepted other than “as part of a rou­tine bor­der search”, which sounds implau­si­ble for any fake ID ship­ment (fake IDs should not trig­ger any drug dogs and are likely shipped in envelopes rather than bulkier pack­ages) and espe­cially implau­si­ble in that it just so hap­pens to be a ship­ment to a per­son of inter­est; if Ulbricht’s name had been entered in some sort of screen­ing data­base, that would be plau­si­ble but the fil­ing specifi­cally men­tions the pack­age was addressed to a “Josh”; and the early July 2013 date seems a bit too soon for the SR1 server imag­ing in June 2013 to have de-anonymized Ulbricht to the point where his phys­i­cal address was known and his mail could be screened. KoC being a CI/UC would resolve the ques­tion imme­di­ate­ly, but direct evi­dence of this is absent.

So I think the exact role KoC played in the fall of SR1 remains uncer­tain.

Bitcoin exchange risk

“Beware the Mid­dle­man: Empir­i­cal Analy­sis of Bit­coin-Ex­change Risk” com­piles a list of Bit­coin exchanges and which ones have died or failed to return one’s money (see also the fol­lowup ); I was inter­ested in the aver­age risk per day, but the paper did not include the rel­e­vant fig­ure, so I copied the raw data and par­tially repli­cated their analy­sis in R:

exchange <- read.csv("")
# log transform busy-ness per paper
exchange$ActiveDailyVolume <- log1p(exchange$ActiveDailyVolume)
# calculate lifetime lengths
exchange$Days <- as.integer(as.Date(exchange$Dates) - as.Date(exchange$Origin))
# but the paper says "The median lifetime of exchanges is 381 days"!
# The difference may be due to me defaulting each exchange opening/closing to the 1st of the month,
# since the paper's table on pg3 only specifies month/year.
#    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
#      15     168     344     365     565     930

# Rough daily risk percentage calculation: # of lossy exchange-days / total exchange-days:
(sum(exchange$Repaid==0, na.rm=TRUE) / sum(exchange$Days)) * 100
# [1] 0.03421
# eg. so leaving funds on an exchange for a month is ~1% (0.03 * 30 = 0.899 ~= 1)

# replicate Cox model survival curve & regression
# plot aggregate survival curve
surv <- survfit(Surv(exchange$Days, exchange$Closed, type="right") ~ 1)
plot(surv, xlab="Days", ylab="Survival Probability")

# see how the moderators help predict exchange death
cmodel <- coxph(Surv(Days, Closed) ~ Breached + ActiveDailyVolume + AML, data = exchange)
# ...
#   n=40, number of events=18
#                       coef exp(coef) se(coef)     z Pr(>|z|)
# Breached           0.80309   2.23242  0.57129  1.41    0.160
# ActiveDailyVolume -0.22233   0.80065  0.10493 -2.12    0.034
# AML                0.00156   1.00157  0.04230  0.04    0.970
#                   exp(coef) exp(-coef) lower .95 upper .95
# Breached              2.232      0.448     0.729     6.840
# ActiveDailyVolume     0.801      1.249     0.652     0.983
# AML                   1.002      0.998     0.922     1.088
# Concordance= 0.696  (se = 0.08 )
# Rsquare= 0.116   (max possible= 0.94 )
# Likelihood ratio test= 4.91  on 3 df,   p=0.178
# Wald test            = 5.22  on 3 df,   p=0.156
# Score (logrank) test = 5.41  on 3 df,   p=0.144

predict(cmodel, type="risk")
#  [1] 1.0062 1.2807 1.8416 1.4132 0.6280 0.6687 2.5166 1.4629 1.3860 1.3283 0.8558 1.6955 1.1386
# [14] 0.9682 0.6275 1.9333 0.5593 1.1443 1.1941 1.8569 1.9889 3.6656 0.9899 0.9849 0.5649 0.6393
# [27] 0.5527 0.4847 0.5212 0.8798 0.5222 0.8132 0.8166 0.5222 0.4404 1.2850 0.6114 1.0574 0.9704
# [40] 1.8765
# difference between the paper's risk ratios and the calculated risks:
predict(cmodel, type="risk") - exchange$Risk.Ratio
#  [1] -0.1138438  0.0007105 -0.1684229 -0.1768372 -0.0219620  0.0586867 -1.3333981 -0.1070626
#  [9] -0.0639567 -0.1416868 -0.0841594 -0.1044674 -0.1013990 -0.0117733  0.0174954  0.0533416
# [17]  0.0293197  0.0543248  0.0540563 -0.2930878 -0.2411229 -0.7444104 -0.0901261  0.0348886
# [25]  0.0348513  0.0392880  0.0327111  0.0347424  0.0311519 -0.0302076  0.0321711  0.0532302
# [33]  0.0165801 -0.0178064 -0.0095536 -0.1650013 -0.0186322 -0.0825834 -0.0696364 -0.3535190
summary(predict(cmodel, type="risk") - exchange$Risk.Ratio)
#    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
# -1.3300 -0.1090 -0.0203 -0.0992  0.0323  0.0587

# Moving on; replicate the logistic regression they ran on predicting breaches:
lbreach <- glm(Breached ~ ActiveDailyVolume + I(Days/30), family="binomial", data = exchange)
# ...
# Deviance Residuals:
#    Min      1Q  Median      3Q     Max
# -1.158  -0.671  -0.283  -0.102   2.982
# Coefficients:
#                   Estimate Std. Error z value Pr(>|z|)
# (Intercept)        -4.4996     1.7666   -2.55    0.011
# ActiveDailyVolume   0.7730     0.3182    2.43    0.015
# I(Days/30)         -0.1048     0.0698   -1.50    0.133
#     Null deviance: 42.653  on 39  degrees of freedom
# Residual deviance: 32.113  on 37  degrees of freedom
# AIC: 38.11

Moore has pro­vided his orig­i­nal R source code, his exchange data, and anti-money-laun­der­ing-laws data, so his orig­i­nal analy­sis can be repli­cated by any­one inter­ested in the top­ic.

Estimating DPR’s fortune minus expenses & exchange rate

Ron & Shamir 2013, based on blockchain analy­sis, esti­mates SR/DPR earned ₿633,000 in com­mis­sions; the FBI indict­ment states that it was ₿614,305, pre­sum­ably based on the seized site data­bas­es. It’s been sug­gested that the expense of run­ning SR, and the large changes in the exchange rate, may sub­stan­tially reduce how many bit­coins DPR actu­ally could have saved up, pos­si­bly to as low as ₿“150-200k”. (The logic here is that if SR earns com­mis­sions of ₿100 in 2011 but needs to pay $100 of host­ing bills, it needs to sell all ₿100 but in 2013, it would need to sell only ₿1.)

DPR surely spent some of the com­mis­sions on run­ning SR & him­self, but run­ning a web­site isn’t that expen­sive, and how badly the exchange rate bites will depend on details like how it fluc­tu­ated over time, how sales grew over time, and how big the expenses really are. The reduc­tion could be tiny, or it could be huge. It’s hard to tell based just on a gut esti­mate.

So: below, I take esti­mates of SR growth from and the FBI indict­ment, infer lin­ear growth of SR sales, esti­mate daily expens­es, and com­bine it with his­tor­i­cal Bit­coin exchange rates to show that DPR prob­a­bly has most of his bit­coins and 200k or lower is right out.


My strat­egy is to model Silk Road’s growth as lin­ear in dol­lar amounts, but with differ­ent amounts of bit­coins each day depend­ing on the exchange rate, sub­tract a daily oper­at­ing cost, and then sum the com­mis­sions.

So say that on 2012-01-01, SR did $10k of busi­ness, and the exchange rate was 1:100, so ₿100 in turnover, and SR gets an aver­age com­mis­sion of 7.4%, so it would get ₿7.4.

To do this, I need to esti­mate the rev­enue each day, the expenses each day, the com­mis­sion each day, and the exchange rate each day. Then I can mul­ti­ply rev­enue by com­mis­sion, sub­tract the expense, and sum the left overs to get an esti­mate of the total bit­coins avail­able to DPR which he could (or could not) have spent.


  1. Employ­ees: we know that Lib­er­tas and one or two oth­ers were employed at salaries of $1-2k per week. I’ll assume there were 2 oth­ers, and each was paid the max of $2k per week, which means total daily employee expenses is = $571 per day. (Un­for­tu­nate­ly, the indict­ment does­n’t give any clear indi­ca­tion of their num­bers, just refer­ring to them as ‘they’.)

    This is a con­ser­v­a­tive esti­mate since I’m pretty sure that SR was a one-man oper­a­tion until prob­a­bly in 2012.

  2. The servers: we know there were at least 2 servers (the main site, and the forum­s). The task of host­ing the sites does not seem to be too band­width or disk-space inten­sive, and servers are extremely cheap these days. The use of Dat­a­ and GigaTux sug­gest DPR was using cheap VPSes. I’ll esti­mate a monthly expense of $500 ($250 a piece) which per day is $16.

    This is also very con­ser­v­a­tive.

  3. DPR: his rent of $1000/month has been widely bruited about, and in gen­eral he report­edly spent lit­tle. Makes sense to me, I’ve met and seen the rooms of a few well-paid geeks in SF like DPR, and I would believe them if they said they did­n’t spend much money on any­thing but rent & food. I’ll bump this up by $1000 for food and all expens­es, since he appar­ently did­n’t even eat out very much. So .

    Dou­bling his rent for total expenses is prob­a­bly also con­ser­v­a­tive; for most peo­ple, rent is not >50% of income, but SF is incred­i­bly expen­sive to live in.

This gives a daily expense of $652 (or a monthly total of $19.1k in expens­es). As you can see, the employ­ees are by far the most expen­sive part of run­ning SR in my esti­mate, which makes me won­der if maybe Lib­er­tas was the only employ­ee.


Assum­ing the details about DPR hir­ing hit­men in the indict­ments are rea­son­ably accu­rate, we can throw in two large expens­es:

  1. an $80k expen­di­ture for killing his Mary­land employ­ee. The first pay­ment of $40k was made on 2013-02-04 and the second/final pay­ment of $40k was made on 2013-03-01 (pg9). If we use the exchange rate of those two days, then the hit cost DPR (40000 / 20.42) + (40000 / 34.24) = ₿3127

  2. the sec­ond hit was priced in bit­coins (pg23):

    Through fur­ther mes­sages exchanged on March 31, 2013, DPR and redand­white agreed upon a price of 1,670 Bit­coins

So the hits cost DPR some­where around ₿4797. An extremely large and painful amount, by most stan­dards, but still nowhere near ₿10k—­much less high­er.

Revenue over time: first and last days


Table 3 pro­vides a break­down of the feed­back rat­ings from 184,804 feed­back instances we col­lect­ed…In Fig­ure 12, we plot an esti­mate of the daily com­mis­sions col­lected by Silk Road oper­a­tors as a func­tion of time. We sim­ply reuse the pre­vi­ous esti­mates, and apply both the fixed 6.23% rate, and the sched­ule of Table 4 to each item. We find that the new sched­ule turns out to yield on aver­age a com­mis­sion cor­re­spond­ing to approx­i­mately 7.4% of the item price.

The FBI:

From Feb­ru­ary 6, 2011 to July 23, 2013 there were approx­i­mately 1,229,465 trans­ac­tions com­pleted on the site…$79.8 mil­lion (USD) in com­mis­sions.

Accord­ing to Bit­coin Charts, on 2013-07-23, the MtGox price was $91. (As the most famous exchange, any FBI esti­mate almost cer­tainly used it.) So that implies =₿876,923. Or to put it the other way, at $79.8m in trans­ac­tions, then using Christin’s 7.4% esti­mate, total sales were $1,078,000,000 or ₿10,780,000.

Wikipedia says “These trans­ac­tions involved 146,946 unique buyer accounts, and 3,877 unique ven­dor accounts.”, and “The total rev­enue gen­er­ated from trans­ac­tions was 9,519,664 bit­coins. Com­mis­sions col­lected from the sales by Silk Road amounted to 614,305 bit­coins.”

(So the num­bers aren’t too differ­ent: 614k vs 876k and 10.8m vs 9.5m.)

We’ll set 2011-02-06 to $10 in sales (prob­a­bly not too far from the truth). But what about 2013-07-23? pg20 of the indict­ment says:

For exam­ple, on July 21, 2013 alone, DPR received approx­i­mately 3,237 sep­a­rate trans­fers of Bit­coins into his account, total­ing approx­i­mately $19,459. Vir­tu­ally all of these trans­ac­tions are labeled “com­mis­sion”.

= $262,959 that day. $20k in com­mis­sions is extremely impres­sive, since Christin esti­mates only $4k/day com­mis­sions as late as the end of July 2012—so SR must have grown by 500% from 2012 to 2013. We use this rev­enue esti­mate as our end­point and inter­po­late from $10 to $262,959 over the ~900 days SR exist­ed. This is a con­ser­v­a­tive way of mod­el­ing SR, since the graphs in Christin indi­cate that SR saw sig­moid growth in 2012, and 2013 would’ve seen even more growth (to be con­sis­tent with the 2013 July com­mis­sion dat­a­point being 5x the 2012 July com­mis­sion dat­a­point).

Exchange rate

I grab weighted price for each day between 2011-02-06 & 2013-07-23, and stuff it in a CSV.


sr <- read.csv("")
sr$Sales <- c(10, rep(NA, 890), 262959, NA, NA)
## revenue increased by $300 a day:
l <- lm(Sales ~ as.numeric(Date), data=sr); l
# Coefficients:
#      (Intercept)  as.numeric(Date)
#             -285               295
sr$Sales <- predict(l, newdata=sr)
sum(with(sr, (Sales * 0.074 - 652) / ExchangeRate))
# [1] 803397

Or we can run the esti­mate the other way: if DPR had to spend $652 a day and con­verted at that day’s exchange rate, and we took into account the hit­men, how many bit­coins would he have spent in total?

sum(with(sr, 652 / ExchangeRate))
# [1] 127154
(614305 - 127154) - 4797
# [1] 482354


Obvi­ously ₿803k > ₿614k, which implies that the lin­ear model over­es­ti­mates sales in the early life of SR; but going the other direc­tion and esti­mat­ing just from costs & hit­men & total com­mis­sion, we still wind up with nearly ₿500k (and that was after mak­ing a bunch of highly con­ser­v­a­tive assump­tion­s). The fewer sales (and com­mis­sions) early on, the less of a fixed num­ber of bit­coins will be sold. So, while it may ini­tially sound plau­si­ble that DPR could have been forced to part with say ₿400k to pay for SR and sundry expens­es, the dis­tri­b­u­tion of sales and fluc­tu­a­tions of Bit­coin value mean that this sim­ply does not seem to be the case.

Unless there are some aban­doned yachts float­ing around the SF Bay Area, DPR/Ross Ulbricht prob­a­bly has ₿500k-614k.

The Bet: BMR or Sheep to die in a year (by Oct 2014)

On 2013-10-30, I offered to any com­ers 4 escrowed Bit­coin bets relat­ing to whether Black­Mar­ket Reloaded and Sheep Mar­ket­place would sur­vive the next year. I posted it to

Reac­tions were gen­er­ally extremely neg­a­tive, accus­ing me of scam­ming, being LE, pre­tend­ing to be the escrow nan­otube, etc. No one took any of the bets and I shut the books on 2013-11-06. For pos­ter­i­ty, I am archiv­ing a copy of my state­ment below.


BMR & Sheep have demon­strated their dan­ger, but few DNM-users seem to gen­uinely appre­ci­ate this. I am pub­licly bet­ting that they will fail in the near-fu­ture. If you think I am wrong, just try to take my money and prove me wrong! Oth­er­wise, spare us your cheap talk.

Hi! I’m . You may remem­ber me from such DNM web­pages as , and /r/silkroad. Today I’m here to talk to you about Black­Mar­ket Reloaded & Sheep Mar­ket­place.

(A signed ver­sion of this 2013-10-30 post will be posted as a com­ment, because I wish to use Mark­down for­mat­ting; my PGP key is avail­able.)


With the fall of SR, we’re all very sad: it was a good site which per­formed a use­ful func­tion. But life goes on, so it’s no sur­prise we’re all mov­ing on to new DNMs. That said, I am con­cerned by the accu­mu­lat­ing pat­tern I am see­ing around BMR and Sheep, and by the delu­sional opti­mism of many of the users.


Black­Mar­ket Reload­ed, since the fall, has been marked by a pat­tern of arro­gance, tech­ni­cal incom­pe­tence, dis­missal of prob­lems, tol­er­ance for sell­ers keep buyer addresses & issu­ing threats, astound­ing tol­er­ance for infor­ma­tion leaks (all the imple­men­ta­tion infor­ma­tion, and par­tic­u­larly the VPS inci­dent with the user data leak; mir­rors: 1, 2), etc. We know his code is shitty and smells like vul­ner­a­bil­i­ties (pro­gram­mer in 3 differ­ent IRC chan­nels I fre­quent quoted bits of the leaked code with a mix­ture of hilar­ity & hor­ror), yet some­how back­opy expects to rewrite it bet­ter, despite being the same per­son who wrote the first ver­sion and the basic secu­rity prin­ci­ple that new ver­sions have lots of bugs. (I’m not actu­ally both­ered by the DoS attacks; they’re issues for any site, much less hid­den ser­vices.)

And then there’s the things he’s not telling us. Atlantis shut down because they were wor­ried about con­tacts from LE, and thus far this shut down seems to have saved them; but BMR has been around sev­eral times longer than Atlantis—­would it not beg­gar belief if LE had not made con­tacts, attempted SR-style stings, or infil­trated BMR staff? And remem­ber how we were able to dis­cover all sorts of leaks in DPR’s opsec once we had the indict­ment and knew what to look for? Or con­sider the claims being made about the Project Black Flag Leaks, where some­one claims to have accessed a laun­dry list of infor­ma­tion from its inter­nal­s—only after Metta DPR decided to rip-and-run. If this is what we see pub­licly for BMR, what on earth is going on behind the sce­nes?

back­opy should have handed on BMR weeks ago, but is still around. He seems to plan to repeat SR/DPR’s mis­takes exact­ly: leak infor­ma­tion all over the place, never retire, and just keep on until he is busted and takes who-knows-how-many peo­ple down to prison with him. He has learned noth­ing. What, exact­ly, is his exit strat­e­gy? What goals does he have and when will they ever be sat­is­fied? He has been run­ning BMR for more than 2 years now, and has not left. How does this story end: of a man who does not know his lim­its, does not have abil­ity equal to the task, and refuses to quit while he’s ahead? It ends with a par­ty-van, that’s how it ends.

And hardly any­one seems trou­bled by this! The BMR sub­red­dit is full of bustle; peo­ple are even hail­ing back­opy as a “hero” for allow­ing with­drawal of bit­coins. (How gen­er­ous of him.)


Is Sheep any bet­ter? No. BMR is trou­bled and prob­a­bly infil­trated at this point, but Sheep may well be a dead mar­ket walk­ing at this point. No one has a good word to say about its cod­ing, so there may well be BMR-style issues in its future. More impor­tant­ly: the ver­i­est Google search would turn up that clear­net site, and it has been pointed out that the clear­net Czech site hosted by Hexa­Geek was uncan­nily sim­i­lar to the actual hid­den ser­vice. It uses almost the same exact tech­nol­o­gy, and the offi­cial expla­na­tion is that they had “fans” (fans? who set up, many months ago, before any­one gave a damn about Sheep, an entire func­tion­ing mir­ror while cloning the soft­ware stack and being in a for­eign non-Eng­lish-s­peak­ing coun­try just like the Sheep admin­s?). Ridicu­lous! DPR may have set up a Word­Press site, but at least ‘altoid’ did­n’t run an entire SR mir­ror! (He left that to & Sheep’s likely about one sub­poena of Hexa­Geek away from fun party times in the par­ty-van.

The Wager

I am unin­ter­ested in see­ing Sheep/BMR busted and lots of new­bies caught because they can’t appre­ci­ate the pat­terns here. Peo­ple don’t take mere crit­i­cism seri­ous­ly, and even if I lay it all out like here, and I men­tion that I have an , they still won’t because any­one can doom-mon­ger and issue warn­ings, it won’t get through to them. I want to get through to them—I want them to under­stand the risks they’re tak­ing, I want them to reflex­ively use PGP, and I want them to leave bal­ances on sites for as short a time as pos­si­ble. So! I am putting my money where my mouth is.


I and 3 oth­ers are pub­licly wager­ing ₿4 ($816 at today’s rate), ₿1 each, on the fol­low­ing 4 bets:

  1. BMR will not be oper­at­ing in 6 months:

    25%; 1:3 (you risk ₿3 and if BMR is still oper­at­ing, you win our ₿1, else you lose the ₿3 to us)

  2. BMR will not be oper­at­ing in 12 months

    40%; 1:1.5 (you risk ₿1.5 & BMR is oper­at­ing in a year, you win our ₿1, else lose ₿1.5)

  3. Sheep will not be oper­at­ing in 6 months

    30%; 1:2.3 (your ₿2.3 against our ₿1)

  4. Sheep will not be oper­at­ing in 12 months

    60%; 1:0.66 (you risk ₿0.66 against our ₿1)

The ₿4 are cur­rently stored in 1AZvaBEJMiK8AJ5GvfvLWgHjWgL59TRPGy (proof of con­trol: IOqEiWYWtYWFmJaKa29sOUqfMLrSWAWhHxqqB3bcVHuDpcn8rA0FkEqvRYmdgQO4yeXeNHtwr9NSqI9J79G+yPA= is the sig­na­ture by 1Az of the string "This address contains bitcoins for the BMR/Sheep bet run by gwern.").

  • BMR = kss62ljxtqiqdfuq.onion

  • Sheep = sheep5u64fi457aw.onion

  • The exact defi­n­i­tion of ‘not oper­at­ing’ includes but is not lim­ited to this: on noon EST of 2013-04-30 (6-months) or 2014-10-30 (12-month­s), if Nan­otube can visit the rel­e­vant DNM, cre­ate a buyer account, deposit bit­coins, and order an item, then the site is oper­at­ing. If deposits or new accounts or pur­chases are not allowed or not pos­si­ble, it is not oper­at­ing.

    At his own dis­cre­tion, the arbi­tra­tor can take into account other fac­tors, like wide­spread reports that a mar­ket has been raided and turned into a sting oper­a­tion.


Arbi­tra­tion & escrow are being pro­vided by Nan­otube, a long-time Bit­coin user & -otc trader, who has han­dled some past bets (most famous­ly, the ₿10,000 bet between the Ponzi schemer pirateat40 & Van­droiy) and I believe can be trusted to escrow this one as well; he has agreed to a nom­i­nal fee of 1%.

(I am not using Bets of Bit­coin because they have a dis­hon­est & exploita­tive rule-set, and I am not sure Pre­dic­tious would allow these bet­s.)


If you dis­agree and are man enough to take our bets, post the amount you are bet­ting on which bet, and Nan­otube will sup­ply an address for you to trans­fer your bit­coin to. When it arrives in his wal­let, then our bet will be in effect.

May the most accu­rate beliefs win.

Statistical considerations

In my past bet­ting & pre­dict­ing, I have found it use­ful to start with some sim­ple base rates & sta­tis­ti­cal cal­cu­la­tions as a way of anchor­ing my sub­jec­tive con­sid­er­a­tions. Nei­ther approach is extremely reli­able, but they can help us fig­ure out what are rea­son­able-look­ing esti­mates and we can increase or decrease them based on the observed secu­rity issues to get a final esti­mate which will be bet­ter than either ran­dom guess­ing based on gut-feel or blind accep­tance of num­bers spat out by a mod­el.

In my bet, I used an ear­lier ver­sion of this analy­sis, and after look­ing at the var­i­ous results, set­tled on gut-es­ti­mates as fol­lows:

  1. BMR 6-month shut­down risk: 35%
  2. BMR 12-month: 50%
  3. Sheep 6-month: 40%
  4. Sheep 12-month: 50%

After expand­ing the data to include Deep­bay and con­tin­u­ing to observe the DNMs, I would per­son­ally decrease the risk for BMR and increase for Sheep (a choice vin­di­cated when Sheep shut down with a scam in late Novem­ber, not long after my analy­sis).

Basic data

I am inter­ested in web­sites sell­ing drugs over Tor or i2p, using cryp­tocur­ren­cies like Bitcoin/Litecoin/Dogecoin, allow­ing mul­ti­ple sell­ers other than the site oper­a­tors, and pro­vid­ing some sort of escrow func­tion­al­i­ty. This excludes clear­net sites like Top­ix, sin­gle-ven­dor shops like Mod­ern Cul­ture or Bungee54, card­ing shops like Tor Carders Mar­ket, host­ing ser­vices like Cryuserv or Bad Wolf, DNM-focused forums like The Hub, and forums for buy­ers & sell­ers to deal directly with each other like The Majes­tic Gar­dens.

This data is cur­rent as of 2013-11-12 and is used in the fol­low­ing sur­vival analy­sis:

Mar­ket Started Ended/currently Months oper­at­ing Sta­tus Notes
Silk Road Jan­u­ary 2011 Octo­ber 2013 33 closed Raided
Atlantis 2013-03-26 Sep tem­ber 2013 6 clo sed Vol untary shut down; scam? Losses not clear
Deep­bay June 2013 2013-11-04 5 close d [scam ](
Bud­ster 2013-10-10 2013- 10-20 0 closed [ scam?](ht tps://
Project Black Flag 2013-10-14 2013- 10-28 0 closed [ scam](htt ps://
Black­Mar­ket Reloaded June 2011 Novem­ber 2013 30 open
Sheep Mar­ket­place Feb­ru­ary 2013 Novem­ber 2013 10 open
Buy­It­Now April? 2013 Novem­ber 2013 8 open buyitnowquyft7dx.onion
Pan­dora 2013-10-21 Novem ber 2013 1 open `pand ora­jodqp5zr­r.o­nion`
Silk Road 2 2013-11-06 Novem ber 2013 0 open
Tor­mar­ket 2013-11-07 Novem ber 2013 0 open `torm arkoza­e­gyv­co.o­nion`; no reports of sales yet

Survival analysis

I have some basic famil­iar­ity with from my lengthy analy­sis of , so I thought I’d take a stab at a sur­vival analy­sis of the DNMs:

market <- read.csv(stdin(),header=TRUE, colClasses=c("factor","Date","Date","logical","factor"))

market$Days <- as.integer(market$Ended - market$Started)
surv <- survfit(Surv(market$Days, market$Dead, type="right") ~ 1)

 time n.risk n.event survival std.err lower 95% CI upper 95% CI
    1     11       1    0.909  0.0867        0.754            1
    7      8       1    0.795  0.1306        0.577            1
  152      6       1    0.663  0.1628        0.410            1
  179      5       1    0.530  0.1761        0.277            1
  979      1       1    0.000     NaN           NA           NA

# Confidence intervals show not enough datapoints to really estimate!
# 6-month mortality:
sixm <- 1 - (1-((1-0.53)/179))^(365.25/2); sixm
[1] 0.3813
# 12-month mortality
1 - (1-((1-0.53)/179))^(365.25)
[1] 0.6172

plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI")
A sur­vival curve cal­cu­lated from 11 DNMs

So, a 40% risk of fail­ing in 6 months and 62% in a year. Not good news. But can we do bet­ter?

Expanded sample: Bitcoin exchanges

As it hap­pens, I pre­vi­ously wrote some R code to do another sur­vival analy­sis as well, this one of Bit­coin exchanges like MtGox, check­ing a pub­lished paper’s results. A Bit­coin exchange is an online web­site which trades in Bit­coins, is a tar­get for hack­ers, and is often of ques­tion­able legal­i­ty—so they’re actu­ally quite a bit like DNMs in some respects. What if we try to bor­row strength by com­bin­ing the DNMs & exchanges into a sin­gle dataset, include a dummy vari­able indi­cat­ing DNM or exchange, esti­mate a sur­vival curve from that dataset, and pre­dict?

Con­tin­u­ing from before:

market$Type  <- as.factor("")

exchange <- read.csv("")
exchange <- with(exchange, data.frame(Marketplace=Exchange, Started=as.Date(Origin), Ended=as.Date(Dates),
                                      Dead=as.logical(Closed), Cause=NA))
exchange$Days <- as.integer(as.Date(exchange$Ended) - as.Date(exchange$Started))
exchange$Type <- as.factor("exchange")

allSites <- rbind(exchange, market)

# plot aggregate survival curve
surv <- survfit(Surv(allSites$Days, allSites$Dead, type="right") ~ 1)
plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI")
The 11 DNMs lumped in with a few dozen Bit­coin exchange sites

We can try ask­ing whether the DNMs seem to be riskier:

cpmodel <- cph(Surv(Days, Dead) ~ Type, data = allSites, x=TRUE, y=TRUE, surv=TRUE)
# ...
#                   Coef   S.E.   Wald Z Pr(>|Z|)
# 0.2128 0.5644 0.38   0.7061

The risk does seem to be higher (odds ratio of 1.24) but unsur­pris­ingly we can’t have much con­fi­dence in the esti­mate yet.

With the sur­vival curve and an esti­mate of DNM risk, we can extract sur­vival esti­mates for the stil­l-liv­ing DNMs:

conditionalProbability <- function (d, followupUnits, cmodel) {
    chances <- rep(NA, nrow(d)) # stash results

    for (i in 1:nrow(d)) {

        # extract chance of particular subject surviving as long as it has:
        beginProb <- survest(cmodel, d[i,], times=(d[i,]$Days))$surv
        if (length(beginProb)==0) { beginProb <- 1 } # set to a default

        tmpFollowup <- followupUnits # reset in each for loop
        while (TRUE) {
            # extract chance of subject surviving as long as it has + an arbitrary additional time-units
            endProb <- survest(cmodel, d[i,], times=(d[i,]$Days + tmpFollowup))$surv
            # survival curve may not reach that far! 'survexp returns 'numeric(0)' if it doesn't;
            # so we shrink down 1 day and try again until 'survexp' *does* return a usable answer
            if (length(endProb)==0) { tmpFollowup <- tmpFollowup - 1} else { break }

        # if 50% of all subjects survive to time t, and 20% of all survive to time t+100, say, what chance
        # does a survivor - at exactly time t - have of making it to time t+100? 40%: 0.20 / 0.50 = 0.40
        chances[i] <- endProb / beginProb
allSites$SixMonth <- conditionalProbability(allSites, (365/2), cpmodel)
allSites$OneYear <- conditionalProbability(allSites, 365, cpmodel)

allSites[allSites$Type=="" & !allSites$Dead,][c(1,8,9)]
   Marketplace SixMonth OneYear
# 46         BMR   1.0000  0.3679
# 47       Sheep   0.8084  0.6429
# 48    BuyItNow   0.8248  0.7286
# 49     Pandora   0.6934  0.5720
# 50         SR2   0.6765  0.5579
# 51   Tormarket   0.6765  0.5579

While it seems rea­son­able to expect these mar­kets to sur­vive with high con­fi­dence for a few months, I am left quizzi­cal by the esti­mate that BMR has a 100% chance of sur­viv­ing for half a year, yet a 37% chance of sur­viv­ing for a year. I could accept the 37% esti­mate, but 100% is bizarre and reflects the lim­its of this approach.


A nifty way of esti­mat­ing some things come from (addi­tional deriva­tions): s fail­ures and n total chances to fail, is . nshep­perd offers a more gen­eral for­mu­la: the prob­a­bil­ity that the next site will last for at least ‘z’ time, given total run­ning of all DNMs of t months with n shut­downs is .

Pooled, all-mar­kets (SR+BMR+Sheep+Deepbay+BIN+PBF+Budster+SR2+TorMarket), # of fail­ures vs # num­ber of live months:

  • by Laplace: 5/(33+6+5+0+0+30+10+8+1+0+0) = 5/93 = 0.0434 = 5.4% chance of clo­sure per mon­th; gen­er­al­ly: 1 - (93 / (93+1))^5 = 100 - 95% = 5% chance of clo­sure in the first month

    1. 6 month sur­vival: (93 / (93+6))^5 = 73% chance of sur­vival = 27% clo­sure
    2. 12-month sur­vival: (93 / (93+12))^5 = 54% chance of sur­vival = 46% clo­sure

By mar­ket:

  • BMR:

    1. 6-mon­th: 33 / (6 + 33) = 0.84 = 84% sur­vival = 16% clo­sure
    2. 12-mon­th: 33 / (12 + 33) = 0.73 = 73% sur­vival = 27% clo­sure
  • Sheep:

    1. 6-mon­th: 9 / (6 + 9) = 0.60 = 60% sur­vival = 40% clo­sure
    2. 12-mon­th: 9 / (12 + 9) = 0.43 = 43% sur­vival = 57% clo­sure

I believe both sets of esti­mates are lower than the true risk, given what I have dis­cussed about the sites’ secu­rity & anonymi­ty.



Archives of SR pages

For myself & other peo­ple, I some­times archive sets of DNM pages; they may be of inter­est to oth­ers, so I pro­vide a list here:

  1. See also the fol­lowup look­ing at DNMs in gen­er­al: , Soska & Christin 2015↩︎

  2. Given the exe­crable & ama­teur qual­ity of the PHP code which pow­ered BMR, it is diffi­cult to see how any­one sane could trust the site again.↩︎

  3. “Meet The Dread Pirate Roberts, The Man Behind Boom­ing Black Mar­ket Drug Web­site Silk Road”, pg2 (Sep­tem­ber 2013 Forbes).↩︎

  4. “The emer­gence of deep web mar­ket­places: a health per­spec­tive”, Caudevil­la; ch7, The Inter­net and drug mar­kets 2016:

    At the end of 2012 and dur­ing 2013, the Energy Con­trol team was aware of the grow­ing pop­u­lar­ity of DWMs through infor­ma­tion pro­vided by recre­ational drug users. An exploratory search of the avail­able mar­kets at that time (Silk Road, Black Mar­ket Reloaded and Sheep) prompted the devel­op­ment of the IDTS pro­vided by Energy Con­trol and focus­ing on DWMs.

    Dur­ing the first quar­ter of 2014, a spe­cific pro­to­col with objec­tives, pro­ce­dures, meth­ods and tech­niques was elab­o­rated using TEDI (Transna­tional Euro­pean Drug Infor­ma­tion: TEDI, 2014) guide­lines as a ref­er­ence. All sam­ples were analysed by . The fee for a sim­ple analy­sis was EUR 50 (to be paid in bit­coin­s). All funds raised were put back into run­ning the pro­ject.

    A one-year pilot project started in April 2014; drug users who pur­chase drugs in DWMs were the tar­get pop­u­la­tion. Sev­eral threads in the main DWM forums were opened offer­ing gen­eral infor­ma­tion about the IDTS with links to a spe­cific IDTS page on Energy Con­trol’s web­site ( 12 ). An email address for users to con­tact the ser­vice for detailed infor­ma­tion about the process was made avail­able. After sub­mit­ting sam­ples for analy­sis, users receive a detailed report with drug test results and spe­cific and indi­vid­u­alised harm reduc­tion infor­ma­tion. Users were encour­aged to engage with Energy Con­trol experts by emails or in DWM forums in order to resolve their ques­tions.

    …A total of 129 sam­ples were analysed over this peri­od, as shown in Fig­ure 7.2. Users are asked about the type of sub­stance they believe they have pur­chased. In 120 of 129 sam­ples (93%), the main result of the analy­sis was con­sis­tent with the infor­ma­tion pro­vided by the user. In the remain­ing 9, the sam­ple con­tained another drug, a mix­ture of sub­stances was detected or it was not pos­si­ble to deter­mine the com­po­si­tion of the sam­ple with the ana­lyt­i­cal tech­niques employed. The main results of the drug test­ing are shown in Table 7.2 was the sub­stance most fre­quently sub­mit­ted for analy­sis. Purity lev­els were high, although more than 50% of sam­ples were adul­ter­at­ed. was the adul­ter­ant most fre­quently detect­ed, in 43% (23 out of 54) of sam­ples. Other adul­ter­ants detected in cocaine sam­ples were in 9% (5 out of 54), caffeine (1 sam­ple) and (1 sam­ple). sam­ples (in both pill and crys­tallised forms) showed high lev­els of puri­ty, and no adul­ter­ants or other active ingre­di­ents were detect­ed. Other sam­ples analysed were and (n = 3), , , , , , syn­thetic cannabi­noids (n = 2), , , , , , , , , , , and (n = 1). Results for MDMA pills, show­ing very high dosages of MDMA that can lead to sig­nifi­cant adverse or toxic effects, are sim­i­lar to those reported by other harm reduc­tion groups offer­ing drug test­ing pro­grammes (TEDI, 2014). The high fre­quency of non-adul­ter­ated cocaine sam­ples is also notable, although lev­amisole con­t­a­m­i­na­tion seems to be a wide­spread prob­lem, as reported in the rest of the global drug mar­ket…An­other inter­est­ing aspect is the low fre­quency of ‘’ in sam­ples sub­mit­ted for analy­sis.

    TABLE 7.2: Test results for sam­ples analysed by the Energy Con­trol Inter­na­tional Drug Test­ing Ser­vice (Sam­ples analysed between April and Decem­ber 2014. Cat­e­gories with n < 5 sam­ples not includ­ed.)

    Sam­ple n Only main com­pound detected Purity (m ± SD) Range
    Cocaine 54 48.1% (26/54) 70.3 ± 19.9% 5-99%
    MDMA (crys­tal) 9 100% (9/9) 91.1 ± 8.0% 78-99%
    MDMA (pills) 8 100% (8/8) 142.1 ± 40.2 mg 94-188 mg
    Amphet­a­mine (speed) 8 37.5% (3/8) 51.6 ± 34.6% 10-98%
    LSD 8 100% (8/8) 129.7 ± 12.1 μg 107-140 μg
    Cannabis resin 5 100% (5/5) THC: 16.5 ± 7.5% / CBD: 3.4 ± 1.5% THC: 9.1-16.4% / CBD: 1.6-5.3%
    Ket­a­mine 5 40% (2/5) 71.3 ± 38.4% 27-95%
  5. “Sources: DEA probes Silk Road, sus­pected online hub for ille­gal drugs”, 2013-09-22:

    “So far, unfor­tu­nate­ly, their sys­tem has been some­what suc­cess­ful,” said a fed­eral law enforce­ment source involved in the inves­ti­ga­tion into the site. “Our goal is to make sure that does­n’t con­tinue to be the case.” Fed­eral charges have yet to be brought against the site or its admin­is­tra­tors, but another law enforce­ment source involved in the Silk Road probe said high­-tech inves­tiga­tive meth­ods used by the gov­ern­ment are help­ing inves­ti­ga­tors build a case. Those meth­ods include encryp­tion-crack­ing tech­nol­ogy and the exploita­tion of secu­rity weak­nesses in some encrypted email and instant mes­sage soft­ware used by Silk Road cus­tomers, the source said. Efforts to find any known oper­a­tor of Silk Road were unsuc­cess­ful.

    The encrypted chat pro­gram may be (given its pop­u­lar­i­ty) or (given its seri­ous secu­rity issues & its known use by the Atlantis admin­is­tra­tors, who shut down in Sep­tem­ber 2013 cit­ing secu­rity issues); the “encrypted email” is almost cer­tainly a ref­er­ence to , which allowed emails set in the clear & which server was seized in the July/August FBI raids on Free­dom Host­ing.↩︎

  6. For exam­ple, the British writes in “How ille­gal drugs are bought and sold on the dark web”:

    How­ev­er, Silk Road is still up and run­ning. A source close to the FBI told Chan­nel 4 News that it has “excep­tion­ally good oper­a­tional secu­rity”, and its own­ers avoid per­sonal meet­ings in order to stay under the radar.

    This sounds like the FBI might know quite a bit about DPR—except that month before, Andy Green­berg had writ­ten in Forbes:

    At one point dur­ing our eight-month pre-in­ter­view courtship, I offer to meet him at an undis­closed loca­tion out­side the United States. “Meet­ing in per­son is out of the ques­tion,” he says. “I don’t meet in per­son even with my clos­est advi­sors.” When I ask for his name and nation­al­i­ty, he’s so spooked that he refuses to answer any other ques­tions and we lose con­tact for a month.

  7. A poster on the SR forums claims:

    The beauty of this sys­tem is that the buyer has no idea who is sell­ing them the drugs. I still talk to some peo­ple I used to work with and they talk about this place. They don’t know what to do about it. In gen­er­al, the police are inter­ested in get­ting drug deal­ers. They will arrest buy­ers to get to the deal­ers. They try to flip small time deal­ers to get to big­ger deal­ers, but that rarely hap­pens. Usu­ally they are just get­ting other small deal­ers. The only way I know of that they could prove you were using SR is by seiz­ing your com­puter and find­ing evi­dence on it or by you telling them. Even if that hap­pens, they still won’t be able to get to the deal­er. SR is very frus­trat­ing to law enforce­ment. I just talked to a cop who was at a con­fer­ence where the DEA was talk­ing about SR. Accord­ing to him, they don’t have a clue with how to bust this place and the DEA guy was one of their com­puter experts.

  8. DPR pub­licly claims the attack was sophis­ti­cated and fea­tured zero-days; from his 2013 Forbes inter­view:

    Q: What can you tell me about the cyber­at­tack that hit the Silk Road in May? How big was it? How long did it last? Is it still going on? Do you know any­thing about who is respon­si­ble?

    A: It lasted nearly a week if I recall cor­rect­ly. Hack­ers and scam­mers are con­stantly try­ing to attack Silk Road any­way they can. Every­one knows there’s a lot of money flow­ing through here, so we are the biggest tar­get on the Tor net­work by far. This has been a bless­ing and a curse. For one, our sys­tems are incred­i­bly resilient to attack and are con­stantly being test­ed. On the other hand, we are on the fron­t-line deal­ing with and react­ing to all of the lat­est exploits. We do our best to stay at least one step ahead, but as we saw last mon­th, some­times we get taken by sur­prise by some­one with a zero day exploit. This one was by far the most sophis­ti­cated we’ve seen to date. I’d rather not com­ment on the par­ties respon­si­ble for the attack or the specifics of the attack itself.

    Q: So this was not merely a dis­trib­uted denial of ser­vice attack? It was a zero day exploit? Did it gain access to any data or sim­ply knock the site offline?

    A: I’m not one hun­dred per­cent on this, but I don’t think it’s pos­si­ble to do a DDoS over Tor, or at least it is much harder than doing it over the clear net. The effect of the attack was to block access to Silk Road. No data was leaked, in fact we’ve never had a data leak.

    Q: Do you believe the attack was orches­trated by your com­peti­tors at Atlantis, as many have sug­gest­ed?

    A: I’d rather not com­ment on the par­ties respon­si­ble for the attack.

  9. Which includes SR founder Dread Pirate Roberts and his suc­ces­sor; for a selec­tion of their writ­ings on the top­ic, see Green­berg’s “Col­lected Quo­ta­tions Of The Dread Pirate Roberts, Founder Of Under­ground Drug Site Silk Road And Rad­i­cal Lib­er­tar­ian”.↩︎

  10. Dread Pirate Roberts on SR’s data reten­tion pol­icy c. July/August 2012:

    • addresses are kept on record until your ven­dor has marked your item as shipped. I encour­age every­one to encrypt their address to their ven­dor’s pub­lic key just in case.
    • mes­sages are kept for two months. again, sen­si­tive data trans­mit­ted through our mes­sag­ing sys­tem should be encrypt­ed.
    • trans­ac­tion records, includ­ing feed­back are kept for 4 months. I said 3 in another thread, but upon dou­ble check­ing, it is 4. We do this because the data con­tained in the trans­ac­tion record, includ­ing the buy­er, is used to weight the feed­back for that trans­ac­tion. After 4 months, the age weight has pretty much reduced the weight to zero any­way, so we no longer need the data. If you want fur­ther expla­na­tion about this, check out the wiki page and forum thread about the feed­back weight­ing sys­tem.
    • the account­ing log is kept for 3 months. Only 2 weeks are dis­played so an adver­sary who gains access to your account won’t be able to see all of that his­to­ry.
    • with­drawal addresses are not kept, but every­one should real­ize that the time and amount of the with­drawal could nar­row down which trans­ac­tion it was in the blockchain quite a bit, espe­cially if it was an uncom­mon amount.
    • deleted items are kept for 4 months. this is to pre­serve the integrity of the link to the trans­ac­tions asso­ci­ated with the item.
    • user accounts with a zero bal­ance and no activ­ity for 5 months are delet­ed.

    …These time para­me­ters were arrived at through trial and error. They are as tight as we can make them with­out sac­ri­fic­ing the integrity of the mar­ket. Could they be a lit­tle tighter? Maybe by a week or two, but please think through the impli­ca­tions of pol­icy changes before you call for them.

    That SR1 did have such a data reten­tion pol­icy has been con­firmed by the FBI in its JTAN search war­rant request, but it’s unclear whether the reten­tion pol­icy was under­mined by the SR1 backup sys­tem:

    In ana­lyz­ing the con­fig­u­ra­tion of the Silk Road Web Server, the FBI has dis­cov­ered that the server reg­u­larly purges data from these data­bases older than 60 days. Thus, the image of the Silk Road Web Server pos­sessed by the FBI con­tains data reflect­ing only 60 days of user activ­i­ty, count­ing back from the date the server was imaged…How­ev­er, the FBI has also dis­cov­ered com­puter code on the Silk Road Web Server that peri­od­i­cally backs up data from the server and exports that data to another serv­er. Test­ing of this backup script has revealed the IP address of the server to which this backup data is export­ed—­name­ly, the IP address of the TARGET SERVER. Based on analy­sis of the backup script, it does not appear that pre­vi­ously backed-up data is deleted when new back­-ups are made. There­fore, I believe it is likely that the TARGET SERVER con­tains records of user activ­ity on the Silk Road web­site span­ning a much longer date range than the data kept on the Silk Road Web Serv­er.

  11. Note that this is not a nor­mal WWW site; there are no nor­mal WWW sites for the SR. There was which was appar­ently con­trolled in some fash­ion by SR (prob­a­bly to stop domain squat­ting or scam sites pre­tend­ing to be SR), but what­ever it was, it was­n’t impor­tant; not updated reg­u­larly and no longer work­ing.

    The bad thing about .onion URLs is that they are not human-mem­o­rable (see ), and so it is espe­cially easy to spread a fake link. In par­tic­u­lar, SR has been the tar­get of many attacks, where a ran­dom .onion hid­den server is set up to look like SR and either pre­tends to be SR or just does a , prox­y­ing for the real SR serv­er. For exam­ple, one such site has already been linked in the com­ments on this page; it was easy to detect as it was even slower than SR (since there are two hid­den servers involved), and it blindly for­warded me to the real SR .onion with the fake user/password pair, appar­ently expect­ing that I would be logged in with­out prob­lem. Lat­er, SR intro­duced PINs required for any with­drawal of bit­coins, so phish­ers adapted their login forms to ask for PINs as well. A 2012-2013 exam­ple of such a phish­ing page:

    A screen­shot of a SR phish, with the tel­l-tale PIN field cir­cled; pro­vided by anony­mous author

    A research paper doc­u­mented how to observe traffic vol­umes to par­tic­u­lar hid­den ser­vices, so a blog­ger observed hid­den node traffic April-May 2013, and recorded what .onions were being vis­it­ed; no sur­prise, a sub­stan­tial num­ber were SR phish­ing attempts (“I have con­firmed that some users were directed to these phish­ing pages from links on the ‘The Hid­den Wiki’ (.o­nion).”). Sum­ming the offi­cial & phish­ing URLs for the 2 days his nodes were in charge of SR, he gets a lower bound of 27,836 vis­i­tors to SR & 327 to SR phish­ing sites (so 1.17% of would-be SR vis­i­tors were exposed to a phish­ing site) and an upper bound of 167,016/1,962 (re­spec­tive­ly). Another way to mea­sure hid­den-ser­vice traffic is to run a DNS server and see how many clients acci­den­tally try to lookup a hid­den ser­vice’s .onion address; Thomas & Mohaisen 2014 col­lected leaks 2013-09-10 to 2014-03-31 and found SR1 was 1.4% of leaked requests & Agora 1.1%, which given that Agora is grow­ing & SR1 is gone, sug­gests Agora may now be as large as SR1 was. Inci­den­tal­ly, the dark­net mar­kets seem to make up a large frac­tion of con­tent avail­able as Tor hid­den ser­vices; see the above traffic esti­mates and also Spit­ters et al 2014

    Nat­u­ral­ly, noth­ing stops the .onion URLs sup­plied on this page from them­selves being part of a phishing/man-in-the-middle attack! This is a fun­da­men­tal secu­rity prob­lem: how do you boot­strap your­self into a ? In this case, if you don’t know the SR admins, about all you can do is Google the URLs I have list­ed, and see whether enough other peo­ple claim that they are the true URLs that you will trust the URLs. Caveat emp­tor.↩︎

  12. Specifi­cal­ly, one that will be very diffi­cult to brute-force the hash. This won’t pro­tect you from some com­pro­mises of SR (for exam­ple, the server being con­trolled by an attacker and har­vest­ing pass­words as they are entered by live user­s), but it will pro­tect you from oth­er­s—­for exam­ple, if the data­base is stolen, a long pass­word helps frus­trate an attempt to derive the orig­i­nal pass­word and let them log into your account and engi­neer end­less nefar­i­ous mis­deeds.↩︎

  13. Mix­ing ser­vices are run by var­i­ous peo­ple and not always reli­able. Meik­le­john et al 2013 reported that one coin­tum­bler ser­vice stole their bit­coins, and Möser 2013 tested 3 coin­tum­blers & found 1 was bro­ken.↩︎

  14. Mt.­Gox and MyBit­coin offer a dou­bly instruc­tive les­son into why one trusts Bit­coin third-par­ties as lit­tle as pos­si­ble, keeps one’s bit­coins local­ly, and reg­u­larly back it up; the large Pol­ish exchange Bit­o­mat offers a third.↩︎

  15. Addresses ought always to be encrypt­ed, and fur­ther, one must do the encryp­tion one­self. If a sin­gle per­son, tool, or site is doing the encryp­tion for your SR order­ing, and only SR encryp­tion, then they are an obvi­ous tar­get for attack­ers like law enforce­ment.

    This is a very real con­cern: in Sep­tem­ber 2011, an older online drug mar­ket, “Farmer’s Mar­ket”, was busted and 8 admin­is­tra­tors or sell­ers were indicted. No users/buyers seem to have been arrest­ed, indict­ed, or con­victed yet, but report­edly for­mer cus­tomers have got­ten love-let­ter-e­quiv­a­lents from the Depart­ment of Jus­tice warn­ing them & ask­ing for infor­ma­tion.

    The indict­ment does­n’t reveal how all the evi­dence was obtained (aside from the drugs pur­chased by and mailed to agents), but the defen­dants all used a Cana­dian email ser­vice called which pro­vides a Web inter­face for emails encrypted using PGP. Hush­mail either pro­vides or runs the encryp­tion code for the user, and as such, can com­pro­mise users at any time, and indeed, turned over decrypted emails to law enforce­ment in the past (“Oper­a­tion Raw Deal” yielded “12 CDs” of email­s). I per­son­ally stopped using Hush­mail when this was revealed in 2007, but it seems the defen­dants did not. In Octo­ber 2012, a Tor devel­oper attended an FBI con­fer­ence where a DEA agent told them that “they just had ran­dom Amer­i­cans receive the Pay­pal pay­ments, take a cut, and then turn them into a Pana­ma-based dig­i­tal cur­rency [Pe­cu­nix], and the Panama com­pany did­n’t want to help trace where the money wen­t…the two main peo­ple used Hush­mail to com­mu­ni­cate. After a sub­poena (and appar­ently a lot of patience since Canada still isn’t quite the same as the US), Hush­mail rolled over and gave up copies of all the emails.” (The litany of detailed finan­cial records in the indict­ment is also a vivid demon­stra­tion of how inse­cure non-Bit­coin ser­vices can be.) Another sober­ing exam­ple comes from an Aus­tralian child pornog­ra­phy ring which prac­ticed remark­able oper­a­tional secu­rity in its use of PGP and Usenet mes­sage groups (as described in the 2008 Castle­man affi­davit & a sum­mary by Baal): after a mem­ber was flipped due to offline activ­i­ties, the length inves­ti­ga­tion suc­ceeded in pros­e­cut­ing less than half of its mem­bers, prin­ci­pally those mem­bers which had placed their trust in a third-party email/VPN ser­vice called Privacy.LI. Final­ly, was pop­u­lar with DNM users for pro­vid­ing a hid­den ser­vice, and while it did not betray its users, its French servers were seized in the raid and its emails have since been employed by the FBI.↩︎

  16. I only used the stan­dard Bit­coin escrow. (Need­less to say, Pay­pal is com­pletely out of the ques­tion.) SR has another escrow scheme where the escrowed amount is tied to the cur­rent exchange rate, in order to pro­tect the seller against exchange rate volatil­i­ty; that escrow is doc­u­mented in the announce­ment and the “Escrow hedge” sec­tion of the Buy­er’s Guide.

    Volatil­i­ty, par­tic­u­larly dur­ing Bit­coin’s peri­odic bub­ble such as the move from $1 to $30 dur­ing SR1’s early his­to­ry, has been sug­gested as a rea­son Bit­coin is inap­pro­pri­ate for DNMs (left unsaid, typ­i­cal­ly, is what non-cryp­tocur­rency would be a safe alter­na­tive or what alter­na­tive cryp­tocur­rency would be expected to be less volatile were it to become as suc­cess­ful as Bit­coin). But how does volatil­ity affect DNMs?

    Volatil­ity upwards is, of course, largely a good thing for DNMs, as they pro­duce a wealth effect. (Un­sur­pris­ing­ly! Why would Bit­coin becom­ing more valu­able be bad for a Bit­coin-based econ­o­my? If that’s a dis­as­ter, may Heaven send us many more such dis­as­ter­s.) The buy­ers, who have been hold­ing or obtain­ing bit­coins to pre­pare for future drug pur­chas­es, now have a more valu­able asset; and the sell­ers, who are typ­i­cally hold­ing even larger sums, get an unearned wind­fall profit. And the buy­ers who have a pur­chase in-flight may have missed out on a dis­count com­pared to if they had wait­ed, yes, but there are rel­a­tively few such peo­ple at any given instant (you only buy drugs every so often, after all) and they seem to take it fairly philo­soph­i­cally since they know they would­n’t’ve been hold­ing those bit­coins if they had­n’t been intend­ing to spend them buy­ing drugs in the first place. As much as old SR1ers joke about how they spent $500,000 of Bit­coin on LSD, every­one knows that’s not how it really works. And there’s no “defla­tion­ary spi­ral”, because DNMs rep­re­sent only a tiny frac­tion of trans­ac­tions, and any­way who’s going to hold off a drug order just because of the pos­si­bil­ity of a 5% increase the next day? If some­one really believed in Bit­coin being a great invest­ment, they’d sim­ply buy some more bit­coins to off­set their pur­chas­es.

    The really bad thing is when prices crash. This sets up an ugly dynamic for unhedged sell­ers: typ­i­cally you still have to pay your expenses and your sup­plier in a fiat, so do you con­tinue ship­ping out orders pre-paid with bit­coins which are now worth a lot less and may well incur a loss? That was always the prob­lem on SR1 as I recall it: ris­ing prices were great, but after a crash like -50%, some sell­ers could­n’t or would­n’t deliv­er. (Sim­i­lar to exit scams. Not every­one was good about being ade­quate­ly-cap­i­tal­ized or hav­ing safe profit mar­gins or avoid­ing debt.)

    This is bad until the in-flight orders get worked out, one way or anoth­er. Of course, sub­se­quent orders are then pegged to the new lower exchange rate so the prob­lem is tem­po­rary. If Bit­coin dropped 90%, there’d be mass can­cel­la­tions and a lot of anger, but after all the sturm und drang, it would go mostly back to nor­mal maybe with a num­ber of sell­ers banned or their rep­u­ta­tion per­ma­nently tar­nished, except an order which cost 0.1btc the week before now costs 1btc etc. And any neg­a­tive wealth effect, I sup­pose, from buy­ers eat­ing the loss on their held bit­coin & need­ing to stock up, and feel­ing poorer and order­ing less.↩︎

  17. “Final­iza­tion” can be done before the pack­age arrives, but obvi­ously this leaves you open to a bad sell­er. I have never final­ized ear­ly, and I regard as idiots any­one who does—an opin­ion borne out by reports of a SR scam in April 2012 where the high­ly-rated seller Tony76 held an attrac­tive sale requir­ing early final­iza­tion; the hun­dreds of orders never appeared, and he left with thou­sands of bit­coins. (See the SR forum thread for Tony76 reviews for dis­cus­sion ad nau­se­am.) He ran a pri­vate store as well, and that has been esti­mated at steal­ing >5,800 bit­coins. The pro­ce­dure is also inter­est­ing; cap­tain­jojo:

    From every indi­ca­tion Tony76 was set­ting every­thing up for this a cou­ple of weeks in advance. He refused to send via express or pri­or­ity or any type of tracked ship­ment, so it would take longer before peo­ple could say their pack­age was­n’t com­ing. He asked for FE from basi­cally every­body, he opened up inter­na­tion­al. He then told every­one he was going offline to get caught up, fur­ther obscur­ing things. The sim­plest answer would seem to be he just com­pleted one of the biggest scams on SR and is relax­ing sea­side with a Mar­garita with 60-100k of every­body’s mon­ey.

    This fail­ure mode was fore­seen by cypher­punks back in the 1980s & 1990s; Tim­o­thy C. May’s com­ments on the issue have already been quot­ed. The of Christin 2013 gives us a SR-wide look into the prac­tice of FE:

    We observe that 20,884 instances of feed­back con­tain vari­a­tions of “F.E.,” “final­iz­ing ear­ly,” or “final­ize ear­ly.” This shows that final­iz­ing early is a rather com­mon prac­tice on SR. There does not appear to be [sub­stan­tial­ly] more prob­lems reported with feed­back includ­ing such strings (only 342 of them map to a rat­ing of 1 or 2). This seems to show that estab­lished sell­ers that are offered the option of request­ing early final­iza­tion from their cus­tomers do not abuse that priv­i­lege….A third obser­va­tion is that item 4 stops being sold imme­di­ately after April 20. The last time it is observed on the site is April 25, before being de-list­ed. From dis­cus­sions in SR forums [6], it appears that the seller of that item abruptly left the mar­ket­place, poten­tially leav­ing a large num­ber of paid, final­ized ear­ly, orders unful­filled. In other words, there is sus­pi­cion of a “white­wash­ing attack [12],” whereby a seller cre­ates an excel­lent rep­u­ta­tion, before using that rep­u­ta­tion to defraud users and leav­ing the sys­tem. In hind­sight, the 20% drop in price occur­ring just prior to April 20 was con­sid­er­ably steeper than all the other pro­mo­tional dis­counts. This could have been an indi­ca­tor that the seller was not intend­ing on ful­fill­ing their orders and was instead arti­fi­cially low­er­ing prices in hopes of attract­ing large num­bers of cus­tomers to defraud.

    I’d note that this does­n’t show that one can F.E. heed­less­ly, since it is a descrip­tion of the cur­rent sta­tus quo in which users know not to F.E. light­ly; this only proves a claim like ‘exist­ing sell­ers request­ing early final­iza­tion have not yet majorly abused it’. Another major issue is that these esti­mates are an upper bound due to 3 sources of under­es­ti­mat­ing neg­a­tive reviews (per­sonal com­mu­ni­ca­tion, 2013): Christin’s crawl had access issues in April 2012 and so did not cap­ture any non-FE post-4/20 reviews left for Tony76; the dele­tion of banned seller pages—Tony76’s page was gone by the time the crawl resumed—means that neg­a­tive reviews are much more likely to not be pub­licly acces­si­ble; and peo­ple who were scammed do not seem to reli­ably update their “5/5 FE” reviews. The final 2013 paper reads

    We observe that 20,884 instances of feed­back con­tain vari­a­tions of “F.E.”, or “final­iz­ing early”, account­ing for spelling vari­a­tions (“final­ize” vs.“finalise”) and word order (“early final­iza­tion” vs “final­ize early”). Feed­back includ­ing such strings does not, at first glance, appear [sub­stan­tial­ly] worse: only 342 of them map to a rat­ing of 1 or 2. There is how­ever a [sub­stan­tial] caveat behind this find­ing. A buyer that final­izes ear­ly, leaves a good rat­ing, and ends up being defraud­ed, does not have to lower their rat­ing; doing so is purely vol­un­tary, and other than by sheer altru­ism, there is lit­tle incen­tive to do so. In fact, buy­ers may not even have the pos­si­bil­ity of updat­ing their feed­back, if a rogue seller shuts their page down after hav­ing absconded with their vic­tims’ mon­ey.

  18. To quote a SR seller:

    I don’t think I’m risk­ing much. It would be almost impos­si­ble for law enforce­ment to find me. They would need to find out where the pack­age came from, and go to that mail­box, and have a police offi­cer wait a few weeks for me to return to that mail­box. All just because they found a 100mg of a Sched­ule II drug in an enve­lope. Also, they would­n’t sus­pect me. My crim­i­nal record is per­fectly clean. Not even a park­ing mis­de­meanor…I doubt that I could be caught. They would need to find out the mail­box that I’ve been putting the pack­ages in, and then have some­one wait there and watch me, and then they would need to prove that I was the one who put it in the mail­box. So if they could back­-track and find out where the pack­age came from, then maybe they could catch me. Also, there are many differ­ent mail­boxes around me, so I put the pack­ages in differ­ent mail­boxes each time. Defi­nitely can’t hurt.

    A Red­di­tor com­ments on the juris­dic­tional advan­tages of going through USPS (as is usu­ally rec­om­mended in seller dis­cus­sion­s); I do not know if he is cor­rect, but the descrip­tion sounds plau­si­ble:

    Also, once it’s in the mail­box, it’s prop­erty of the US postal ser­vice, and they’re VERY par­tic­u­lar about what hap­pens to it. No one (in­clud­ing other agen­cies) can carry weapons in a post office except for postal inspec­tors, nor can they inves­ti­gate mail on their own; it has to go through the post office itself.

  19. I was not wor­ried at all. I’ve researched very care­fully how many modafinil users have ever been pros­e­cuted for any rea­son, and it is a hand­ful at most out of mil­lions of users, and that includes peo­ple order­ing from online phar­ma­cies which are far less secure than SR. As well, the most sim­i­lar exam­ple, Farmer’s Mar­ket (see pre­vi­ous foot­note) showed no pros­e­cu­tions of their cus­tomers, and they had ter­ri­ble secu­ri­ty. So I was safe on mul­ti­ple lev­els: I was buy­ing some­thing almost never pros­e­cut­ed, I was a cus­tomer & not a sell­er, I was buy­ing on a secure site, and I was buy­ing small quan­ti­ties.↩︎

  20. I have no idea why the stamps are not ; Wikipedia men­tions that some­times the stamp can­cel­la­tion machines fail and the stamps get a instead. One seller men­tions that some­times he receives uncanceled stamps, and ask­ing older rel­a­tives, they did too (and some­times the pack­age or enve­lope was can­celed—just not on the stamp­s).↩︎

  21. This met­ric is the per-u­nit cost weighted by an expect­ed-value inter­pre­ta­tion of what feed­back implies about the risk; see the later Quan­ti­ta­tive sec­tion for the full expla­na­tion.↩︎

  22. See the threads AAKOVEN SELECTIVE SCAMMER!” & “AAkoven—US Buy­ers Beware”↩︎

  23. aakoven forum accoun­t’s posts↩︎

  24. For unit prices <₿3, I increase the unit count until it fits within ₿7.5; oth­er­wise, μg/₿ is cal­cu­lated the obvi­ous way: dose times quan­tity divided by price plus ship­ping.↩︎

  25. Pre­mi­um­DutchUK forum accoun­t’s posts↩︎

  26. The pro­lific seller Synap­tic was excluded for fail­ing to pro­vide a pub­lic key; pub­lic keys are not option­al.↩︎

  27. “lonely kamel” forum accoun­t’s posts↩︎

  28. Vita­Cat forum accoun­t’s posts↩︎

  29. “No FE ever” forum accoun­t’s posts↩︎

  30. graffen­burg forum accoun­t’s posts↩︎

  31. USAReshipper forum accoun­t’s posts↩︎

  32. The sec­ond tran­script of tes­ti­mony by Skin­ner (co-con­spir­a­tor, turned state’s evi­dence) has this pas­sage on page 7-8:

    [Skin­ner:] …This [aspirin pill] weighs approx­i­mately a gram. And if it was ground up and every­thing, this would be about 10,000 doses of LSD in the pure crys­talline form.

    Q. And what would then a dosage unit sell for?

    A. At the whole­sale level to the largest cus­tomers in the world, approx­i­mately 29.75 cents per dosage.

    Q. And what would it sell for then on the street at the retail lev­el, if you know?

    A. Well, I—I’ve heard as—­fig­ures as high as…$10 per dose.

    Q. (by Mr. Hough) So when a kilo­gram was man­u­fac­tured at this lab and it was then given -

    A. Fronted out to Petaluma Al.

    Q. Fronted out to Petaluma Al, what was the under­stand­ing of what that was worth and what -

    A. $2,975,000 approx­i­mate­ly.

  33. Illus­trat­ing the dan­ger of early final­iza­tion even for top sell­ers, he did a “sale” FE rip-and-run in Feb­ru­ary 2013 which net­ted >₿700 (>$21k); report­edly he left a Wire quote on his pro­file page: “But, the game’s out there, and it’s play or get played. That sim­ple.” To which one might add, . ETM’s scam played out as it slowly became appar­ent that another LSD sell­er, Lucy­Drop, was pulling the same thing and prob­a­bly had­n’t shipped any of their >600 out­stand­ing orders (>$70k).

    I am increas­ingly dis­gusted watch­ing these FE scams: while suck­ers will always be suck­ers and peo­ple scammed by FE have mostly them­selves to blame, equally to blame is the SR staff/DPR, for enabling these scams. They could at any time sim­ply ban FE, and choose not to. Nor am I alone in this; dis­cussing events with sev­eral peo­ple, the con­ver­sa­tion invari­ably went some­thing like this:

    • me: [men­tions lat­est FE scam]
    • them: What’s FE?
    • me: Oh, that’s where you delib­er­ately release your pay­ment from escrow to the seller before the goods have arrived.
    • them: ??? Why would you ever do that?
    • me: Well, there’s a cou­ple rea­sons. You could do it to be nice to the sell­er, maybe make their cash­flow eas­i­er. Or because you’re a new buyer and should bear some more risk. And… that’s mostly it, real­ly.
    • them: Those don’t sound ter­ri­bly impor­tant. Am I miss­ing any­thing?
    • me: Not that I know of.
    • them: I see. How much did you say these two big recent FE scams lost?
    • me: We think that they made away with $40-140k, but it could be more depend­ing on how many peo­ple haven’t left feed­back, how many will con­tinue order­ing, what exchange rate they cash out at, etc.
    • them: And how much does SR sell a mon­th?
    • me: Christin 2012 esti­mates some­thing like $1.2m a month.
    • them: So this month SR buy­ers have lost to just 1 or 2 scam­mers the equiv­a­lent of a tenth of the entire monthly turnover of SR, as much as SR itself takes in com­mis­sions, all thanks to an almost entirely use­less ‘fea­ture’, and the SR staff have done noth­ing about it?
    • me: Looks like it.
    • them: [hope­ful] Did this ‘early final­iza­tion’ fea­ture just get added?
    • me: No. It’s been there since the start ~3 years ago. [help­ful­ly] There’s been lots of big scams before this too, like Tony76 who made off with, I think, >$100k in total.
    • them: This looks like the Worst Idea Ever, unless the SR staff hates the buy­ers and wants them to suffer as much as pos­si­ble. Am I insane—or are the SR staff incom­pe­tent, insane, or evil?
    • me: I have no idea.

    The com­pet­ing Atlantis mar­ket­place prided itself on its less abu­sive early final­iza­tion sys­tem

    Restricted Final­ize Early (we only allow our trusted sell­ers [see seller guide for require­ments] to request Final­ize Ear­ly, the option is not phys­i­cally avail­able for other sell­ers, and request­ing it will have them banned. This has proven to be a price­less tech­nique for pro­tect­ing users and weed­ing out scam­mer­s.)

  34. Look­ing at the reviews posted to the front page and sen­ti­ment on the forum, I would haz­ard a guessti­mate that scam­mers are 0-10% of the mar­ket­place, and prob­a­bly to the low end of that spec­trum. In the Jan­u­ary 2012 one-year anniver­sary mes­sage, “State of the Road Address”, the admin­is­tra­tor claimed that “over 99% of all trans­ac­tions con­ducted within the escrow sys­tem are com­pleted to the sat­is­fac­tion of both buyer and sell­er, or a mutu­ally agreed upon res­o­lu­tion is found.” Christin 2013’s analy­sis found 99.1% of feed­backs giv­ing 4-5 stars (sim­i­lar to eBay rank­ings) but notes that this can­not pick up scams done out of escrow (as one might expect many scams to be done).↩︎

  35. A seller can­not nec­es­sar­ily sim­ply pro­vide their pub­lic key & the orig­i­nal mes­sage, and oper­a­tors encrypt the mes­sage to the key to get the same encrypted text, because GPG appears to not be deter­min­is­tic. There are encryp­tion approaches which would allow it, but they weren’t in use.↩︎

  36. While BW held up its end of the deal and I under­stand why its oper­a­tor might fear the legal con­se­quences, I am a lit­tle dis­ap­pointed that he chose not to pub­lish it; I was reminded of :

    Thus con­science does make cow­ards of us all,
    And thus the native hue of res­o­lu­tion
    Is sick­lied o’er with the pale cast of thought,
    And enter­prises of great pith and moment,
    With this regard their cur­rents turn awry,
    And lose the name of action.

  37. Dis­missal of LE as too incom­pe­tent to mount attacks fea­si­ble for the NSA has become much less ten­able as the news has leaked how the NSA has shared data with the DEA’s “Spe­cial Oper­a­tions Divi­sion”. Given the mount­ing weak­nesses in the Tor net­work & hid­den ser­vices, it is likely the NSA could find SR if it wants. The only pos­i­tive aspect to the Snow­den leaks for SR is that the doc­u­ments show that the NSA goes to con­sid­er­able effort to reveal data gath­ered through its advanced capa­bil­i­ties only when it is pos­si­ble to come up with a more inno­cent pos­si­ble source (a “par­al­lel con­struc­tion”), and there does­n’t seem to be any obvi­ous way to do that for a SR bust. The most obvi­ous place that par­al­lel con­struc­tion might enter into SR is the Cus­toms search which—mirabile dictu—just hap­pened to uncover Ulbricht’s fake IDs, inas­much as the DEA train­ing mate­ri­als on par­al­lel con­struc­tion empha­size the value of search­es.↩︎

  38. The oper­a­tor of the failed (hacked) post-SR2 mar­ket Flo­Mar­ket pro­vides an explicit exam­ple in his post-shut­down inter­view:

    myself: who are you in real life, per­son­ally and pro­fes­sion­al­ly?

    Flole: I have devel­oped soft­ware for some peo­ple, but I never did it pro­fes­sion­al­ly. I did it just as hob­by, and I learned all pro­gram­ming skills as hob­by.

    Flole: Per­son­ally I am a 15 year old pupil, liv­ing in EU, who has fun devel­op­ing soft­ware. I am doing it for sev­eral years now.

    Flole: As a side note i can add that I have never tried any drugs, never smoked cig­a­rettes and never drink alco­hol.

    myself: How did you ended to develop and admin a Dark­Mar­ket? and Why? what were you expect­ing from it?

    Flole: I saw that silkroad has been seized and I thought there should be some­thing replac­ing it (Silkroad 2.0 has been faster). I have read, that back­opy, admin of BMR, made 440.000$ per days, so I though: sounds inter­est­ing I mainly expected money and fun from it. I wanted to buy expen­sive DJ equip­ment, so I started the site.

    myself: what do you think about all the new dark­mar­kets that have been cre­ated late­ly?

    Flole: they tried the same thing I did: Mak­ing profit from SR and BMR shut­down. I think we can’t trust to any of the new sites, since they haven’t been tested for exploits. I will and like my site: Some time all works well, and then they get hacked… They just want to make money easy and fast…

  39. If we were to clas­sify Silk Road / BMR / Atlantis / SMP as the first gen­er­a­tion of Bit­coin+­Tor DNMs and analo­gize them to Nap­ster, then the sec­ond gen­er­a­tion of DNMs, the Bit­Tor­rent of DNMs, will—I think—be the new DNMs which make use of “mul­ti­-sig­na­ture escrow” to remove the weak point of a cen­tral­ized site han­dling deposits/escrow which can then be hacked or stolen. “The Mar­ket Place” seems to be the pio­neer here, but it’s still too early to say whether mul­ti­-sig­na­tures work in prac­tice like they do in the­ory or whether DNM users value the con­ve­nience of a cen­tral­ized site too much.↩︎

  40. A les­son that must be relearned with every major theft or loss of Bit­coins. For exam­ple, core devel­oper Gre­gory Maxwell rebuk­ing blockchain sleuths on 2014-02-27 after the MtGox bank­rupt­cy:

    What peo­ple are doing is load­ing up a famous 424k BTC trans­ac­tion MTGox made in 2011. (Or at later 550k BTC trans­ac­tion for which I’m aware of no solid evi­dence belonged at the time to MTGox—Just some spec­u­la­tion by Dooglus) and then click­ing around on the move­ment of funds until they find an address with a large amount of coin avail­able to it.

    The prob­lem is that you would expect a large por­tion of all with­draws from MTGox to be linked in such a man­ner and cer­tainly all very high value ones. Once you’ve gone even one hop you can­not be sure that the coins are con­trolled by MTGox any­more. The alter­na­tive hypothe­ses that these were large man­ual with­draws to big pur­chasers is equally sup­ported by the data. A sig­nifi­cant frac­tion of all cir­cu­lat­ing coins are “linked” to MTGox—but this does­n’t mean that MTGox cur­rently con­trols them.

  41. Deal­ing with a con­trolled deliv­ery by sign­ing and then hav­ing “thrown it in the trash” did not work in the case of Matthew Nel­son. I’m not clear on whether just sign­ing and then not tak­ing it any­where is cul­pa­ble or if it was due to the trig­gered search war­rant which turned up addi­tional con­tra­band and then enabled a charge on pos­ses­sion of the pack­age.↩︎

  42. Rel­e­vant excerpt:

    The Gov­ern­ment intends to offer evi­dence that, while the Silk Road web­site was oper­a­tional dur­ing 2013, the defen­dant attempted to pro­cure fraud­u­lent iden­ti­fi­ca­tion doc­u­ments from Silk Road, and that the defen­dant leased servers under fake iden­ti­ties.

    On or about July 10, 2013, agents with U.S. Cus­toms and Bor­der Pro­tec­tion (“CBP”) inter­cepted a pack­age that was inbound from Canada as part of a rou­tine bor­der search, which con­tained nine fraud­u­lent iden­ti­fi­ca­tion doc­u­ments. (Com­pl. ¶ 42(a)(i)). These coun­ter­feit iden­tity doc­u­ments con­sisted of fake dri­ver’s licenses bear­ing Ulbricht’s pho­tograph, but with differ­ent names, and appeared to be issued by New York, Flori­da, Tex­as, Col­orado, Cal­i­for­nia, South Car­oli­na, Alber­ta, Canada, the United King­dom and New South Wales, Aus­tralia. The Gov­ern­ment expects to offer these seized coun­ter­feit iden­ti­fi­ca­tion doc­u­ments into evi­dence, through the tes­ti­mony of an agent with Home­land Secu­rity Inves­ti­ga­tions, who, on or about July 26, 2013, per­formed a con­trolled deliv­ery of the fraud­u­lent iden­ti­fi­ca­tion doc­u­ments to Ulbricht. (Com­pl. ¶ 42(a)(i­i)). The Gov­ern­ment expects Agen­t-1 to tes­tify that Ulbricht pro­duced a copy of his true gov­ern­men­t-is­sued Texas dri­ver’s license dur­ing this encoun­ter, and stat­ed, in sum and sub­stance and among other things, that: (1) “hypo­thet­i­cally” any­one could go onto a web­site called “Silk Road” and pur­chase any drugs or fake iden­tity doc­u­ments he or she desired; and (2) he lived at the res­i­dence to which the pack­age con­tain­ing the fake IDs was addressed, where he was liv­ing under the alias “Josh.” (Com­pl. ¶¶ 42(b)(i­i­i)-(iv)).

    Fur­ther, the Gov­ern­ment intends to intro­duce evi­dence that Ulbricht in fact ordered these coun­ter­feit iden­ti­fi­ca­tion doc­u­ments off of Silk Road, using the Silk Road user account “she­foundme.” Specifi­cal­ly, begin­ning on June 10, 2013-ap­prox­i­mately one month before the nine fake IDs were seized by CBP-“she­foundme” sent a mes­sage on the Silk Road mes­sag­ing sys­tem to a Silk Road ven­dor named “KingOf­Clubs,” in which “she­foundme” indi­cated he wanted to order “a few of your high­est qual­ity IDs.” In sub­se­quent mes­sages, “she­foundme” ordered nine fake IDs for $1,650 in United States cur­ren­cy, and spec­i­fied that he wanted coun­ter­feit iden­ti­fi­ca­tion doc­u­ments from New York, Flori­da, Tex­as, Col­orado, Cal­i­for­nia, South Car­oli­na, Alber­ta, Canada, the United King­dom and New South Wales, Aus­tralia, cor­re­spond­ing to the juris­dic­tions on the nine coun­ter­feit IDs which were ulti­mately seized by CBP. On July 5, 2013, “KingOf­Clubs” con­firmed that he had sent the pack­age con­tain­ing the fraud­u­lent iden­ti­fi­ca­tion doc­u­ments to “she­foundme” and that they were sched­uled to be deliv­ered the fol­low­ing week. On July 18, 2013, “KingOf­Clubs,” pro­vided the United States Postal Ser­vice (“USPS”) track­ing num­ber to “she­found­me,” in response to com­plaints that the pack­age had not arrived, and “she­found­me,” indi­cated that he checked the USPS web­site, which indi­cated that the pack­age was “inbound out of cus­toms on the 10th,” the date on which the coun­ter­feit iden­ti­fi­ca­tion doc­u­ments were seized by CBP.