Silk Road 1: Theory & Practice

History, background, visiting, ordering, using, & analyzing the drug market Silk Road 1
cryptography, statistics, nootropics, politics, predictions, Bitcoin, Silk-Road, interview, R, survival-analysis, survey, Bayes, tutorial
2011-07-112018-09-29 finished certainty: likely importance: 9

The cypher­punk move­ment laid the ide­o­log­i­cal roots of Bit­coin and the on­line drug mar­ket Silk Road; bal­anc­ing pre­vi­ous em­pha­sis on cryp­tog­ra­phy, I em­pha­size the non-cryp­to­graphic mar­ket as­pects of Silk Road which is rooted in cypher­punk eco­nomic rea­son­ing, and give a fully de­tailed ac­count of how a buyer might use mar­ket in­for­ma­tion to ra­tio­nally buy, and fin­ish by dis­cussing strengths and weak­nesses of Silk Road, and what fu­ture de­vel­op­ments are pre­dicted by cypher­punk ideas.

The web­site 1 (S­R1), a drug mar­ket­place op­er­at­ing in pub­lic, needs lit­tle in­tro­duc­tion at this point, after Gawker’s 2011 ar­ti­cle went vi­ral, draw­ing fire from the likes of US fed­eral Sen­a­tors Schumer & Manchin. It was prob­a­bly the sin­gle most fa­mous com­mer­cial en­ter­prise us­ing ; some spec­u­lated that de­mand from SR pa­trons sin­gle-hand­edly pushed the ex­change rate up by $5 the week­end of the Gawker ar­ti­cle. It then flour­ished un­til its bust in 2013-10-02.


Es­ti­mates of SR’s size have been done sev­eral ways: most pur­chases en­tail a re­view at the end, and re­views are dis­played on the front page, so one can mon­i­tor the front page and ex­trap­o­late to es­ti­mate av­er­age num­ber of trans­ac­tions per day or week, and from there es­ti­mate turnover and what SR’s com­mis­sions to­tal to: eg. ~100 trans­ac­tions a day over 2 years and av­er­ag­ing ~$150 is . (Christin 2013) spi­dered Silk Road for 8 months (2011-2012) and did some­thing sim­i­lar by record­ing all pub­lic prices, feed­back in­di­cat­ing how much had been sold, and cal­cu­lat­ing a monthly turnover of $1.2m for an­nual rev­enue of ~$15m; the differ­ence in es­ti­mates seems ex­plained by my es­ti­mate of daily trans­ac­tions be­ing con­sid­er­ably too low.1 The DHS in No­vem­ber 2013 es­ti­mated Mt. Gox alone “was mov­ing ap­prox­i­mately $60 mil­lion per month into a num­ber of In­ter­net-based hid­den black mar­kets op­er­at­ing on the Tor net­work, in­clud­ing Silk Road” around the time of Gox seizures in May 2013, al­though this turnover seems too high given other monthly es­ti­mates.

An­other way is to look in the blockchain for SR-re­lated ad­dresses or trans­ac­tions; one pos­si­ble ad­dress had a 2012-06-23 bal­ance of ₿450,825 or $2,885,280. Since it is un­likely there are ~$3m of trans­ac­tions ac­tive or sit­ting in wal­lets that day on SR when the largest pre­vi­ous Silk Road scam­mer (Tony76)—pulling out all the stop­s—­got away with an or­der of mag­ni­tude less mon­ey, this is highly likely to rep­re­sent Silk Road’s profits or profits plus bal­ances & es­crows; which at a com­mis­sion of 5-10% im­plies a to­tal Silk Road turnover of >$28m. In­ter­est­ing­ly, Christin 2013’s analy­sis con­cluded that Silk Road was by July 2012 re­ceiv­ing $92k monthly or $1.7m yearly in com­mis­sions (and twice that yearly fig­ure is larger than that ad­dress bal­ance—as it should be, be­ing an up­per bound). On 2013-04-09, a sin­gle trans­ac­tion of ₿69471 was made by the ad­dress 1BAD...GuYZ, and may have been re­lated to the SR coin­tum­bler. For fur­ther dis­cus­sion, see “A Fist­ful of Bit­coins: Char­ac­ter­iz­ing Pay­ments Among Men with No Names”, Meik­le­john et al 2013.


I know of one com­pet­ing Eng­lish Bit­coin+­Tor mar­ket­place as of 2011-06-09, named Black­Mar­ket Re­loaded which lives at 5onwnspjvuk7cwvk.onion (non-Tor mir­ror); in­formed 2011 opin­ion seemed to be that it is low-vol­ume and stag­nant, but it ap­par­ently has im­proved sub­stan­tially and as of Feb­ru­ary 2013, has grown sub­stan­tially with ~$700k monthly turnover and be­gun to ri­val SR; with the fall of SR, it at­tracted sub­stan­tially more at­ten­tion, some of which ex­tracted the site’s source code and copied its data­base, lead­ing BMR to shut down tem­porar­ily in 2013-10-17.2 A third ri­val, At­lantis (atlantisrky4es5q.onion; mir­ror) was launched 2013-03-14 and has re­port­edly turned over >$500k be­tween March and June 2013; it had a much more ap­peal­ing glossy We­b-2.0 look than the SR’s rel­a­tively old de­sign, but made some ques­tion­able choices like pro­vid­ing “con­ve­nient” in­-browser en­cryp­tion and us­ing rather than Bit­coin. At­lantis shut down in Sep­tem­ber 2013, after telling DPR1 that “they shut down be­cause of an FBI doc leaked to them de­tail­ing vul­ner­a­bil­i­ties in Tor.” The main ri­val to BMR was a small new site which started up in early 2013, called Sheep Mar­ket­place (sheep5u64fi457aw.onion), which in late No­vem­ber 2013 halted with­drawals, top ven­dors be­gan scam­ming users, and Sheep es­sen­tially shut down 2013-11-29 after ex­fil­trat­ing >₿39,644 & ap­par­ently sell­ing some on BTC-E. Fi­nal­ly, there was a “Deep­bay” (deepbay4xr3sw2va.onion), ap­par­ently started in early 2013 as well and go­ing pub­lic in June; lit­tle has been said about it and its se­cu­rity is un­known, but it re­port­edly stole all user bit­coins start­ing some­where around 2013-11-04.

There are 2 Russ­ian com­peti­tors, RAMP” & “Shop of Magic Prod­ucts” (Wired; short in­ter­view), which have been com­pared to SR and BMR (re­spec­tive­ly).


Nei­ther Bit­coin nor the Silk Road should be un­der­stood out­side their ide­o­log­i­cal and his­tor­i­cal con­text: the now-ob­scure move­ment.

The “cypher­punk” group was a loose affil­i­a­tion of cryp­to­graphic re­searchers and en­thu­si­asts cen­tered on the epony­mous email list in the 1980s and 1990s who de­vel­oped many novel ideas and ap­proaches to com­mu­ni­ca­tion, eco­nom­ics, and pol­i­tics. Achieve­ments of theirs in­cluded de­vel­op­ing (in­spir­ing the ), help­ing de­feat the Clin­ton-era and set­ting a key prece­dent, and help­ing de­feat USA (key to safe In­ter­net com­merce out­side the USA; the costs of ex­port re­stric­tions can be seen to this day in South Ko­rea, which locked it­self into a Mi­crosoft­/In­ter­net Ex­plorer com­puter mono­cul­ture). No event marked their dis­so­lu­tion, but through the ’90s, they grad­u­ally lost co­he­sion and in­ter­est as var­i­ous ideas were suc­cess­ful and oth­ers re­mained bar­ren. ( re­marked in 1994 that an ac­cept­able dig­i­tal cur­rency may take sev­eral years to de­vel­op, but that he had been that op­ti­mistic years be­fore as well; we could date the ful­fill­ment of the dream to Bit­coin—14 years lat­er—in 2008.) For­mer cypher­punks in­clude large cor­po­ra­tions to tech­no­log­i­cal in­no­va­tion (, de­scend­ing from Mo­joNa­tion) to niche groups like (dig­i­tal cur­rency in­ven­tor Wei Dai) to ac­tivism (, ) etc.

The cypher­punk par­a­digm can be sum­ma­rized as: “re­plac­ing cen­tral­ized sys­tems of in­ter­ac­tions en­forced by co­er­cion with de­cen­tral­ized sys­tems of vol­un­tary in­ter­ac­tion whose rules are en­forced by math­e­mat­ic­s/e­co­nom­ics”. Desider­ata for sys­tems in­clude: com­mu­ni­ca­tions pri­vate from all third-par­ties, anony­mous, prov­ably un­tam­pered with, and prov­ably from par­tic­u­lar par­ties; so­cial mech­a­nisms like rep­u­ta­tion re­placed by for­mal­ized sys­tems like feed­back; and le­gal mech­a­nisms like an­ti-fraud statutes su­per­seded by mech­a­nisms such as or bonds (which can be for­ti­fied by cryp­to­graphic tech­niques as mul­ti­ple-party sig­na­tures).

The ideal cypher­punk sys­tem is self­-en­forc­ing, self­-reg­u­lat­ing, and can­not be at­tacked di­rectly by out­siders be­cause they do not know where it is or how to affect it.

Ju­lian As­sange et al 2012 write:

The new world of the in­ter­net, ab­stracted from the old world of brute atoms, longed for in­de­pen­dence. But states and their friends moved to con­trol our new world – by con­trol­ling its phys­i­cal un­der­pin­nings. The state, like an army around an oil well, or a cus­toms agent ex­tract­ing bribes at the bor­der, would soon learn to lever­age its con­trol of phys­i­cal space to gain con­trol over our pla­tonic realm. It would pre­vent the in­de­pen­dence we had dreamed of, and then, squat­ting on fiber op­tic lines and around satel­lite ground sta­tions, it would go on to mass in­ter­cept the in­for­ma­tion flow of our new world – its very essence even as every hu­man, eco­nom­ic, and po­lit­i­cal re­la­tion­ship em­braced it. The state would leech into the veins and ar­ter­ies of our new so­ci­eties, gob­bling up every re­la­tion­ship ex­pressed or com­mu­ni­cat­ed, every web page read, every mes­sage sent and every thought googled, and then store this knowl­edge, bil­lions of in­ter­cep­tions a day, un­dreamed of pow­er, in vast top se­cret ware­hous­es, for­ev­er. It would go on to mine and mine again this trea­sure, the col­lec­tive pri­vate in­tel­lec­tual out­put of hu­man­i­ty, with ever more so­phis­ti­cated search and pat­tern find­ing al­go­rithms, en­rich­ing the trea­sure and max­i­miz­ing the power im­bal­ance be­tween in­ter­cep­tors and the world of in­ter­ceptees. And then the state would re­flect what it had learned back into the phys­i­cal world, to start wars, to tar­get drones, to ma­nip­u­late UN com­mit­tees and trade deals, and to do fa­vors for its vast con­nected net­work of in­dus­tries, in­sid­ers and cronies.

But we dis­cov­ered some­thing. Our one hope against to­tal dom­i­na­tion. A hope that with courage, in­sight and sol­i­dar­ity we could use to re­sist. A strange prop­erty of the phys­i­cal uni­verse that we live in. The uni­verse be­lieves in en­cryp­tion. It is eas­ier to en­crypt in­for­ma­tion than it is to de­crypt it. We saw we could use this strange prop­erty to cre­ate the laws of a new world. To ab­stract away our new pla­tonic realm from its base un­der­pin­nings of satel­lites, un­der­sea ca­bles and their con­trollers. To for­tify our space be­hind a cryp­to­graphic veil. To cre­ate new lands barred to those who con­trol phys­i­cal re­al­i­ty, be­cause to fol­low us into them would re­quire in­fi­nite re­sources. And in this man­ner to de­clare in­de­pen­dence.

The de­cen­tral­iza­tion is key. Cen­tral­iza­tion is un­ac­cept­able for many ap­pli­ca­tions: cen­tral­iza­tion means any com­mer­cial or po­lit­i­cal in­ter­est can in­ter­fere for any pur­pose, be it ren­t-seek­ing or tax­a­tion, pros­e­cut­ing eco­nomic war­fare against an­other par­ty, in­tended to ham­per or­ga­nized crime or ter­ror­ism, etc.

This fear of cen­tral­iza­tion is not idle. The ring of power offered by cen­tral­iza­tion has been grasped on many oc­ca­sions: rang­ing from Pay­pal ham­per­ing its com­peti­tors to US-led crack­downs on an­cient fi­nan­cial sys­tems & Is­lamic char­i­ties in the name of coun­ter-ter­ror­ism to the US su­ing the pre­dic­tion mar­ket (with the as­sis­tance of the Cen­tral Bank of Ire­land) to credit card com­pa­nies’ near-fa­tal boy­cott of Wik­iLeaks to Iran’s se­vere in­fla­tion after eco­nomic em­bar­goes. Pre­vi­ous like or suffered the ex­pected fates, and more point­ed­ly, an ear­lier on­line drug mar­ket (the “Farmer’s Mar­ket”) was shut down and prin­ci­pals in­dicted us­ing scores of trans­ac­tion de­tails stored by banks & Pay­pal & West­ern Union.


The fun­da­men­tal chal­lenge con­fronting any elec­tronic cur­rency is cop­ing with the : when trans­ac­tions con­flict (eg. spend­ing twice the same unit of cur­ren­cy), which trans­ac­tion takes pri­or­i­ty? Dou­ble-spends are diffi­cult to per­form with non-elec­tronic money since you can­not give a dol­lar bill to one per­son while si­mul­ta­ne­ously giv­ing it to an­oth­er, but triv­ial with elec­tronic mes­sages.

One so­lu­tion is to cen­tral­ize trans­ac­tions: if you over­draw your bank ac­count with 2 checks, the bank will choose one to bounce and one to hon­or. Sim­i­larly for credit card trans­ac­tions. An elec­tronic cur­rency like Pay­pal processes each trans­ac­tion in re­al­time, so you can­not log into your Pay­pal ac­count in 2 browsers and send your en­tire bal­ance to 2 differ­ent peo­ple. With cen­tral­iza­tion, there is some­one or some­thing which ‘de­cides’ which of the 2 con­flict­ing trans­ac­tions will be­come the real trans­ac­tion. Cen­tral­iza­tion ap­pears in many guises in cur­rency sys­tems: cryp­to­graphic pi­o­neer could guar­an­tee com­plete anonymity to any­one “spend­ing” a coin, solv­ing the dou­ble-spend prob­lem by de­vis­ing things so that a dou­ble-spend leaks enough in­for­ma­tion that the anonymity evap­o­rates, but the math only works with a cen­tral “bank” which could be at­tacked. Chaum’s sys­tem never took off, for sev­eral rea­sons, but this cen­tral­ized point of fail­ure is one.

If we avoid the prob­lems of cen­tral­iza­tion and re­solve on a de­cen­tral­ized sys­tem, we face a differ­ent but equally se­vere set of prob­lems: with­out cen­tral­iza­tion, in a dis­trib­uted sys­tem in which no party has veto power (and any party can be anony­mous or for an­other par­ty), how and who de­cides which of 2 con­flict­ing trans­ac­tions is the “real” trans­ac­tion? Must a dis­trib­uted sys­tem sim­ply al­low dou­ble-spends, and thus be use­less as mon­ey?

No. The is that it says that the valid trans­ac­tion is sim­ply “the one which had the most com­put­ing power in­vested in pro­duc­ing it”. Why does this work? In the Bit­coin dis­trib­uted sys­tem, there are many ‘good’ par­ties at work pro­duc­ing new trans­ac­tions, and they will in­de­pen­dently latch onto one of the two com­pet­ing trans­ac­tions pro­duced by an at­tacker and in­cor­po­rate it into fu­ture trans­ac­tions; the amount of com­put­ing power nec­es­sary to out­-in­vest those other par­ties quickly be­comes too enor­mous for any one en­tity to in­vest. Within hours, one trans­ac­tion will be uni­ver­sal, and the other for­got­ten.

Hence, Bit­coin is an ac­cept­able cypher­punk cur­ren­cy: it is de­cen­tral­ized, par­ties par­tic­i­pate out of self­-in­ter­est, and it is eco­nom­i­cally in­fea­si­ble to at­tack Bit­coin di­rect­ly.

Silk Road as Cyphernomicon’s black markets

The Silk Road (SR) is a web­site ac­ces­si­ble through the Tor anonymiz­ing net­work. Tor is de­scended from cypher­punk de­signs for anony­mous email: mes­sages are swapped by servers in the “mix” net­work with chang­ing cryp­to­graphic wrap­pers, so ob­servers can­not tell what server a mes­sage ul­ti­mately ends up at nor who sent a mes­sage. Buy­ers cre­ate ac­counts, send bit­coins to SR-con­trolled ad­dress­es, browse seller pages, and or­der quan­ti­ties sim­i­lar to any e-com­merce site. (Con­trary to de­scrip­tions of SR as “the eBay of drugs”, SR is more akin to shop­ping on Ama­zon Mar­ket­places than eBay: there are no auc­tion fea­tures.) SR has been cov­ered in the me­dia for years and is still op­er­at­ing suc­cess­ful­ly, in­deed, Christin 2013 cal­cu­lated a monthly turnover of ~$1.2m for an­nual rev­enue of ~$15m from 2011-2012, with daily sales vol­ume:

“Fig­ure 12: Es­ti­mate of the to­tal amount of daily sales (in ₿) oc­cur­ring on SR. Each point cor­re­sponds to an av­er­age over the prior thirty days.” –Christin 2013

The de­sign of SR could be taken straight out of early ’90s cypher­punk—­most of the de­sign can be jus­ti­fied in Tim­o­thy C. May’s 1994 , it­self mostly a sum­mary of much ear­lier dis­cus­sions. (In an amus­ing his­tor­i­cal co­in­ci­dence, May hap­pens to men­tion an old dig­i­tal cur­rency pro­posal called… “The Dig­i­tal Silk Road”.) The SR is an un­reg­u­lated black mar­ket­place which is:

  • reached via a anonymiz­ing mix net­work
  • made up of pseu­do­ny­mous en­ti­ties, who
  • com­mu­ni­cate pri­vately and se­curely via to arrange pur­chases
  • us­ing es­crow schemes for pay­ment of sell­ers only on re­ceipt of goods
  • said sell­ers post the equiv­a­lent of bonds as surety be­fore be­ing al­lowed to sell
  • and buy­ers pub­licly rate their sell­ers (so the mar­ket­place avoids be­com­ing a )

From an eco­nomic point of view, sev­eral mea­sures serve to make in­cen­tives align:

  • SR is paid as a per­cent­age of trans­ac­tions; hence, it is mo­ti­vated to en­cour­age as high a turnover as pos­si­ble, and main­tain the sat­is­fac­tion of both buy­ers and sell­ers. This makes SR a rel­a­tively trust­wor­thy agent be­cause too much abuse will cause buy­ers or sell­ers to leave and cease pay­ing the per­cent­age, es­pe­cially if there are any com­pet­ing mar­ket­places. (This is the same dy­namic that kept users on Lib­erty Re­serve be­fore it was shut down.)
  • Sell­ers are en­cour­aged to not scam buy­ers be­cause they will not gain ac­cess to bit­coins in es­crow and enough vi­o­la­tions will for­feit their de­posit held by SR
  • Buy­ers have lim­ited in­cen­tive to scam sell­ers be­cause their bit­coins are paid in ad­vance and not un­der their con­trol; SR ar­bi­trates dis­putes and more than a few bad trans­ac­tions can lead to their bal­ances for­feited and be­ing black­list­ed, lim­it­ing their abil­ity to scam large amounts

And as far as peo­ple out­side the mar­ket­place are con­cerned, there is a net­work effect at play: the bet­ter in­cen­tives align, the more buyer and sell­ers there will be, and they will lead to bet­ter se­lec­tions and lower prices. All fa­mil­iar eco­nomic re­sults about nor­mal thick com­mod­ity mar­kets, but per­haps un­ex­pected to see in such an ex­otic mar­ket­place.


One as­pect of the in­cen­tives de­serves cov­er­age as most pre­sciently dis­cussed by the cypher­punks and un­der­ap­pre­ci­ated by users: the use of es­crow.

Tim­o­thy C. May’s chap­ter 12 (“Le­gal Is­sues: Loose Ends: Es­crow Agents”) lays out the ne­ces­sity of es­crow when a mar­ket­place uses both pseu­do­nymity and un­trace­able dig­i­tal cash:

On-line clear­ing has the pos­si­ble dan­ger im­plicit in all trades that Al­ice will hand over the mon­ey, Bob will ver­ify that it has cleared into his ac­count (in older terms, Bob would await word that his Swiss bank ac­count has just been cred­it­ed), and then Bob will fail to com­plete his end of the bar­gain. If the trans­ac­tion is truly anony­mous, over com­puter lines, then of course Bob just hangs up his mo­dem and the con­nec­tion is bro­ken. This sit­u­a­tion is as old as time, and has al­ways in­volved pro­to­cols in which trust, re­peat busi­ness, etc., are fac­tors. Or es­crow agents.

…In steps “Es­ther’s Es­crow Ser­vice.” She is also un­trace­able, but has es­tab­lished a dig­i­tal­ly-signed pres­ence and a good rep­u­ta­tion for fair­ness. Her busi­ness is in be­ing an es­crow agent, like a bond­ing agen­cy, not in “burn­ing” ei­ther par­ty. (The math of this is in­ter­est­ing: as long as the profits to be gained from any small set of trans­ac­tions is less than her “rep­u­ta­tion cap­i­tal,” it is in her in­ter­est to forego the profits from burn­ing and be hon­est. It is also pos­si­ble to arrange that Es­ther can­not profit from burn­ing ei­ther Al­ice or Bob or both of them, e.g., by suit­ably en­crypt­ing the es­crowed stuff.) Al­ice can put her part of the trans­ac­tion into es­crow with Es­ther, Bob can do the same, and then Es­ther can re­lease the items to the par­ties when con­di­tions are met, when both par­ties agree, when ad­ju­di­ca­tion of some sort oc­curs, etc. (There a dozen is­sues here, of course, about how dis­putes are set­tled, about how par­ties sat­isfy them­selves that Es­ther has the items she says she has, etc.)

“Es­ther” is SR, “on-line clear­ing” is bit­coins, Al­ice is a buyer and Bob the sell­er, but oth­er­wise the logic is clear and un­mis­tak­able: lack of es­crow leads to a for Bob to scam Al­ice.

We can see the proof in prac­tice. For var­i­ous rea­sons, SR pro­vides buy­ers the op­tion of re­leas­ing their funds from es­crow to the sell­er, called “early fi­nal­iza­tion”; early fi­nal­iza­tion is one of the lead­ing mech­a­nisms for seller scams on SR. The car­di­nal ex­am­ple is the April 2012 scam where a trusted seller took the oc­ca­sion of a SR-wide sales event (where SR waived its fees) to an­nounce un­usu­ally low prices, took in hun­dreds of large or­ders to­tal­ing thou­sands of bit­coins (the equiv­a­lent of >$50,000) but re­quir­ing early fi­nal­iza­tion, with­drew all funds, and never de­liv­ered. A sim­ple enough scam, yet highly effec­tive: as May and other cypher­punks pointed out decades be­fore, one should never en­trust a pseu­do­ny­mous agent with more liq­uid anony­mous cash than its “rep­u­ta­tion cap­i­tal” is worth! One can en­trust the agent with less liq­uid anony­mous cash (not enough to burn one’s rep­u­ta­tion in ex­change for), or one could en­trust the agent with more es­crowed anony­mous cash (so they can­not “rip-and-run”), but not both more and un-e­scrowed (which is pay­ing them to scam you).

(This could be helped slightly by pro­vid­ing more in­for­ma­tion about sell­ers, like list­ing the out­stand­ing bal­ance for sell­ers so buy­ers can be wary of any seller with an un­usu­ally large out­stand­ing bal­ance; but buy­ers will still be at­tracted by sales as ex­cuses for fi­nal­iz­ing ear­ly, and sell­ers could sim­ply split their ac­tiv­ity over mul­ti­ple ac­counts. Es­crow re­mains the best so­lu­tion.)

Silk Road as a marketplace

“Silk Road does­n’t re­ally sell drugs. It sells in­sur­ance and fi­nan­cial prod­ucts,” says Carnegie Mel­lon com­puter en­gi­neer­ing pro­fes­sor Nico­las Christin. “It does­n’t re­ally mat­ter whether you’re sell­ing T-shirts or co­caine. The busi­ness model is to com­modi­tize se­cu­ri­ty.”3

Be­yond the ba­sic cryp­to­graphic tools and fea­tures of the site it­self, SR em­bod­ies the cypher­punk dream of let­ting free-mar­ket forces op­er­ate to in­form buy­ers and let them find sell­ers with whom they can reach mu­tu­ally ac­cept­able agree­ments. There is no bet­ter way to demon­strate this dy­namic than with a de­tailed ex­am­ple us­ing real SR data of a hy­po­thet­i­cal buyer com­pil­ing the in­for­ma­tion SR pro­vides, mak­ing in­fer­ences on the pro­vided data, ap­ply­ing his de­sires to ap­praise each sell­er’s wares, trad­ing off var­i­ous cri­te­ria such as risk ver­sus price, and fi­nally set­tling on a par­tic­u­lar prod­uct.

But one won­ders: what is us­ing it like? Does it have a de­cent se­lec­tion? Is it safe? Rid­den with scam­mers? Has it suc­cumbed to an (“I used SR when it was still un­der­ground”)? Should­n’t we keep quiet about it like Fight Club?


The pu­rity and safety of SR wares, while vary­ing con­sid­er­ably from seller to sell­er, batch to batch, and drug to drug, seems to have gen­er­ally been high. For ex­am­ple, the LSD Avengers’ lab test­ing kept the LSD sec­tion’s qual­ity up, and the FBI in its JTAN search war­rant re­quest did its own lab test­ing:

Since No­vem­ber of 2011, law en­force­ment agents par­tic­i­pat­ing in this in­ves­ti­ga­tion have made over 70 in­di­vid­ual pur­chases of con­trolled sub­stances from var­i­ous ven­dors on the Silk Road Un­der­ground Web­site. The sub­stances pur­chased have been var­i­ous Sched­ule I and II drugs, in­clud­ing ec­sta­sy, co­caine, hero­in, LSD, and oth­ers. As of April 2013, at least 56 sam­ples of these pur­chases have been lab­o­ra­to­ry-test­ed, and, of the­se, 54 have shown high pu­rity lev­els of the drug the item was ad­ver­tised to be on Silk Road.

Suc­cess­ful de­liv­ery rates of real drugs were high; the DHS agent Jared Deryeghi­ayan re­port­edly tes­ti­fied that of >50 or­ders, “All but 1-2 shipped the ad­ver­tised drug.”

Sub­se­quent DNMs like­wise ap­pear to have high pu­ri­ties on av­er­age. For ex­am­ple, the Span­ish drug test­ing ser­vice En­ergy Con­trol found as of March 2015 that “Users are asked about the type of sub­stance they be­lieve they have pur­chased. In 120 of 129 sam­ples (93%), the main re­sult of the analy­sis was con­sis­tent with the in­for­ma­tion pro­vided by the user”4


The safety of us­ing Tor dark­net mar­kets is a ma­jor ques­tion (and wor­ries about safety are, ac­cord­ing to Bar­ratt et al 2013’s sur­vey analy­sis, a ma­jor rea­son peo­ple don’t use SR), and one I find in­ter­est­ing. Un­sur­pris­ing­ly, it’s hard to find solid in­for­ma­tion on how many peo­ple have been busted us­ing SR or what hap­pened to them, and the con­se­quences will de­pend on the spe­cific sub­stance and amounts. For ex­am­ple, modafinil seems to be de facto not pros­e­cuted in the US, and the fail­ure rates of im­port­ing from on­line phar­ma­cies seem to be in the <10% range ac­cord­ing to buyer anec­dotes and 1 sell­er. Some users re­port oc­ca­sional in­ter­cep­tions like when Forbes or­dered 3 items in 2013 & 1 failed to ar­rive, but oth­ers claim flaw­less de­liv­ery records (even some­one claim­ing to buy $50k of opi­ates a year on SR). Gen­eral de­scrip­tions of drug im­por­ta­tion also sug­gest low in­ter­cep­tion rates (as makes sense given the very large quan­ti­ties of drugs sold every day); the large Cana­dian LSD seller Tes­sel­lated es­ti­mated in July 2013 that “less than 1% of our pack­ages are re­ported miss­ing (some of this may be cus­tomers ly­ing)” and 2 Eng­lish drug jour­nal­ists in De­cem­ber 2012 dis­cussing their most re­cent book:

Q: “How much of the drugs that en­ter the coun­try are ac­tu­ally seized by po­lice?”

A: “I think the fig­ure that’s quoted in our book is about 1%; it re­ally is a frac­tion of what gets in. There was one con­ver­sa­tion I had with a chap who had ac­cess to the Se­ri­ous Or­gan­ised Crime Agency who said that if peo­ple knew how easy it was, then more peo­ple would do it.”

Buy­ers and sell­ers seem to be treated differ­ently as well: in the 2012 bust of the in­se­cure Farmer’s Mar­ket (see later foot­note), the in­dict­ment only lists sell­ers and no buy­ers.


Due to length, this sec­tion has .

LE reports

Se­cu­ri­ty-wise, SR seems to be re­ceiv­ing pass­ing grades from law en­force­ment agen­cies in­ter­nal­ly; a leaked FBI re­port men­tioned no at­tacks against SR, an anony­mous fed­eral source re­ports frus­tra­tion5 (although these sources may just be echo­ing pub­lic in­for­ma­tion6), anony­mous anec­dotes claim the DEA is stymied7, while a May 2012 Aus­tralian doc­u­ment re­port­edly praised the se­cu­rity of seller pack­ag­ing and gen­eral site se­cu­ri­ty, with a pseu­do­ny­mous SR fo­rums user claim­ing to sum­ma­rize it:

Re­cent­ly, I gained ac­cess to an in­ter­nal con­fi­den­tial re­port dis­trib­uted to sev­eral Aus­tralia LE agen­cies and a few in­ter­na­tional an­ti-nar­cotic bod­ies re­gard­ing pos­si­ble meth­ods of com­bat­ing il­le­gal ac­tiv­i­ties in­volv­ing BC. Of course SR was a main fea­ture of said re­port…So here are the nuts and bolts of the re­port, spread the in­for­ma­tion as far and wide as pos­si­ble friends:

  1. PGP is ter­ri­fy­ing them, every new user who learns it and helps oth­ers learn, closes a pos­si­ble loop­hole they were plan­ning to ex­ploit.
  2. User ig­no­rance of the tech­nol­ogy be­ing used (Tor, PGP etc) is their sin­gle best hope for any kind of se­ri­ous ac­tion against the SR com­mu­ni­ty.
  3. Nar­cotic trade his­tor­i­cally in­volves ex­ploita­tion and vi­o­lence. Users work­ing to­gether as a com­mu­nity for a greater good and to­wards the same goals has made all pre­vi­ous in­ter­dic­tion train­ing ba­si­cally ob­so­lete. In other words, every user who helps new­com­ers learn how to be safe and se­cure es­pe­cially through the use of PGP for all trans­ac­tions and com­mu­ni­ca­tion is a nail in LEO’s coffin.
  4. A to­tal lack of vi­o­lence and ex­ploita­tion is very much work­ing in our fa­vor. So in other words, the idea of a com­mu­nity work­ing to­gether to pro­tect the new and vul­ner­a­ble has been iden­ti­fied as a huge ob­sta­cle for any kind of se­ri­ous at­tempt to stop SR.
  5. Their morale re­gard­ing fight­ing SR and BC is very low at the mo­ment, mainly be­cause very few LEO have the ca­pac­ity to com­pre­hend how the whole sys­tem works, but un­for­tu­nate­ly, re­cent me­dia cov­er­age de­mands some kind of ac­tion, so they are go­ing to have to show the pub­lic they are do­ing some­thing to com­bat SR, they just aren’t sure what yet.


In par­tic­u­lar, I am im­pressed that after years of op­er­a­tion as of April 2013, SR seems to have never been se­ri­ously hacked or bro­ken in­to: in that time, there have been many hacks of other sites and >9 hacks of Bit­coin cur­rency ex­changes. There has been a peren­nial fo­rum spam prob­lem, and in late 2012, there was a SQL in­jec­tion at­tack lead­ing to im­ages be­ing cor­rupted with false ad­dresses and a few peo­ple los­ing their money by not be­ing sus­pi­cious, but that seems to be it. And SR is the biggest tar­get out there be­sides Mt­Gox, for mul­ti­ple rea­son­s—the sheer amounts that pass through it, the po­ten­tial of it be­ing a small team rather than a pro­fes­sional group (how do you hire pen­e­tra­tion testers when you’re SR?), the un­usual prod­ucts you can or­der, the no­to­ri­ety one would earn, and fi­nal­ly, the “lulz” value of their data­bases (sup­pose some­one were able to har­vest ad­dresses & names that are fool­ishly sent to sell­ers in the clear & un­en­crypt­ed; imag­ine the lulz value of re­leas­ing them all in a big dump! Peo­ple would be wet­ting their pants world­wide, since de­spite all warn­ings, there are al­ways a great num­ber of users who will not bother en­crypt­ing their ad­dress­es.)

My be­lief is that SR can be taken down; how­ev­er, I am not sure LE (law en­force­ment) has per­mis­sion to use the tac­tics nec­es­sary—­ex­plain­ing the lack of sug­gested at­tacks or re­al­is­tic at­tacks in the leaked FBI Bit­coin pa­per and sum­maries of the leaked Aus­tralian SR pa­per (re­spec­tive­ly). My two sug­gested at­tacks are

  1. ing the SR site, ren­der­ing it un­us­able (and con­gest­ing the over­all Tor net­work)
  2. fake buyer & seller ac­counts lead­ing up to a sin­gle large scam.

At­tack #1 would make the site sim­ply un­us­able, and can be done on any ad­dress SR runs on since the ad­dress has to be widely known or how will the buy­ers & sell­ers know where to go? This would re­quire a few dozen nodes, at least, al­though I’m not ac­tu­ally sure how hard it is to DDoS a Tor hid­den server—re­port­edly the DDoS which took down SR for weeks was be­ing run by a sin­gle in­di­vid­ual in their spare time8, and by the very na­ture of the Tor anonymiz­ing net­work, it should be diffi­cult to do any­thing at all about a DoS at­tack since how do you iden­tify the end-n­odes re­spon­si­ble, as op­posed to the re­lays pass­ing on their mes­sages? And the ob­vi­ous coun­ter-mea­sure, run­ning through many .onion ad­dress­es, even one for every user, would sub­stan­tially re­duce the ac­tual anonymity of the SR servers. That a weak DDoS at­tack was al­ready so suc­cess­ful against SR raises se­ri­ous doubts in my mind about the abil­ity of hid­den ser­vices to re­sist a real DDoS at­tack like by a medi­um-sized bot­net.

At­tack #2 would re­quire a fairly sub­stan­tial fi­nan­cial in­vest­ment to pay the ~$500 de­posit re­quired of each seller ac­count, but de­pend­ing on how effec­tive the fi­nal step is, may ac­tu­ally run at a profit: it’s not hard to get $500 of or­ders at any time, since you can build up a rep­u­ta­tion, and then when you de­cide to burn the ac­count, you can so­licit or­ders for weeks due to ship­ping de­lays, and then de­lay the res­o­lu­tion even longer. Cer­tainly the many FE scam­mers like Tony76, who have made off with hun­dreds of thou­sands of dol­lars, have demon­strated that this is per­fectly doable and claims to the con­trary are wish­ful think­ing; and cer­tainly LE is pa­tient enough to do this tac­tic since it’s ex­actly what they did with Farmer’s Mar­ket & & other fo­rum­s/sites too ob­scure to be re­mem­bered. Re­peat­ed, this would mas­sively de­stroy buy­ers’ trust in SR, es­pe­cially since there are usu­ally only a few hun­dred ac­tive sell­ers at any point. (pine, com­ment­ing on how the com­pet­ing dark­net mar­ket At­lantis did in­-browser en­cryp­tion which I crit­i­cized as se­cu­rity the­ater & Hush­mail re­dux, points out the ver­sion of this sce­nar­io: the more new­bie buy­ers who are too lazy or ar­ro­gant to use PGP (~90% of users, ac­cord­ing to the At­lantis ad­min­is­tra­tors in June 2013; >50%, ac­cord­ing to a for­mer SR1 sell­er; >30% of Sheep Mar­ket­place users ac­cord­ing to the seller “hay­denP” on 2013-11-22; DPR2 es­ti­mated “be­tween 8% and 12%” on SR2 on 2013-12-06; 90%, an Evo­lu­tion/The Mar­ket­place sell­er; <10%, an Agora sell­er; >75%, the Project Black Flag hacker; 46% & 52%, the Evo­lu­tion seller fun-gee; 10%, Grand­Wiz­ard­sLair & 1-2% use mul­ti­sig when avail­able; a large frac­tion of Al­phaBay users in 2016/2017 ac­cord­ing to peo­ple who saw the leaked PMs) the more at­trac­tive an at­tack on SR be­comes to pick up all the buyer ad­dresses be­ing sent in the clear and the more fea­si­ble a mass raid be­comes.)

For­tu­nate­ly, I don’t think LE is au­tho­rized to en­gage in cy­ber­war (#1) or mass en­trap­ment & fraud (#2)—and who knows, maybe SR could sur­vive both. We’ll see.

Fight Club

When­ever clas­sic (and il­le­gal) cypher­punk ap­pli­ca­tions are im­ple­mented us­ing Bit­coin, you are sure to find some­one com­plain­ing that you must not talk about Fight Club—how will that play in Peo­ria⸮ You will find quite a few, ac­tu­al­ly, as much as one would ex­pect Bit­coin to se­lect for hard-core lib­er­tar­ian types9 or techies who have in­ter­nal­ized the ; in­deed, the mod­er­a­tors of the Bit­coin fo­rum have—in a crime against his­to­ry—deleted the early threads about SR, in­clud­ing the thread that saw SR an­nounced. (I posted a short thread link­ing this page, and I give it about 25% odds of be­ing mod­er­at­ed/delet­ed; a few hours lat­er, the thread had been delet­ed. I had dras­ti­cally un­der­es­ti­mated the cow­ardice of the fo­rum mod­er­a­tors.)

This is a cer­tain dou­ble-bind and un­fair­ness in such crit­i­cism. Would such crit­ics be con­grat­u­lat­ing me if this ar­ti­cle turned out to help Bit­coin by dis­cussing and doc­u­ment­ing a de­mand dri­ver and im­por­tant test-case? I sus­pect they would­n’t. Their ar­gu­ment is un­fal­si­fi­able and based more on their prej­u­dices than hard da­ta.

To such peo­ple, my gen­eral re­ply is: what makes you think I want Bit­coin to suc­ceed? It’s in­ter­est­ing but that does­n’t mean I have drank the Kool-Aid. If SR cov­er­age hurt Bit­coin, I may not care.

And I would ar­gue the con­trary: I be­lieve SR cov­er­age helps Bit­coin. SR has not been harmed by its na­tional cov­er­age; the num­ber of ac­counts and trans­ac­tions have all in­creased dra­mat­i­cal­ly, and SR’s ad­min has stated his sat­is­fac­tion with the new sta­tus quo on the SR fo­rums and on Gawker, and said later that “Silk Road was never meant to be pri­vate and ex­clu­sive.” (2012-01-09, “State of the Road Ad­dress”); as has a co-founder of a British Bit­coin ex­change.

Not that the SR ad­min ever sought se­cre­cy—he an­nounced SR’s offi­cial open­ing on the Bit­coin fo­rums! Pur­chases of Bit­coin no­tice­ably spiked after the Gawker ar­ti­cle as al­ready men­tioned, and one can­not buy that much pub­lic­i­ty. One might say of self­-cen­sor­ship that “C’est pire qu’un crime, c’est une faute.

And sup­pose SR cov­er­age did hurt Bit­coin even to the ex­tent that it would be worth de­vot­ing one neu­ron to think­ing about it; I would pub­lish any­way be­cause that would mean that the Bit­coin ex­per­i­ment has failed and must be ter­mi­nated im­me­di­ately. If Bit­coin is not safe for the drug deal­ers, then it is not safe for any­one; if Bit­coin can be hurt by the truth, then it is al­ready doomed—you can­not build on quick­sand, and Good game, chaps, let’s all meet back here when the next Satoshi Nakamoto fig­ures out how to patch the vul­ner­a­bil­i­ties.


But be­sides all that, how well does it work? No way to know but to go. So, let’s take a ‘brazen’ stroll down the SR.

SR’s 2 tech­ni­cal claims to fame are the ex­clu­sive use of Bit­coins for pay­ment, and ac­cess only through the , on which SR and the SR fo­rum live as —both you and the server fun­nel your re­quests into a set of Tor nodes and you meet in the mid­dle. (This is­n’t as slow as it might sound, and hid­den sites elim­i­nate the main se­cu­rity weak­ness of Tor: .) Tor it­self is se­cure, but this does­n’t mean as much as one might think it means: while Tor it­self is ba­si­cally the se­curest soft­ware you will ever use (or at least, it is far from the weak­est link in your chain), what al­ways kills you is what you choose to com­mu­ni­cate over Tor: what you browser sends or does­n’t send, or the per­sonal de­tails you put on your seller page or brag about on Tum­blr/In­sta­gram with pic­tures/Venmo (mak­ing for easy ar­rests), or the mail­ing ad­dress you fool­ishly choose to send over it plain­text & un­en­crypted (vul­ner­a­ble un­til the item ships) or the re­veal­ing mes­sage (vul­ner­a­ble >2 months)10, or the pseu­do­nym you choose to con­fide in, etc. Tor is a tool which does one thing very well: keeps se­cret the com­mu­ni­ca­tion be­tween your com­puter and some­one else’s com­put­er. It does noth­ing what­so­ever about any­thing that other com­puter may be able to fig­ure out or record about you or what you choose to send. The per­fectly se­cure en­ve­lope does lit­tle good if the per­son you’re mail­ing your con­fes­sion to is a po­lice­man.

But as any kid­nap­per knows, you can com­mu­ni­cate your de­mands eas­ily enough, but how do you drop off the vic­tim and grab the suit­case of cash with­out be­ing nabbed? This has been a se­vere se­cu­rity prob­lem for­ev­er. And bit­coins go a long way to­wards re­solv­ing it. So the ad­di­tional se­cu­rity from use of Bit­coin is non­triv­ial. As it hap­pened, I al­ready had some bit­coins. (Typ­i­cal­ly, one buys bit­coins on an ex­change like Mt.­Gox, al­though the routes are al­ways chang­ing, so see the Bit­coin wik­i’s buy­ing guide; the era of easy profitable ‘min­ing’ passed long ago.) Tor was a lit­tle more tricky, but on my De­bian sys­tem, it re­quired sim­ply fol­low­ing the offi­cial in­stall guide: apt-get install the Tor and Polipo pro­grams, stick in the proper con­fig file, and then in­stall the Tor­but­ton. Al­ter­nate­ly, one could use the Tor browser bun­dle which pack­ages up the Tor dae­mon, proxy, and a web browser all con­fig­ured to work to­geth­er; I’ve never used it but I have heard it is con­ve­nient. Other op­tions in­clude en­tire OSes like Tails or Lib­erté Linux, which can be used on bootable Flash dri­ves. (I also usu­ally set my Tor in­stal­la­tion to be a Tor server/mid­dle­man as well—this gives me more anonymity, speeds up my con­nec­tions since the first hop/­con­nec­tion is un­nec­es­sary, and helps the Tor net­work & com­mu­nity by do­nat­ing band­width.)

Silk Road

With Tor run­ning and the Tor­but­ton en­abled in the browser (a­long with any ), we can eas­ily con­nect to SR; we sim­ply visit silkroadvb5piz3r.onion11. (New­bies to Tor might won­der why the gib­ber­ish ad­dress. The ad­dress is de­rived from the pub­lic key of the server, mak­ing it more diffi­cult for an at­tacker to pre­tend to be the real SR or do a .)

Upon con­nect­ing, you will see a bare log-in form:

2011 SR log-in form on the home­page

Al­ter­nate­ly, you might see an er­ror page like the fol­low­ing; SR is oc­ca­sion­ally down for main­te­nance & new fea­tures or tem­porar­ily over­loaded. Usu­ally wait­ing a minute is enough, and longer down­times are dis­cussed on the SR fo­rums.

2011 server er­ror ex­am­ple

Click on the join, and you will be taken to an­other page for reg­is­ter­ing your ac­count, much like any other site. In­vi­ta­tions are not cur­rently re­quired, al­though to reg­is­ter a seller ac­count is nei­ther easy nor cheap, see later sec­tions. (I sug­gest pick­ing a strong pass­word12. Learn from the Mt.­Gox fi­as­co.) With your new ac­count, you can now log in and see what there is to see on the main page:

The front page, dis­play­ing ran­dom im­ages of mer­chan­dise on offer, cat­e­gories of list­ings, and re­cent feed­back posted by buy­ers
At an­other time
And an­other time

No­tice at the bot­tom, be­low the ran­dom se­lec­tions, is a sec­tion list­ing all the most re­cent re­views from buy­ers; feed­back from buy­ers, like on Ama­zon or eBay, is cru­cial to keep­ing the sys­tem hon­est:

Seller feed­back

The stim­u­lants cat­e­gory con­tains much what you’d ex­pect:

2011 list­ing of stim­u­lants: Adder­all, 4-FA, metham­phet­a­mine, co­caine

Mov­ing on, we have the sec­tion for sell­ing forg­eries:

Forgery se­lec­tion


Well, you’ve browsed through the SR prop­er. You can also visit the offi­cial SR fo­rums at dkn255hz262ypmii.onion. The dis­cus­sions are in­dis­pens­able tools for learn­ing about sell­ers and get­ting the lat­est ru­mors like in­di­ca­tors of FE scams, but the fo­rums are also where offi­cial rule changes to SR are an­nounced by the SR ad­min­is­tra­tor.

We have win­dow-shopped long enough. It’s time to take the plunge and buy some­thing. Bit­coin de­vel­oper Jeff Garzik is quoted in the Gawker ar­ti­cle as say­ing that “At­tempt­ing ma­jor il­licit trans­ac­tions with bit­coin, given ex­ist­ing sta­tis­ti­cal analy­sis tech­niques de­ployed in the field by law en­force­ment, is pretty damned dumb.” For­tu­nately I do not plan ‘ma­jor’ trans­ac­tions, and in any case, I tend to sus­pect that said sta­tis­ti­cal tech­niques are overblown; a few aca­d­e­mics have pub­lished ini­tial in­ves­ti­ga­tions into trac­ing trans­ac­tions and ex­am­in­ing the larger Bit­coin econ­o­my, and have linked trans­ac­tions to in­di­vid­u­als, but as of 2012 have only done so with ad­dresses pub­licly linked to iden­ti­ties, and not bro­ken the anonymity of peo­ple try­ing to be anony­mous.

The pub­lic na­ture of trans­ac­tions means that can be gen­er­ated and an­a­lyzed. But for­tu­nate­ly, it’s straight­for­ward to anonymize Bit­coin trans­ac­tions (mix­ing ser­vices13) by a method anal­o­gous to the Tor net­work we are re­ly­ing upon al­ready: route the money through sev­eral in­ter­me­di­aries in sev­eral quan­ti­ties and re­con­struct­ing the path back­wards be­comes non­triv­ial.

My own method was to route 4 bit­coins through Mt.­Gox (this was be­fore the hack­ing, a se­ries of events which con­firmed my own res­o­lu­tion to keep a bal­ance at Mt.­Gox for as short a time as pos­si­ble; a ret­ro­spec­tive analy­sis of Bit­coin ex­changes sug­gests that for every month you keep a bal­ance at an ex­change, you run a ~1% chance of los­ing your mon­ey), then through My­Bit­coin (which at the time was still con­sid­ered trust­wor­thy)14. This was straight­for­ward—sign up for a throw­away ac­count:

My­Bit­coin (de­funct) lo­gin page

Then de­posit to the one-use ad­dress:

My­Bit­coin de­posit in­ter­face

A day or three lat­er, I am tired enough of the game to route my Bit­coins into the last set of anonymiz­ing mix­es, SR’s own coin­tum­bler. How do we do a de­posit? We click on the link in the pro­file and see:

SR bit­coin de­posit form in­ter­face

No big sur­prise there—it’s an­other one-time ad­dress which ex­pired at noon, so there’s no time to shilly-shal­ly:

SR de­posit in­struc­tions: send bit­coins to this ad­dress etc

Once de­posits have been made or pur­chases en­tered in­to, one’s pro­file page be­gins to look like this:

A record of de­posits and with­drawals


After some brows­ing, I per­son­ally de­cided on an offer­ing of the nootropic . Safe, po­ten­tially use­ful, and not even es­pe­cially il­le­gal. The price was right:

Bare-bones se­legi­line list­ing

Should I buy it?

Evaluating sellers

Now, you will no­tice that for most sell­ers, there is no ‘(99)’ or ‘(100)’ after the sell­er’s name; for ex­am­ple, this ran­dom seller has no such in­di­ca­tor:

seller pro­file page with pub­lic key

This is due to the sim­ple fact that when I joined, the post-Gawker rush had re­sulted in mem­ber­ship jump­ing from the high­-hun­dred­s/low-t­hou­sands range to north of 10,000 ac­counts, and while many trans­ac­tions had been en­tered in­to, the re­views and clo­sures of trans­ac­tions had only start­ed. So I was not too both­ered by the lack of feed­back on this seller pro­file. I also used the handy SR fo­rums and found no bad men­tions of the sell­er. The user num­ber was not ter­ri­bly high, the de­scrip­tion was de­tailed enough that it looked like he took sell­ing se­ri­ous­ly, there are no bad re­views, they posted a pub­lic key, etc. So, I was will­ing to take a chance on him.

Both the seller and the ex­am­ple above had stan­dard -com­pli­ant posted (the long string of gib­ber­ish un­der that odd head­er—quite un­mis­tak­able), which one will need to en­crypt the per­sonal in­for­ma­tion one sends the seller15. (It is a given on SR that sell­ers have pub­lic keys; any sell­ers who does not pro­vide pub­lic keys should be shunned no mat­ter how good they seem, and you in­stantly fail at se­cu­rity if you send the seller the ad­dress un­en­crypt­ed. You are also mak­ing SR a big­ger tar­get by do­ing stuff in the clear, be­cause the site is hold­ing more valu­able in­for­ma­tion.) Pub­lic-key cryp­tog­ra­phy is an old and vi­tal con­cept to un­der­stand, and there are a great many de­scrip­tions or in­tro­duc­tions on­line so I will not ex­plain it fur­ther here.

I add it to my cart:

Se­legi­line: shop­ping cart for­m—­fill in form and push the but­ton, if you dare

No­tice the ad­dress field. Now, I could be a chump and put down my friend’s ad­dress in the clear. But what if SR it­self is com­pro­mised? Right now, SR does­n’t have any­thing about me, but the ad­dress is a good start­ing place for find­ing me. So, I go to the sell­er’s pro­file, and like the ex­am­ple above, my seller has posted his pub­lic key. I want to en­crypt the ad­dress against that pub­lic key. How?


There are a great many guides to GPG; the offi­cial GPG hand­book, the Ubuntu guide, Hein­lein’s “Quick Start”, the PGP En­cryp­tion Video Tu­to­r­ial, & /r/SilkRoad wiki work well enough. To sum­ma­rize what I did:

  1. I copy the pub­lic key into a text file named key.txt

  2. I tell GPG to mem­o­rize it: gpg --import key.txt

    GPG will spit out some out­put about how it now knows the pub­lic key of etc.

  3. I write down her ad­dress in a file, address.txt,

  4. and I en­crypt it: gpg --recipient --encrypt address.txt --output address.gpg --armor

    Hope­fully the op­tions make sense. (We need --armor to get an ASCII text en­crypted file which we can copy­-and-paste into the shop­ping cart’s ad­dress form, rather than a smaller file of bi­nary gib­ber­ish.) An ex­am­ple of do­ing this right:

Se­legi­line shop­ping cart: with the en­crypted ad­dress to send the se­legi­line to

Now, one might won­der how one would post one’s own pub­lic key in case one asks ques­tions and would like the an­swers from the seller to be as en­crypted as one’s ad­dress­es. It’s easy to make one with gpg --gen-key and then a gpg --armor --export USERNAME, but where to post it? It used to be that you could sim­ply push a but­ton in your pro­file to reg­is­ter as a seller and then fill your own pro­file field with the pub­lic key like any sell­er, and I did just that. But SR closed free seller ac­counts and re­quired large up­-front de­posits, and has an­nounced that they are be­ing auc­tioned off. The jus­ti­fi­ca­tion for this is SR claims to have re­ceived an anony­mous threat to reg­is­ter many free seller ac­counts and sim­ply mail poi­soned pills out (which he al­luded to ear­lier). Hope­fully buy­ers will soon be able to edit their pro­file, but un­til then, there is a thread on the SR fo­rums de­voted to buy­ers post­ing their pub­lic keys.

Now what?

Once you have sub­mit­ted the or­der, the ball is in the sell­er’s court. The or­der is listed in your shop­ping cart as ‘pro­cess­ing’:

And done

Your bal­ance also in­stantly de­creases by the price, and if you look at your bal­ance/­trans­ac­tions page, you will no­tice that that amount is listed as in es­crow16. SR holds onto your Bit­coins un­til you fi­nal­ize17 the trans­ac­tion with a re­view—one of the pro­tec­tions for the buy­ers.

It’s worth not­ing that the buy­ers bear the real risk on SR. A seller can eas­ily anonymize them­selves and send pack­ages with­out diffi­cul­ty: sim­ply drive out of town to an ob­scure post office and mail it, leav­ing be­hind fuzzy sur­veil­lance record­ings, if even that18. Even us­ing the —pho­tographs taken by the USPS of the ex­te­rior of all pack­ages mailed in the USA, data heav­ily ex­ploited—data­base would not help be­cause pre­sum­ably no gen­uine in­for­ma­tion about the sender is recorded on pack­ages, al­though the USPS hid­den cam­era sur­veil­lance would. (The SR fo­rums had a sub­fo­rum on ship­ping, as do the re­place­ment fo­rums.) A buy­er, on the other hand, must at some point be phys­i­cally present to con­sume the or­dered drugs or items. There’s no way to cleanly sep­a­rate her­self from the ship­ment like the seller can. Ship­ping is so safe for the seller that many of them will, with­out com­plaint, ship world­wide or across na­tional bor­ders be­cause cus­toms so rarely stops drug ship­ments. For ex­am­ple, only 1 of my ship­ments of any sup­ple­ment or sub­stance I have or­dered has been held for a sig­na­ture; the other few dozen have never been stopped or ap­par­ently looked at hard by a Cus­toms offi­cial. In the 2 SR or­ders’ cas­es, this turned out to be ir­rel­e­vant as both sell­ers were in­-coun­try. Christin 2013 re­marks with sur­prise on how freely sell­ers sell in­ter­na­tion­al­ly, but rightly looks to the min­i­mal risks sell­ers bear and in­cen­tive they have for broad mar­kets to ex­plain this ca­sual dis­re­gard. One of the corol­lar­ies of this shift of risks from the seller to the re­cip­i­ent is that a vi­able method of at­tack­ing some­one is to get their ad­dress and or­der, say, heroin for them off SR as hap­pened to se­cu­rity jour­nal­ist in July 2013 (Krebs en­joys an­other du­bi­ous dis­tinc­tion: be­ing a vic­tim of ). Sheep Mar­ket­place de­cided to shut down its gun offer­ings 2013-11-08 due to “ac­tions un­der­taken by a par­tic­u­lar gun ven­dor where he threat­ened to kill a users fam­ily and be­gan ex­pos­ing ad­dresses” (pos­si­bly “gun­san­dammo”).

I check in 1 day lat­er: the or­der still pro­cess­ing. Items ap­par­ently aren’t pub­lic once you’ve es­crowed your dosh. 2 days lat­er: still pro­cess­ing. 3 days lat­er: can­celed! My Bit­coins are un­locked, of course, but I’m not keen on or­der­ing again right away. Need to browse more and look for deals. The can­cel­la­tion mes­sage is not very in­for­ma­tive:

Or­der can­celed, funds re­funded

Well sure, but why was it can­celed? I spec­u­late the seller de­cided he did­n’t want to send out­side the EU de­spite his list­ing claim­ing he would—per­haps ship­ping cost more than he had fac­tored into his price. (I checked back a few weeks lat­er, and the seller says he can­celed all or­ders and got a new pub­lic key be­cause the Mt.­Gox ex­ploits have made him para­noid. I can’t re­ally fault him with that ra­tio­nale. I wish he had men­tioned it be­fore, I would have cut him some slack.)

Try, try again

After some more brows­ing, I de­cide to go with ei­ther the cheap­est or the new post­ing, which men­tioned be­ing Provig­il. (Here it was that I de­cided my or­der­ing risk is very small, for a va­ri­ety of rea­sons19, and to go for­ward with my in­ves­ti­ga­tion.) But is it real branded Provigil or just the usual In­dian gener­ics? Al­so, the Adder­all seller has no pub­lic key list­ed! I take this op­por­tu­nity to mes­sage the two, ask­ing for more in­for­ma­tion and to post a pub­lic key, re­spec­tive­ly.

Both have replied the next day; the Adder­all seller has put up his pub­lic key, and the modafinil seller clar­i­fies it’s In­di­an—but it does­n’t mat­ter since the item’s page has dis­ap­peared, in­di­cat­ing some­one bought it al­ready. Nat­u­ral­ly, I re­ply and then delete all mes­sages. One must as­sume that SR will be com­pro­mised at some point… But the Adder­all it is. The list­ing looks pretty good, and the price per pill is su­pe­rior to that I was quoted by one of my col­lege-age friends (less than 1/3 the price, al­though to be fair it was near­ing ex­ams time) and also bet­ter than the Adder­all price quote in the New Yorker, $15 for 20mg:

Adder­all item list­ing

1 day after or­der­ing: still pro­cess­ing, and 2 days, ‘in tran­sit’:

Check­ing in on the Adder­all or­der: seller is still prepar­ing to send
And now the seller says he’s mailed it

Evaluating and reviewing

3rd day: still in tran­sit. 4th day: the pack­age ar­rived! I go over im­me­di­ate­ly, and it’s this harm­less-look­ing lit­tle padded mail­er. One would not sus­pect it of any­thing ne­far­i­ous, not with those cute stamps20:

Pack­age of Adder­all as re­ceived, be­fore open­ing

The con­tents are as de­scribed, 10 blue Adder­all, in a dou­ble zi­plock baggy (the vac­u­um-sealed bags are not needed for a drug this low on the im­por­tance scale—there are no for Adder­al­l):

The Adder­all pills them­selves in plas­tic bags

While I have never used Adder­all be­fore, the effects are no­tice­able enough that I am con­vinced after the first dose that they are gen­uine (I have con­tin­ued to ex­per­i­ment with them to some­what lesser effec­t). The very sharp-eyed will no­tice that these are the ‘generic’ Adder­all pills, but as it turns out, the generic Adder­all pills are man­u­fac­tured by the ex­act same phar­ma­corp as the branded Adder­al­l—the two prod­ucts are prob­a­bly a case of . Eco­nom­ics can be a coun­ter-in­tu­itive thing. I also or­dered generic with sim­i­lar steps since the ar­modafinil was no­tice­ably cheaper than the reg­u­lar In­dian generic modafinil:

4 of the pills are left after I tested the first one overnight.

They work fine (I have be­gun ex­per­i­ment­ing with them), and I leave the seller a nice re­view. My third or­der pro­ceeds as straight­for­wardly as the sec­ond or­der, and re­sults in an even bet­ter pack­aged ship­ment of prod­uct that seems to be gen­uine as far as I can tell. Heed­ful of the risks and prob­a­bil­i­ties, I leave an­other nice re­view; the re­view form (reached when you click the ‘fi­nal­ize’ link) is as straight­for­ward as the rest of the process:

The feed­back form, after a suc­cess­ful or­der

Feed­back is an im­por­tant part of the process. I was sur­prised to re­visit one of my sell­er’s page when 3 or 4 of his trans­ac­tions has caused him to go from no re­views to 4 pos­i­tive re­views, and see that his prices had in­creased a good 30 or 40%. Ap­par­ently he had been sell­ing at a con­sid­er­able dis­count to drum up re­views. This sug­gests to me, at least, that ex­ist­ing SR users are a bit too chary of new sell­ers.

An­other trans­ac­tion; 10x100mg Modalert or­dered from an Eng­lish sell­er, ar­rived in larger than one would ex­pect pack­ag­ing (which con­tained a pretty nifty way to hide a ship­ment, but I will omit those de­tail­s):

The Modalert pack­age as re­ceived

The Modalert was what one would ex­pect:

Foil pack­ag­ing, front
Foil pack­ag­ing, back

A fi­nal ex­am­ple: I search for modafinil:

Search re­sults for the query ‘modafinil’

I fi­nally de­cide to or­der 80x150mg ar­modafinil from a French seller (not so cheap as be­fore):

Cart re­port

2 weeks lat­er, it ar­rived in heav­ily folded pa­per in­side this en­velope:

a mes­sage from France

Con­tain­ing the agreed-upon pur­chase:

the booty

LSD case study

With Adder­all & modafinil, the seller choices were re­stricted enough and scams rare enough that I did not need to think hard about the process. When I be­came in­ter­ested in run­ning my , I looked at the LSD sell­ers, and this ease van­ished; scam­mers were an ac­knowl­edged plague, and there was a be­wil­der­ing ar­ray of op­tions:

The first page of LSD list­ings on SR in Sep­tem­ber 2012

Where does one start? I de­cided to turn my shop­ping frus­tra­tions into a case study of a sys­tem­atic ap­proach to eval­u­at­ing the avail­able in­for­ma­tion (but mostly an ex­cuse to col­lect some un­usual data and ap­ply some sta­tis­ti­cal rea­son­ing).

Seller table

Back­ground read­ing: “Offi­cial dis­cus­sion thread of cur­rent LSD ven­dors”, “The Avengers LSD Ven­dors Re­view”, & “Col­lec­tive Acid Data­base”.

This ta­ble of blot­ter list­ings <₿12 which ship to USA was com­piled 2012-09-03 from SR search re­sults for “LSD. Note that the ta­ble is now en­tirely ob­so­lete, but I be­lieve the over­all ap­pear­ance is rep­re­sen­ta­tive of the SR LSD mar­ket­place.

List­ing # μg S&H μg/ Tran­sit User Age (days) FE Feed­back Weighted μg/ Threads LSD re­views Fo­rum hits
Ma­trix™ 5 250 11.67 1.75 93 in­ter­na­tional En­terThe­Ma­trix 360 yes? 300(98.7%) 9021 En­terThe­Ma­trix re­views many many
Al­ice in Won­der­land 5 120 6.99 0.42 81 in­ter­na­tional aakoven 360 no?22 300(93.7%) 74 aakoven re­views >6 18023
Hoff­man Now 2 110 2.96 0.34 7024 in­ter­na­tional Pre­mi­um­Dutch 360 yes 300(97.3%) 67 N/A 2 6025
5LSD Blot­ter 5 200 7.45 0.58 125 in­ter­na­tional juer­gen2001 360 yes 300(95.1%) 115 juer­gen2001 re­views >18 90
Trip 5 150 8.02 0 94 do­mes­tic lonely kamel 120 no 173(93.4%) 84 LK 1 LK 2 0 2027
2 pcs Maya 2 250 4.12 1.42 104 in­ter­na­tional Vi­ta­Cat 120 no? 300(99.9%) 103 Vi­ta­Cat re­views many many28
5 pcs Maya 5 250 10.21 1.42 107 in­ter­na­tional Vi­ta­Cat 120 no? 300(99.9%) 106 Vi­ta­Cat re­views many many
Pre­mium LSD tabs 5 ? 6.99 0 72 do­mes­tic No FE ever 60 no 68(99.1%) 67 NFE 1, NFE 2 2 2229
Mayan 1 1 125 0.83 0.32 143 in­ter­na­tional nip­ple­suck­canuck 60 yes? 127(97.6%) 134 nip­ple­suck­canuck re­views ? 11
Mayan 2 10 125 7.19 0.49 163 in­ter­na­tional nip­ple­suck­canuck 60 yes? 127(97.6%) 153 nip­ple­suck­canuck re­views 3 11
Shiva 2 100 2.18 0.18 85 do­mes­tic graffen­burg 30 no 76(100%) 82 N/A 0 930
Hoff­mann bike rides 5 150 7.53 0 100 in­ter­na­tional Ma­chine Maid 30 no 10(100%) 74 N/A 0 1
3Jane Lat­est 5 100 7.36 0.59 63 do­mes­tic Molly Want a Cracker 24 no 28(100%) 57 Molly re­views 0 9
Bee­tles Stamps 5 150 4.28 0 175 do­mes­tic USAReshipper 10 no 0(?%) 88 N/A 0 331
5 strip Real Love 5 150? 6.41 0.29 112 do­mes­tic La­dy­lucy 4 ? 0(?%) 56 La­dy­lucy re­views 0 3
Koi Fish 1 250 2.51 0.6 80 in­ter­na­tional acid­dot­com 7 yes 0(0%) 40 N/A 0 0

An anony­mous email pro­vided me in No­vem­ber 2012 with a cat­a­logue from a Dutch bulk seller who sells LSD (a­mong other things); their listed prices serve as a use­ful com­par­ison:

Blot­ter brand Dose (μg) Unit-count unit-price (€) min. to­tal cost (€) min. μg/
Fat & Fred­dy’s 200-250 100-1000 4.75 475 42.1
Fat & Fred­dy’s 200-250 2000-4000 4.25 8500 47
Fat & Fred­dy’s 200-250 5000-9000 3.90 19500 51.3
Fat & Fred­dy’s 200-250 10000+ “ne­go­tiable” ? ?
Gane­sha 100-120 100-1000 2.50 250 40
Gane­sha 100-120 2000-4000 2.25 4500 44.4
Gane­sha 100-120 5000-9000 1.70 8500 58.8
Gane­sha 100-120 10000+ “ne­go­tiable” ? ?
Hof­mann bi­cy­cle man 100-120 100-1000 2.50 250 40
Hof­mann bi­cy­cle man 100-120 2000-4000 2.25 4500 44.4
Hof­mann bi­cy­cle man 100-120 5000-9000 1.70 8500 58.8
Hof­mann bi­cy­cle man 100-120 10000+ “ne­go­tiable” ? ?

To con­vert ₿ to € (as of 2012-09-03), we mul­ti­ply by 8.3. So for com­par­ison, the top Dutch blot­ter was 58.8μg/€, and the top un­weighted SR blot­ter was 163μg/₿; in €, the SR be­comes 163μg/8.3₿ or 19.64μg/€, in­di­cat­ing that a small SR pur­chase with S&H will have a unit-price 3x of a large Dutch pur­chase mi­nus S&H.

A fac­tor of 3 seems pretty rea­son­able, given the very large markups along the LSD sup­ply-chain. 2003 trial tes­ti­mony32 for the Amer­i­can LSD chemist stated that his whole­sale cus­tomers paid him ~$0.3 per 100μg, or (as of 2012-09-03) 0.0286₿ per 100μg, or 3497μg/₿. (A stark con­trast to 163μg/₿!)


Some gen­eral ob­ser­va­tions on this ta­ble of a sub­set of LSD sell­ers:

  1. There’s a strik­ing num­ber of new sell­ers: list­ings from ‘young’ ac­counts (<=2 months old) make up more than half the table. I’ve seen many com­plaints about a lack of US sell­ers but it seems the mar­ket is re­spond­ing.

  2. There are dis­may­ingly few LSD re­views on the fo­rums for any seller ex­cept En­terThe­Ma­trix; this seems to be par­tially due to the pres­ence of many sell­ers not spe­cial­iz­ing in LSD.

  3. Long-term feed­back be­low 95% is a warn­ing sign. Of the 3 ‘old’ sell­ers with ~95% or less feed­back (aakoven, juer­gen2001, & lonely kamel), all 3 have plenty of bad feed­back on the fo­rums. If it were just one that had both bad feed­back and bad fo­rum com­ments, it might be some sort of as­tro­turfing or ‘hat­ing’ (as aakoven pre-emp­tively ac­cuses his bad feed­back rat­ing), but when all 3 have both bad fo­rums and feed­back rat­ings? Makes one won­der… Nor is that the ‘cost of do­ing busi­ness’ for very old seller ac­counts, since we see that the sim­i­larly old En­terThe­Ma­trix33 & Pre­mi­um­Dutch rat­ings are solidly bet­ter.

    Since their μg/₿ are not stel­lar (save juer­gen2001’s), it’s not clear why any­one would buy from them.

  4. Some of the new sell­ers seem to have a lot of feed­back (eg. No FE ever or nip­ple­suck­canuck), but look­ing at their feed­back, we see a great deal of early fi­nal­iza­tion! This ren­ders them pretty sus­pect. And of course, the 3 youngest sell­ers have no feed­back at all. This is a prob­lem be­cause scam­mers are a se­ri­ous prob­lem with LSD sell­ers; a quick read of fo­rum threads lists 5 scam­mers over the past 3 months: Kat, Gar, Bloom­ing­col­or, Frac­taldelic, & Di­Men­sion­al­Trav­el­er.

  5. The range of μg/₿ is in­ter­est­ing: a full or­der of mag­ni­tude is rep­re­sent­ed, from the low of 63μg/₿ to 175μg/₿.

    Per­haps sur­pris­ing­ly, this range does­n’t go away when I try to ad­just for risk based on re­views: now the full range is 40μg/₿ (acid­dot­com) to 153μg/₿ (nip­ple­suck­canuck).



In my I dis­cussed some ba­sic sta­tis­ti­cal tech­niques for op­ti­miz­ing or­ders un­der un­cer­tain­ty: one-shot or­der­ing, re­peated or­der­ing with free learn­ing, & re­peated or­der­ing with ex­pen­sive learn­ing.

In this case, it’s a sin­gle or­der, so one-short or­der­ing it is. One-shot or­der­ing sim­ply coun­sels or­der­ing from a mix of the cheap­est and the safest sell­er—what max­i­mizes one’s (EV), which is just . The re­ward is easy: to­tal dose di­vided by to­tal cost. The risk is hard­er: the sell­ers do not con­ve­niently vol­un­teer how likely you are to be scammed.

The ob­vi­ous way to quan­tify risk is to just take the feed­back at face-val­ue: a 97% rat­ing says I am tak­ing a 3% chance I will be screwed over. Mul­ti­ply that by the re­ward, sort to find the largest EV, and we’re done.

An ob­jec­tion: “Are you se­ri­ously say­ing that a seller with 1 bad re­view out of 100 is equally trust­wor­thy as a seller with 3 bad re­views out of 300, and that both of them are less trust­wor­thy than a ven­dor with 0 bad re­views out of 10?” It does seem in­tu­itive that the 300 guy’s 99% is more re­li­able than the 100 guy’s 99%; the 10 guy may have a per­fect 100% now, but could eas­ily wind up with some­thing much lower after he’s sold 100 or 300 things, and we would rather not be one of the buy­ers who causes those shifts down­ward.

So. Sup­pose we pre­tended re­views were like polling or sur­veys which are draw­ing votes from a pop­u­la­tion with an un­known num­ber of bad ap­ples. We could call it a draw from a . We’re not in­ter­ested in the op­ti­mistic ques­tion of “how good could these sell­ers turn out to be?”, but rather we are in­ter­ested in find­ing out how bad these sell­ers might truly be. What’s the worst plau­si­ble ven­dor fu­ture rat­ing given their ex­ist­ing rat­ings? We can ask for a and look at the lower bound. (Lower bounds re­mind us no ven­dor is 100% trust­wor­thy, and in­deed, pace the , the higher their rat­ing the greater their in­cen­tive to re­quire FEs and dis­ap­pear with one last gi­ant haul; the ac­tual SR feed­back sys­tem seems to use some sort of weighted av­er­age.) This gives us the pes­simistic per­cent­age of feed­back which we can then in­ter­pret as the risk that we will be one of those bad feed­backs, and then we can fi­nally do the sim­ple ex­pect­ed-value cal­cu­la­tion of “μg/₿ times prob­a­bil­ity of be­ing happy”. What are the re­sults? The num­bers were cal­cu­lated as fol­lows:

# Frequentist analysis:
y <- function(ugbtc,n,pct) {((binom.test(round((pct/100)*n),n,conf.level=0.90))$ * ugbtc}
# Binomial CI doesn't work on 0 data; what do we do? Punt with the age-old 50%/coin-flip/equal-indifference
# Why 90% CIs? Fake feedback skews the stats up and down, so we might as well get narrower intervals...
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
    y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143 127,97.6), y(163,127,97.6), 175*0.5)
 [1]  56.60766  66.66799  67.11326  45.00000  73.58456  81.71468  90.18671
 [8]  84.31314  74.11344  56.00000 115.50641 134.43170 153.23333  87.50000

# Question: what if we use a Bayesian Jeffreys interval?
y <- function(ugbtc,n,percent) {binomCI(x=round((percent/100)*n),n=n,conf.level=0.90,
                                method ="jeffreys")$CI:1 * ugbtc }
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
     y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143,127,97.6), y(163,127,97.6), 175*0.5)
 [1]  58.85933  66.81522  67.96488  45.00000  73.74114  82.88563  90.39917
 [8]  84.64024  82.92269  56.00000 115.75319 135.22059 154.13256  87.50000
# Answer: it's almost identical.

# If Bayesian and frequentist methods differed much, one would be wrong and no one would use it!
# let's look in further, how *exactly* do the ug/₿ ratings differ?
binom <- c(56.60766, 66.66799, 67.11326, 45.00000, 73.58456, 81.71468, 90.18671, 84.31314, 74.11344,
                       56.00000, 115.50641, 134.43170, 153.23333, 87.50000)
jeffreys <- c(58.85933, 66.81522, 67.96488, 45.00000, 73.74114, 82.88563, 90.39917, 84.64024,
                82.92269, 56.00000, 115.75319, 135.22059, 154.13256, 87.50000)
mapply(function(x,y) round((x-y)/y * 100,digits=2), binom, jeffreys)
#  [1]  -3.83  -0.22  -1.25   0.00  -0.21  -1.41  -0.24  -0.39 -10.62   0.00
# [11]  -0.21  -0.58  -0.58   0.00
## in 1 case, for Machine Maid, the ug/₿ estimates differ by 10.62%, which is interesting

(This demon­strates, in­ci­den­tal­ly, that feed­back rat­ings don’t start yield­ing very high as­sur­ance un­til a sur­pris­ingly large num­ber of re­views have been made.)

Now we have risk fac­tored in from just the quan­ti­ta­tive data of the feed­back amount & per­cent­age. But we must be more sub­jec­tive with the other fac­tors.


We have to look at more qual­i­ta­tive in­for­ma­tion and start com­par­ing & rank­ing pos­si­bil­i­ties. There are a few cri­te­ria that one should val­ue; in roughly de­scend­ing or­der of im­por­tance:

  1. old > new
  2. high weight­ed-μg/
  3. many re­views on SR & fo­rums
  4. no FE > FE
  5. do­mes­tic > in­ter­na­tional
  6. has feed­back thread

For a first cut, we look at all items meet­ing #2, where a good cut off seems to be weight­ed-μg/₿>90; this is just En­terThe­Ma­trix, juer­gen2001, Vi­ta­Cat, and nip­ple­suck­canuck. A sec­ond cut is #1, which deletes nip­ple­suck­canuck for be­ing too new. #3 is use­less, but #4 is help­ful: we can scrap juer­gen2001 for re­quir­ing FE; #5 is now use­less as both are in­ter­na­tion­al, as is #6 since both have feed­back threads.

So we’re down to Vi­ta­Cat and En­terThe­Ma­trix. On most of the listed met­rics, they are about equal—En­terThe­Ma­trix seems to have an edge in feed­back due to greater vol­ume, but it’s hard to say for sure. Go­ing with Vi­ta­Cat promises to save a lit­tle bit of money since his weight­ed-μg/₿ is ~10 greater. So our analy­sis winds up with the con­clu­sion of or­der­ing from Vi­ta­Cat, who has a rea­son­able-look­ing pro­file:

Home­page of the Vi­ta­Cat LSD seller on Silk Road

And whose Maya list­ing looks per­fectly ac­cept­able:

Vi­ta­Cat’s 250μg LSD blot­ter list­ing


Was this the right choice? I have no idea. The best I can say is that check­ing the SR fo­rums in De­cem­ber 2012, by which time any Sep­tem­ber or­der would have been de­liv­ered or not, there were no re­ports of that seller be­ing a scam­mer or hav­ing en­gaged in a rip-and-run, while some of the low­er-ranked sell­ers seem to have dis­ap­peared.

I bought the 2-dose item since I could­n’t afford the 5-dose one. (It would’ve been use­ful but I was­n’t sure I wanted to sink in that much mon­ey, 2 doses should suffice, and it was highly likely that he would sell out be­fore I had con­verted any more money into Bit­coin—as in­deed he did sell out.) So in­stead I paid ex­tra for track­ing. Or­der­ing was like any other SR or­der; I filled out the cart:

SR1 cart show­ing my or­der from Vi­ta­Cat

Was able to check the de­tails to make sure every­thing was right:

Or­der de­tails

Waited im­pa­tiently while it was pro­cess­ing to see if he would ac­cept my over­seas or­der:

Or­der sta­tus page show­ing or­der has been marked as ‘pro­cess­ing’

And when he did, sat back and wait­ed:

Or­der sta­tus page: in tran­sit

It came with­out any is­sue:

Pho­to­graph of en­ve­lope con­tain­ing my LSD or­der from SR1’s Vi­ta­Cat


Be­cause it’s just pa­per im­bued with a tiny dose of the chem­i­cal, it’s easy to mail LSD around with­out is­sue. If any­thing, the pack­ag­ing was a bit too clev­er, mas­querad­ing as or­di­nary busi­ness mail with a coupon:

De­coy let­ter

The at­tached “coupon” or 2 tabs (in a sealed plas­tic coat­ing, so the frag­ile LSD does­n’t de­grade) was smaller than I had ex­pect­ed:

2 250μg doses of LSD on “Mayan” blot­ter pa­per, shipped from Ger­many in a sealed plas­tic sheet

VoI: Ehrlich test

We have one last ques­tion about or­der­ing: should we buy an “Ehrlich test”?

An is a rea­gant for , a cat­e­gory which in­cludes psy­che­delics like LSD & psilo­cy­bin. As such, it can be used as a kind of qual­ity check. How­ev­er, while any LSD prod­uct will prob­a­bly trig­ger a pos­i­tive, so will other chem­i­cals; and the test it­self may sim­ply be wrong.

Is an Ehrlich test worth buy­ing? This sounds like a clas­sic Value of In­for­ma­tion prob­lem.

The only SR list­ing for an Ehrlich test is a Synap­tic list­ing (a seller who I have al­ready crit­i­cized for shoddy se­cu­rity prac­tice) which both costs >$40 and has a highly neg­a­tive re­view! Googling on the open web leads quickly to eztestk­its sell­ing for £4.99, which with S&H is prob­a­bly $10-15, and Avalon Magic Plants for a sim­i­lar price. Synap­tic’s list­ing is clearly a fool’s buy (and I heard later he was banned), but the lat­ter two may not be.

The fun­da­men­tal ques­tion of a VoI analy­sis is: how would this in­for­ma­tion change your ac­tions? If the test be­ing pos­i­tive rather than neg­a­tive would not lead you to do any­thing differ­ent­ly, then the in­for­ma­tion has no (di­rect) val­ue.

This leads to a quick an­swer: if I tested a Vi­ta­Cat dose (de­stroy­ing >$20 of LSD) and it was neg­a­tive, would I throw the rest out? No. I would be too cu­ri­ous, and I would have spent too much to tran­quilly chuck it based on one test which I do not trust as com­pared against a very rep­utable sell­er. (I would be too cu­ri­ous since I do not plan to or­der again.) There­fore, the VoI is ze­ro; and a value of zero does not jus­tify spend­ing the money on buy­ing a kit and wast­ing LSD and time. I would just find out the hard way.


There is no proof of all of the above—any­thing here could have been faked with Pho­to­shop or sim­ply reused (per­haps I have a le­git­i­mate Adder­all pre­scrip­tion). Take it for what it is and see whether it con­vinces you: ar­gu­ment screens off au­thor­ity.

But look­ing back, I have been lucky: from read­ing the fo­rums, it’s clear that there are scam­mers on SR34, and ship­ments do get lost in the mail or seized or oth­er­wise not de­liv­ered. (I do not ex­pect any le­gal prob­lems; law en­force­ment al­ways go after the sell­ers, to achieve max­i­mum im­pact, and SR presents both tech­ni­cal and ju­ris­dic­tional prob­lems for law en­force­men­t.) This is in­her­ent to the idea of an anony­mous mar­ket­place, but the sys­tem worked for me. SR de­scribes it well in one of his mes­sages:

Things are go­ing re­ally well here. There are many new buy­ers and sell­ers work­ing well to­geth­er, our servers are se­cure and hum­ming along, and you may even start to feel com­fort­able. DO NOT get com­fort­able! This is not wal-mart, or even ama­zon.­com. It is the wild west and there are as many crooks as there are hon­est busi­ness­men and women. Keep your guard up and be safe, even para­noid. If you buy from some­one with­out rep­u­ta­tion, get to know them re­ally well through pm, and even then be sus­pi­cious. Un­for­tu­nately it only takes one bad ap­ple to spoil the bunch, and there are bad ap­ples out there.

On SR, there are li­ons and tigers and pigs oh my, but: alea iacta est! Like Bit­coin, SR may live an­other few months, or an­other few years, but will it? Like us­ing SR, there’s no way to know but to go.

Future Developments

So, we have seen that Bit­coin sat­is­fies an old dilemma be­dev­il­ing the early cypher­punks; and we have cov­ered how SR fol­lows rec­om­mended de­sign prin­ci­ples in achiev­ing their dream of self­-en­forc­ing mar­ket­places, and then went through a lengthy ex­am­ple of how buy­ers can ra­tio­nally or­der and thereby con­tribute to the nec­es­sary dy­nam­ics.

The drug mar­ket has grown and thrived be­yond all ex­pec­ta­tions, de­spite an ex­tra­or­di­nary—per­haps un­prece­dent­ed—level of me­dia cov­er­age and trans­parency of op­er­a­tion. By its mere ex­is­tence, it lays bare the uni­ver­sal­ity of il­licit drug use; by its sales vol­ume, it pro­vides a bench­mark for un­der­stand­ing what es­ti­mates of the global black mar­ket re­ally mean: if the SR has turnover of $20m a year and the black mar­ket turn over closer to $100b a year, then the lat­ter is equiv­a­lent to 5000 SRs. By its use of pub­lic tech­nol­ogy (even im­ma­ture & hard to use tech­nolo­gies) and or­di­nary postal ser­vices, it demon­strates the in­fea­si­bil­ity of the long-s­tand­ing War on Drugs; and by tam­ing drug use, turn­ing it from a vi­o­lence-prone seamy affair to a smooth com­mer­cial trans­ac­tion, it sug­gests that there is no ne­ces­sity for the War on Drugs.

What is next?

No one fore­saw Bit­coin in 2008; and the suc­cess of SR in 2011 took many by sur­prise (in­clud­ing the au­thor) who had as­sumed that it would quickly be shut down by law en­force­ment, fall vic­tim to hack­ers seek­ing a lu­cra­tive pay­day, or at best de­volve into a lemon mar­ket with a few over­priced goods. All three of these pos­si­bil­i­ties still ex­ist; lengthy SR down­time in No­vem­ber 2012 fu­eled spec­u­la­tion that law en­force­ment had fi­nally found a vi­able at­tack or that SR was suffer­ing a (DoS) at­tack. SR’s ad­min­is­tra­tor stated the down­time was due to “record” num­bers of users; but if large num­bers of le­git­i­mate users can ac­ci­den­tally take down the site, clearly a ful­l-fledged DoS at­tack is fea­si­ble. A real DoS at­tack by a sin­gle at­tacker in April 2013 de­graded ac­cess for a week and es­sen­tially blocked all ac­cess for ~2 days, prompt­ing SR to sus­pend its com­mis­sions for sev­eral days to en­cour­age pur­chas­es.

But sup­pos­ing that SR con­tin­ues to have an an­nual turnover of mil­lions of dol­lars of drugs and other goods? Two strik­ing pos­si­bil­i­ties come to mind.

  1. the next de­vel­op­ment may be “in­for­ma­tion mar­kets”: dark­net mar­kets for leaked data, whistle­blow­ers, cor­po­rate es­pi­onage, per­sonal in­for­ma­tion such as credit card num­bers, etc. Ex­ist­ing “card­ing fo­rums” may be a mar­ket niche to usurp, as they have had prob­lems with law en­force­ment in­fil­tra­tion and would ben­e­fit from in­creased se­cu­ri­ty. Sim­i­lar­ly, Wik­iLeaks has re­port­edly tried to auc­tion off ac­cess to doc­u­ments in its pos­ses­sion, and while the auc­tions ap­par­ently failed, this may be due to de­fec­tions and se­vere in­ter­nal tur­moil and not flaws in the fun­da­men­tal idea.

  2. The most ex­treme cypher­punk pro­posal was con­cepts pub­lished the 1997 es­say “As­sas­si­na­tion Pol­i­tics”: a in which par­tic­i­pants lay bets on when the ex­act day a par­tic­u­lar per­son will die; when the to­tal bets be­come large enough, they func­tion as a bounty on that per­son­—i­nas­much as a would-be hit man knows when the per­son will die and can profit hand­some­ly. As­sas­si­na­tion mar­kets were to be a weapon against gov­ern­ment op­pres­sion, but such mar­kets could be used against any non-anony­mous but pow­er­ful hu­mans.

    This would seem to be much less plau­si­ble than ei­ther a drug mar­ket or an in­for­ma­tion mar­ket: both drug & in­for­ma­tion dark­net mar­kets are mar­kets which ex­ist offline and on­line al­ready, with il­le­gal drugs rep­re­sent­ing a global mar­ket best mea­sured in hun­dreds of bil­lions of dol­lars of turnover (a­gainst the SR’s mil­lions) with scores of mil­lions of drug users world­wide, so cypher­punk-style im­ple­men­ta­tions are in a cer­tain sense just ‘busi­ness as usual’ with a very large cus­tomer base ea­ger to par­tic­i­pate and moral re­spectabil­ity to salve the con­science. De­mand for hit men, on the other hand, is rare out­side or­ga­nized crime and gov­ern­ments, diffi­cult for any or­di­nary per­son to jus­tify the use of, and usu­ally con­fined to par­tic­u­lar re­gions such as Mex­ico or Afghanistan. Fur­ther, a large drug de­liv­ery fa­cil­i­tated via SR will usu­ally go un­no­ticed by the world as the re­cip­i­ent has no in­cen­tive to re­veal it; a ‘large’ as­sas­si­na­tion, on the other hand, will be global news and may trig­ger a back­lash large enough to take down the site, or in gen­eral de­grade Tor & Bit­coin to the point where they can­not sup­port large enough boun­ties on any in­di­vid­ual to mat­ter.

    In July 2013, claim­ing to be in­spired by Silk Road, the pseu­do­ny­mous pro­gram­mer “Kuwa­batake San­juro” () set up what he claimed to be the first func­tion­ing as­sas­si­na­tion mar­ket at assmkedzgorodn7o.onion (2013-11-21 mir­ror) named sim­ply “As­sas­si­na­tion Mar­ket”; he pub­li­cized it in No­vem­ber 2013 with an in­ter­view with Forbes. The ob­vi­ous in­ter­pre­ta­tion is that it is a scam: while it pro­vides pub­lic Bit­coin ad­dresses al­low­ing ver­i­fi­ca­tion that ~₿150 are at those ad­dress­es, and its pro­to­col should al­low a par­tic­i­pant to prove that they were not paid, none of the tar­gets are likely to die for years, if not decades, at which point San­juro can sim­ply steal all the bit­coins trusted to him—it does­n’t mat­ter if par­tic­i­pants can then prove they were not paid and As­sas­si­na­tion Mar­ket was a scam, be­cause he would have made off with more than enough to jus­tify the to­tal effort of writ­ing & run­ning As­sas­si­na­tion Mar­ket.

    This raises an in­ter­est­ing ob­ser­va­tion: a drug DNM can boot­strap from noth­ing through users risk­ing rel­a­tively low-cost trans­ac­tions like buy­ing $50 of a drug to test the mar­ket out, and Silk Road did just this (with Ul­bricht re­port­edly grow­ing mush­rooms to sell at the start); but how does an as­sas­si­na­tion mar­ket boot­strap? Mur­ders come in dis­crete units: some­one is ei­ther dead or not. Even if AM is for real and there is a mar­ket out there for it and it would not be de­stroyed by any back­lash, as­sas­si­na­tion mar­kets may turn out to be im­pos­si­ble be­cause there is no way to in­cre­men­tally build up trust be­tween its “buy­ers” and “sell­ers”. This boot­strap prob­lem seems like a fa­tal is­sue, but there are other prob­lems with at­tempt­ing to build an as­sas­si­na­tion mar­ket on top of or other dis­trib­uted pre­dic­tion mar­ket pro­pos­als.

    The ‘host’ pre­dic­tion mar­ket has strong in­cen­tive to cen­sor or boy­cott as­sas­si­na­tion mar­ket con­tracts be­cause the first se­ri­ous suc­cess­ful use could eas­ily trig­ger gov­ern­ment coun­ter-at­tacks in the hun­dreds of mil­lions or bil­lions of dol­lars on it (imag­ine the re­ac­tion if a head of state of a G-8 coun­try was as­sas­si­nat­ed, given the level of EU re­ac­tions to some used gun sales on the DNMs…). Such com­mu­nity norms could be eas­ily im­ple­mented as a rule that con­tracts in­volv­ing any con­tin­gency on death (eg con­tracts on whether a pres­i­dent will fin­ish their term are, in gen­er­al, a le­git­i­mate top­ic) sim­ply can­not be more tem­po­rally pre­cise than 1 year, re­duc­ing the lever­age avail­able to an as­sas­sin. Blockchains may be hard to cen­sor, but they are far from in­vul­ner­a­ble, es­pe­cially given their small sizes in 2016. The as­sas­si­na­tion mar­ket can be effec­tively shut down by a ma­jor­ity of pre­dic­tion mar­ket users sim­ply vot­ing the op­po­site of the truth in any con­tract that seems like it might be in­cen­tiviz­ing as­sas­si­na­tions, de­ter­ring would-be as­sas­sins. Even if the blockchain is not able to be cen­sored or DoSed, the as­sas­si­na­tion mar­ket boot­strap is some­how solved, and it be­gins op­er­a­tion, a pre­dic­tion mar­ket is in­her­ently based on pub­lic in­for­ma­tion and can be spoofed by tar­gets fak­ing their own deaths upon ob­serv­ing spikes in mar­kets on them or spoofed by gov­ern­ments who can sim­ply say a tar­get was killed on the wrong day, wait for all the funds to pay­out to the wrong pre­dic­tors, and then an­nounce that the per­son is in fact alive—in­deed, should such mar­kets be­come highly ac­tive, this be­comes a lu­cra­tively self­-fund­ing wit­ness pro­tec­tion pro­gram. (Such a strat­egy also works for ac­tual as­sas­si­na­tions: offi­cially an­nounce the death hap­pened a day or two lat­er; the pre­dic­tion mar­ket has no rea­son to try to ques­tion the offi­cial death date, but the as­sas­sins must now spread bets across an in­creas­ing num­ber of days to get any pay­men­t.)

    Over­all, I am skep­ti­cal San­juro’s “As­sas­si­na­tion Mar­ket” will last very long, and I cer­tainly don’t ex­pect any of the tar­gets to be as­sas­si­nat­ed.

Re­gard­less, 2 key pieces of cypher­punk tech­nol­ogy are now in place and al­ready en­abling re­mark­able new sys­tems. Both re­searchers and dig­i­tal en­tre­pre­neurs may ben­e­fit from tak­ing a look back at some for­got­ten pi­o­neers and re-e­val­u­at­ing their pro­pos­als in the light of re­cent suc­cess­es.



“If you’re gonna play the game, boy, ya gotta learn to play it right: / You got to know when to hold ’em, know when to fold ’em, / Know when to walk away—­know when to run.”

Don Schlitz,

Watch­ing the fall of At­lantis, SR, and BMR, I have de­rived some ba­sic rec­om­men­da­tions for fu­ture dark­net mar­ket op­er­a­tors (which I do not ex­pect to be pop­u­lar among them be­cause it’s ad­di­tional work & some rec­om­men­da­tions re­duce their po­ten­tial profits or abil­ity to scam user­s):

  1. data re­ten­tion poli­cies should be as ag­gres­sive as fea­si­ble. Data should be deleted the mo­ment it is not nec­es­sary. Avoid un­nec­es­sary pre­ci­sion; for ex­am­ple, there is no need to keep track of how many or­ders a seller has car­ried out be­yond, say, 300. Pri­vate mes­sages should be au­to­mat­i­cally deleted after weeks, not months. And so on.

  2. use of PGP en­cryp­tion should be manda­to­ry. One good way is to have the site ver­ify that all ad­dress sub­mis­sions and pri­vate mes­sages are PGP mes­sages and re­ject un­en­crypted mes­sages. This will an­noy buy­ers & sell­ers, but this is for their own good. (The lib­er­tar­i­ans may com­plain that they should be free to be lazy & en­dan­ger them­selves, but this is bull­shit which ig­nores the neg­a­tive ex­ter­nal­i­ties of not us­ing PGP: it dam­ages .)

    It may also be a good idea to re­quire sell­ers to ro­tate their PGP key every so often, as a par­tial way to at­tain . (They would post the new pub­lic key signed by the old pub­lic key, and then hope­fully delete the old se­cret key.)

  3. the DNM op­er­a­tors should spec­ify in ad­vance how long they will run the site, at what level of com­mis­sions they will cash out, and pre­com­mit to shut­ting down the site or hand­ing it over to a new op­er­a­tor when­ever ei­ther con­di­tion comes to pass. This en­forces com­part­men­tal­iza­tion, im­pedes any on­go­ing in­ves­ti­ga­tions or later in­for­ma­tion leaks, and the op­er­a­tor avoids com­mit­ting and —where they never stop op­er­at­ing the site, and just keep run­ning it un­til they are fi­nally ar­rest­ed. If Ross Ul­bricht had passed SR on as he claimed in the Forbes in­ter­view, say after he made his first ₿111k, it is likely that SR would not have been busted as soon as it was, he may never have been ar­rested be­cause he could not be ir­refutably tied to op­er­at­ing the site, and he would have had a chance to en­joy his for­tune. An old proverb comes to mind:

    If you must play, de­cide on three things at the start: the rules of the game, the stakes, and the quit­ting time.

  4. a num­ber of post-SR1 buyer & seller busts seem to be tied to the sell­ers keep­ing copies of the buy­ers’ ad­dresses & in­for­ma­tion in un­en­crypted PMs. There is noth­ing a site op­er­a­tor can do di­rectly about this prob­lem, as they can­not know what goes on in the sell­er’s com­put­er, but they can at least in­sti­tute a clear “death penalty” for any seller who re­veals a buy­er’s ad­dress, threat­ens to re­veal it, or claims to re­veal it. The site op­er­a­tors of SR and BMR de­clined to sanc­tion their sell­ers who did this (eg. MMM/Moramoru on BMR), and thereby si­mul­ta­ne­ously put all buy­ers at risk and in­cen­tivized po­lice raids on sell­ers (there is spec­u­la­tion that the SR seller Plu­topete, who sold le­gal prod­ucts, was tar­geted be­cause they hoped to seize buyer ad­dresses from him).

    This does not con­flict with the manda­tory use of PGP en­cryp­tion, as if a buyer claims a seller threat­ened him in a PGP-encrypted mes­sage, the site op­er­a­tor can de­mand the se­cret key from the buy­er—s­ince they’re mak­ing the claim, the onus is on them, after al­l—and de­crypt the stored copy of the sell­er’s mes­sage to the buy­er.35 If the buy­er’s claims are true, the seller is im­me­di­ately banned and their Bit­coin bal­ance con­fis­cat­ed; while if the buyer lied, they are banned in­stead. To in­cen­tivize rev­e­la­tion of the sell­ers’ mis­be­hav­ior, the site op­er­a­tor can offer as a bounty to buy­ers what­ever Bit­coin bal­ance the seller had.

  5. Early Fi­nal­iza­tion should not be offered as a fea­ture, or if it is, it should be au­to­mat­i­cally lim­ited only to young buyer ac­counts or sim­i­lar sit­u­a­tions.

  6. A large part of site com­mis­sions should be ear­marked for hir­ing pen­e­tra­tion testers and se­cu­rity boun­ties, and de-anonymiz­ing at­tacks on the site op­er­a­tor.

    Post on fo­rums that you’re offer­ing a Bit­coin boun­ty. (Heck, with Bit­coin, you can prob­a­bly even script up a block which au­to­mat­i­cally pays—­for ex­am­ple, you could an­nounce that you’ve cre­ated a dummy user X, with an un­known pass­word Y, which un­locks a bit­coin trans­ac­tion of 100btc. Any­one who can break into the user data­base can ex­tract the pass­word Y, and claim the boun­ty.)

  7. Backup with­drawal ad­dresses should be im­ple­ment­ed. In par­tic­u­lar, the with­drawal ad­dresses should be manda­tory for users, and be­yond that, bal­ances should be flushed at in­ter­vals.

    The fall of SR caused tremen­dous prob­lems for many users be­cause they had fool­ishly let bal­ances build up in SR rather than get around to with­draw­ing them. SR had an “au­to-with­drawal” fea­ture (doc­u­mented on the SR wik­i), but the mil­lions of dol­lars’ worth of Bit­coin seized on the SR server proves that very few sell­ers used it. Poli­cies must be ex­er­cised or they are worth­less.

  8. The server ar­chi­tec­ture must fol­low a nested vir­tu­al-ma­chine in which all mar­ket-re­lated soft­ware is iso­lated in a vir­tual ma­chine and the VM it­self is forced through Tor by the host OS, akin to .

    Al­most no soft­ware, whether it be OS or web li­braries or HTTP servers, is de­signed with any con­sid­er­a­tion to­wards pre­serv­ing anonymi­ty, those which are have been au­dited min­i­mal­ly, and many choose to ac­tively de­stroy anonymity (A­pache er­ror mes­sages and phpinfo() pages hap­pily hand out IP ad­dress data, since it’s so use­ful for de­bug­ging, or a fea­ture in­her­ently de­stroys anonymi­ty, like CMS soft­ware which sends out email­s). Mul­ti­ple DNMs have leaked their IP; Ross Ul­bricht’s jour­nal notes that SR1 leaked its server IP on mul­ti­ple oc­ca­sions, some of which were pub­licly noted (and FBI agent Tar­bell as­serts that an­other such IP leak, in the CAPTCHA code, was what lead them to the SR1 server and from there to Ul­bricht him­self). It’s diffi­cult enough to as­sure sim­ple se­cu­ri­ty, one must as­sume that the server will be de-anonymized at some point, and the only way to en­sure that there is no in­for­ma­tion leak from the OS or server soft­ware is to make sure that in­for­ma­tion is not avail­able in the first place! A gate­wayed VM ar­chi­tec­ture en­sures that one does not at least lose anonymity to triv­ial con­fig­u­ra­tion mis­takes or li­braries try­ing to be “help­ful”.

  9. Source code for the site should be avail­able. does not work.

    We learned what SR & BMR were hid­ing be­hind their ob­scu­ri­ty—a bla­tant breach of anonymity (DPR’s hard­wired non-Tor IP login), and in­com­pe­tent code with SQL in­jec­tion vul­ner­a­bil­i­ties among other is­sues (BMR’s source code leak). If a site op­er­a­tor men­tally quails at re­leas­ing the source code—­good! That sub­con­scious fear means they have just re­al­ized that they have linked their DNM with their real iden­ti­ty, or they left in some de­tail like DPR’s IP ad­dress, or there’s vul­ner­a­bil­i­ties that need to be fixed. Source code also means that users can ver­ify that many of the se­cu­rity fea­tures are in fact im­ple­mented and work­able (so the site op­er­a­tor would have to be out­right ma­li­cious to keep more data than claimed, etc).

  10. PHP should be avoid­ed.

  11. Role-sep­a­ra­tion & the prin­ci­ple of least priv­i­lege: ac­counts should be locked as buy­ers, sell­ers, and staff, and no min­gling per­mit­ted.

    Sell­ers who buy from other sell­ers us­ing a known seller pseu­do­nym are paint­ing a tar­get on their back. A staffer or­der­ing from a seller is a per­fect tar­get for a con­trolled de­liv­ery if the seller is an un­der­cover agent or has been or will be flipped. (If a seller wants to buy, they can sim­ply reg­is­ter a new buyer ac­count like every­one else.) This has been a se­ri­ous prob­lem thus far: Silk Road 1 was busted due to lack of com­part­men­tal­iza­tion (a staffer took an or­der from an un­der­cover agent; Ul­bricht bought mar­i­juana & fake IDs, ad­di­tional ev­i­dence against him); at least one Silk Road 1 seller was suc­cess­fully tar­geted ap­par­ently be­cause they bought from a flipped seller us­ing their seller ac­count (while the flipped sell­er’s oth­er, nor­mal, cus­tomers seem to have been spared; see dig­i­talink); Utopia Mar­ket­place’s en­tire staff was ar­rested when an in­ves­ti­ga­tion of their BMR ac­tiv­i­ties (based ini­tially on offline sales but adding in their on­line sales) wound up. A mar­ket­place is nat­u­rally com­part­men­tal­ized and re­sis­tant to in­fil­tra­tion—if every­one sticks to their as­signed roles.

See Also


The first ver­sion of this ar­ti­cle was com­mis­sioned by Bit­coin Weekly, which ul­ti­mately de­cided to not run it36; it is based on my ex­pe­ri­ences May-June 2011, and may be out­-dat­ed. “Trust, but ver­i­fy.” I main­tained it up un­til 2015, when I stopped my DNM re­search.



BBC questions

In mid-Jan­u­ary 2012, a re­porter from BBC Ra­dio’s “ In­ves­ti­gates” emailed me ask­ing whether I’d an­swer ques­tions for their 5 Feb­ru­ary show they were do­ing on Bit­coin & Silk Road; I agreed. The fol­low­ing is the tran­script:

How did you find out about Silk Road?

I saw the orig­i­nal an­nounce­ment of it on the Bit­coin fo­rums when it was linked on Red­dit. I fig­ured it would fail, and then a few months lat­er, I saw the Gawker ar­ti­cle on it and ap­par­ently Silk Road was ac­tu­ally work­ing!

What at­tracted you to us­ing Silk Road?

Once I heard, I just had to look into it more—it was too in­ter­est­ing not to. Tim­o­thy May and other cypher­punks had been spec­u­lat­ing about black mar­ket web­sites us­ing cryp­tocur­rency since the early ’90s, and here was a real live ex­am­ple. I looked at their offer­ings and saw they had some offers I might want at rea­son­able price, and that set­tled it for me.

What is the differ­ence be­tween or­der­ing your drugs from Silk Road and get­ting them on the street?

Modafinil is pretty hard to get on the street be­cause every­one gets it ei­ther with a pre­scrip­tion or from an on­line phar­ma­cy, so I have no idea. While I was still check­ing out Silk Road, I asked a friend in col­lege how much Adder­all would be and he told me he could get them for $9-10 a pill (it was close to the end of the se­mes­ter); it cost half that on Silk Road, so I went with them rather than him. I’ve al­ways found it hard to re­sist a ‘bar­gain’.

How is Silk Road differ­ent to other web­sites where you can buy drugs?

My first-hand ex­pe­ri­ence with modafinil is that I much pre­fer to buy on Silk Road than the phar­ma­cies.

With them, your dol­lar pay­ment can fail at any point. For ex­am­ple, Mon­ey­Gram once blocked a pay­ment of mine. Very frus­trat­ing! Bit­coin is much more re­li­able: I can see where my bit­coins go un­til they en­ter Silk Road prop­er.

And then there’s the split be­tween Silk Road it­self and all the sell­ers, which makes things safer­—ev­ery­one en­crypts their phys­i­cal ad­dress be­fore sub­mit­ting it to Silk Road, and the seller de­crypts it him­self. If Silk Road is un­trust­wor­thy, they can only steal my bit­coins but not my ad­dress; if the seller is un­trust­wor­thy, they can only steal my ad­dress and not my bit­coins. Whereas with the phar­ma­cies, they both get my money and my ad­dress.

What have you or­dered from the site and how often?

I don’t or­der very often be­cause I like to thor­oughly ex­per­i­ment with things, and my tests take a while to set up and run. I think so far I’ve done one or­der of Adder­all, one or­der of ar­modafinil, and two or­ders of modafinil; an­other or­der of se­legi­line was can­celed.

How im­por­tant is anonymity to you? Do you think the tech­nol­ogy re­ally pro­tects your iden­ti­ty?

It’s not very im­por­tant be­cause I have lit­tle in­ter­est in the drugs law en­force­ment is most in­ter­ested in, like heroin or co­caine. Modafinil can be shipped with­out much dan­ger, with Cus­toms only seiz­ing the pack­age if they no­tice it and noth­ing more. Adder­all is­n’t very dan­ger­ous ei­ther—ev­ery­one knows it’s all over col­lege cam­pus­es, so what are they go­ing to do, ar­rest me? I don’t even have any Adder­all left!

(To make a his­tor­i­cal anal­o­gy, it’s like hav­ing some wine dur­ing Pro­hi­bi­tion; no one thinks much of it, and the cops are busy with the gang­ster­s.)

How im­por­tant is Bit­coin?

I’d say the Bit­coin part is prob­a­bly even more im­por­tant than Tor. Law en­force­ment is not known for its NSA-style traffic analy­sis be­cause it would­n’t be us­able in court37, and the other ben­e­fit is that there’s no do­main name to be seized or fil­tered; but nei­ther of these is very im­por­tant. They can be got­ten around or dealt with.

But be­ing able to get money to the sell­ers, and the sell­ers be­ing able to turn it back into us­able cash on Mt.­Gox or an­other ex­change, that is cru­cial. You can­not buy and sell drugs for free.

What do you think the fu­ture holds for Silk Road, do you think the au­thor­i­ties will shut it down or do you think it will con­tinue to grow?

I would be fairly sur­prised if it was shut down; there’s no ob­vi­ous way to do so. The real dan­ger is in­ter­nal: that the com­mu­nity it­self might be skewed to­wards scam­mers and buy­ers just give up and buy some­where else. It’s the same dilemma eBay faced: you don’t want to scare off the sell­ers by too many rules, but if you don’t do some­thing, scam­mers will fleece the buy­ers. So far, the ad­min­is­tra­tors have done a pretty good job of keep­ing every­thing run­ning and main­tain­ing the bal­ance.

How im­por­tant is the com­mu­nity side of Silk Road.

Ex­treme­ly. The com­mu­nity is what de­ter­mines whether Silk Road will de­cline or con­tinue grow­ing with the gen­eral growth of Bit­coin.

What sort of peo­ple use the site?

It’s hard to tell, but from read­ing the fo­rums, it seems like it is mostly tech­ni­cally adept young peo­ple in West­ern Eu­rope and Amer­i­ca. Tor and Bit­coin and en­cryp­tion are a chal­lenge to use for most peo­ple, and older peo­ple have con­tacts they know how to use when they want var­i­ous drugs.

Is Silk Road just about scor­ing drugs safely or you and other users feel you are mak­ing a greater state­ment about so­ci­ety the drugs law?

I know other users dis­agree and take it only as a use­ful ser­vice or some­thing of a FU to The Man, but many of us do see it as a prin­ci­pled state­ment. I be­lieve that I am ca­pa­ble of re­search­ing and eval­u­at­ing drugs, that I can ac­cept the risks, and see how they do or do not work, and that the gov­ern­ment should not be co­er­cively im­pos­ing its be­liefs on me.

I am also hor­ri­fied by the effects of the War on Drugs, which has been a greater dis­as­ter than Pro­hi­bi­tion (which we at least had the sense to re­peal after a few years). Buy­ing on the Silk Road and writ­ing about it is, if you will, my bit of pa­tri­o­tism. It’s not very hero­ic, and I’ve never claimed to be a hero or to be do­ing any­thing par­tic­u­larly note­wor­thy, but per­haps it will change some­one’s mind—ei­ther that drugs are not so bad or that the War is not so prac­ti­ca­ble.

Mike Power questions

November 2013

On 2013-11-29, jour­nal­ist Mike Power (of Drugs 2.0) asked me a few ques­tions

1. What will be the cul­tural and tech­no­log­i­cal im­pact of the Silk Road bust, in your view?

The cul­tural im­pact is that even more peo­ple are aware of SR. The flurry of cov­er­age, while very neg­a­tive and un­flat­ter­ing to SR (the at­tempted hits have badly tar­nished SR’s rep­u­ta­tion), still serves to spread the news that there was a real func­tion­ing drug DNM just as claimed, and that it worked fab­u­lously well. This part of the pro-drug move­ment in Amer­ica right now, in con­junc­tion with the fact that mar­i­juana le­gal­iza­tion seems to be ba­si­cally work­ing out in the West, with min­i­mal “reefer mad­ness”, is help­ing nor­mal­ize il­licit drug con­sump­tion and make a mock­ery of the War on Drugs. It’s one thing for peo­ple to won­der if the per­se­cu­tion is more harm­ful than treat­ment would be, and to note that drugs con­tinue to be avail­able on the street, and quite an­other to re­al­ize it’s al­most as easy as or­der­ing off Ama­zon!

2. What fu­ture do you see for bit­coin, Tor and the new Silk Road?

Bit­coin seems to be go­ing from strength to strength. As an ad­mirer of Bit­coins from when I first learned of them in 2010, I am pleased by its suc­cess and I think it will make the In­ter­net much more use­ful for com­merce. (I should note that the cur­rent price in­creases seem un­sus­tain­able to me, and I ex­pect there to be a large cor­rec­tion at some point be­fore ~$2600/₿, which is ap­par­ently roughly where this bub­ble will equal the pre­vi­ous bub­ble’s per­cent­age in­creas­es, but though there will no doubt be many nay-say­ers at that point, I ex­pect Bit­coin to keep steadily grow­ing.)

I don’t ex­pect Tor to be affect­ed. Tor’s prob­lems stem from the re­cent re­search on it plus the rev­e­la­tions about the state of NSA at­tacks on Tor from 6 years ago; I would not be sur­prised if the NSA could now iden­tify hid­den servers. The ques­tion is whether they are will­ing to use that ca­pa­bil­ity on DNMs. Given how many DNMs fall to in­ter­nal fac­tors (At­lantis, PBF, Deep­bay, Sheep), the NSA would­n’t need to spend a cut­ting-edge at­tack on them.

The DNMs them­selves seem to be fol­low­ing the path set by Bit­Tor­rent: now that the busi­ness model has been proven be­yond a doubt with au­dited fig­ures about profitabil­ity (you can thank the FBI for that one), every geek in the world un­der­stands that they can be­come a mil­lion­aire if they dare38. It’s back to whack­-a-mole: new mar­kets will pop up, and will run un­til they get ham­mered down or rip-and-run. Evo­lu­tion means the ones who leak their iden­ti­ties like Silk Road or Sheep, or who write bad code, like BMR, will ei­ther fix their prob­lems or get weeded out & re­placed.

3. How would you sum­marise and char­ac­terise your ex­pe­ri­ences with ?

I found no ben­e­fits from it, and I’m not sure how mean­ing­ful my re­sults are for other peo­ple. I would­n’t call it my best self­-ex­per­i­ment ever, but not a waste of time ei­ther.

4. Do you feel that gov­ern­ments have the right to po­lice the com­puter ac­tiv­i­ty, or the mind­states, of those who elect them?

I think com­puter ac­tiv­ity is, like any other ac­tiv­i­ty, sub­ject to gov­ern­ment in­ter­ven­tion if it is re­ally jus­ti­fied (which it rarely is); tak­ing place on a com­puter does not make it un­real or ex­empt. Polic­ing mind­states, on the other hand, should ba­si­cally be banned for all the same rea­sons we have free speech.

5. What do you think of the mar­ket­place, over on ? is it as se­ri­ous as it looks to a non-coder, like my­self?

I have not ac­tu­ally set up I2P yet, so I’ve seen none of the I2P mar­kets.

May 2014

From 2014-05-26, for a Guardian ar­ti­cle:

1. Is the dark net drug scene grow­ing or con­tract­ing since the silk road bust (dis­claimer, I know it’s grow­ing, just need some­one with in­sight such as yours to tell me on the record :-)

The DNM scene is over­all grow­ing, al­though it has frag­mented a great deal. Due to this frag­men­ta­tion and to the lax mod­er­a­tion on some of the largest sites like Pan­dora and Silk Road 2, it’s diffi­cult to say how much larger or how fast it’s grow­ing, but it does seem safe to say that it’s re­cov­ered from the fall of Silk Road 1. I sus­pect it’s grow­ing slower than be­fore be­cause of the ad­di­tional trou­ble users have in find­ing trust­wor­thy ven­dors & mar­kets dur­ing the tur­moil of De­cem­ber 2013-April 2014; we may see an uptick in the next half-year or so as the mar­kets sort them­selves out, mul­ti­-sig es­crow be­comes more com­mon, and busi­ness re­sumes as usu­al.

2. How busy are these sites—is this a niche in­ter­est or is it be­com­ing more pop­u­lar?

Judg­ing by the de­creas­ing tech­ni­cal com­pe­tence of users on the rel­e­vant fo­rums and sub­red­dits, the DNMs seem to be reach­ing a wider au­di­ence and not just geeks.

3. Why do you think peo­ple use them? Is it the qual­ity of drugs sold, the buzz of adding a bunch of il­le­gal stuff to a bas­ket, the min­i­mal risk of cap­ture, or the va­ri­ety and pu­rity of the offer­ing?

The ad­van­tage I see men­tioned time and again is the con­ve­nience & min­i­mal risk of cap­ture for buy­ers, fol­lowed by the sheer va­ri­ety of offer­ings on the largest mar­kets, then the rel­a­tive safety & pu­rity of the drugs them­selves; I don’t think there’s much of a buzz after the first or­der.

4. Which is the fastest grow­ing mar­ket? Why is it do­ing so well?

The cur­rent fastest grow­ing mar­ket seems to be Evo­lu­tion. It’s a cen­tral­ized Tor site which re­cently got some mul­ti­sig sup­port and runs faster & more re­li­ably than some of its com­peti­tors like Ago­ra; oth­er­wise, it has no unique tech­ni­cal fea­tures. Its main ad­van­tage seems to be that it grew out of the Tor Card­ing Fo­rum com­mu­ni­ty, which had been do­ing per­son­-to-per­son trades for drugs and fraud-re­lated items un­til the fo­rum was hacked, and this meant the mar­ket had a com­mu­nity from day 1, which helped it pick up sell­ers and then buy­ers, and net­work effects have helped it grow ever since.


On 16 De­cem­ber, Alan Feuer of The New York Times emailed me with some ques­tions about the re­cent (2013-11-29) fail­ure of Sheep Mar­ket­Place & theft of its user funds. I an­swered as best I could:

1. Why in gen­eral were you skep­ti­cal about SMP’s sur­vival in the first place? What about it struck you as un­sus­tain­able?

In gen­er­al, DNMs are not very sta­ble: the mar­ket dy­nam­ics that power them and ren­der them self­-reg­u­lat­ing and made Silk Road such a won­der­ful way to buy drugs re­quire spe­cific con­di­tions to work, but con­di­tions are al­ways chang­ing. This does­n’t mean you can’t get drugs from them, any more than restau­rants al­ways go­ing out of busi­ness means you can’t get good Mex­i­can food when you want it, but it does mean that any par­tic­u­lar DNM can’t be ex­pected to hang around more than a year or two. The SR mod­el, with a sin­gle cen­tral­ized site both buy­ers and sell­ers have to trust, did work but that trust can be abused by the site op­er­a­tor39. So in­her­ently one ex­pects DNMs to have fairly short life­times. (They are sur­pris­ingly like reg­u­lar busi­nesses or web­sites in this re­spec­t.)

Sheep Mar­ket­Place in par­tic­u­lar struck me as du­bi­ous be­cause it was so ob­vi­ously mod­eled after SR (indi­cat­ing a lack of orig­i­nal­ity and pos­si­ble get-rich-quick men­tal­i­ty), the op­er­a­tors did not speak Eng­lish well (de­spite Eng­lish be­ing the in­ter­na­tional lan­guage of pro­gram­mer­s), it was hardly used (mean­ing that there was no feed­back and it had not with­stood any hack­ers the way SR had), and it re­ceived the li­on’s share of the post-SR mar­ket for no par­tic­u­lar merit of its own other than its vi­sual ap­pear­ance and lin­ger­ing dis­trust of Black­Mar­ket Re­loaded.

  1. What do you feel is the most con­vinc­ing ev­i­dence that Jiřikovský is/was con­nected to SMP?

The clear­net site. It was ex­actly the sort of rookie er­ror I ex­pected from some­one with a ca­sual at­ti­tude to se­cu­ri­ty: that they could pro­mote their site as they pleased, and as long as they main­tained some level of plau­si­ble de­nial­a­bil­i­ty, it was safe. Ex­cept se­cu­rity & anonymity are not a court­room with all its le­gal niceties, cir­cum­stan­tial ev­i­dence is pow­er­ful, and once you be­gan ex­am­in­ing Tomas, every­thing falls into place. At that point, it’s al­most ir­rel­e­vant if you find some­thing like, for ex­am­ple, Tomas be­ing the first per­son on­line to dis­cuss the ex­is­tence of Sheep Mar­ket­place (the same mis­take Ross Ul­bricht/“al­toid” made, in­ci­den­tal­ly). You’ve al­ready done most of the in­tel­lec­tual work nec­es­sary to iden­tify the op­er­a­tor of SMP. Sim­ply by be­ing so closely as­so­ci­ated with a server that could only have been set up by some­one work­ing with SMP, he for­feited most of his anonymity and claims to in­no­cence.

(To un­der­stand what I mean by “most of the work”, it may be help­ful to read my hope­ful­ly-en­ter­tain­ing es­say on .)

In­ci­den­tal­ly, you should prob­a­bly see the Red­dit trans­la­tion & dis­cus­sion of Tomas’s in­ter­view with Li­dové Noviny on SMP for Tomas’s gen­eral fail­ure to re­spond to the pre­sented ev­i­dence, fail­ure to say who was run­ning the clear­net site on his server if not him, and in some cas­es, like his early men­tion of SMP, clear ly­ing.

3. I had a bit of diffi­cultly un­der­stand­ing the facts and sig­nifi­cance of the Clear­net site. Would you help me un­der­stand that?

See above. The clear­net site is very sim­i­lar to how “al­toid” posted on some fo­rums about a new site called Silk Road, was the first iden­ti­fi­able per­son to ever dis­cuss Silk Road, and then proved to be the ac­count of a guy called Ross Ul­bricht. It’s in­cred­i­bly sus­pi­cious and ex­actly what you might ex­pect the op­er­a­tor to do in an at­tempt to drum up in­ter­est and at­tract at­ten­tion and so is the best start­ing point for an in­ves­ti­ga­tion. It’s not enough to prove in court he ran Silk Road­—but we are not in court.

4. Is it your be­lief that the “heist” was in fact per­pe­trated by SMP’s ad­mins them­selves?

The heist was clearly per­pe­trated by the op­er­a­tor of SMP; even the SMP fo­rum mod­er­a­tors ad­mit as much.

If you mean the story about “EBOOK101” hack­ing the site… I am ag­nos­tic on the top­ic.

While it is a rea­son­able trig­ger for why Tomas might de­cide to grab the money and run, and we saw a sim­i­lar hack prompt back­opy to de­cide to close down BMR ful­ly, the prob­lem with the story is that no one seems to have ever dealt with an EBOOK101, EBOOK101 has not left any taunt­ing mes­sages or clues like the BMR hacker did, and SMP in ret­ro­spect seems to have been or­ches­trat­ing the scam for at least a week in ad­vance by shut­ting down with­drawals (on the pre­text of adding tum­bling), coax­ing peo­ple into de­posit­ing even more mon­ey, and de­lay­ing tac­tics like adding a fancy count­down timer.

And in any event, it’s mostly a moot point: SMP stole far more money from its users than EBOOK101 was sup­posed to have. And sup­pose the story were true—­Tomas’s will­ing­ness to im­me­di­ately give up after the hack sug­gests to me that he would not have been con­tin­u­ing SMP much longer re­gard­less…

5. And your take on the FBI’s role in all of this?

I only know what my in­for­mant has told me; since he pre­sented a con­vinc­ing case for Tomas to me which he did not have to, I as­sumed he was also telling me the truth about him telling the FBI and them be­ing very in­ter­ested in what he had to say. So I as­sumed that they were on the case and un­der­stood the need for prompt ac­tion. But the FBI has is­sued no state­ments on the top­ic, I have not con­tacted Christo­pher Tar­bell my­self, and thus far there have been no ar­rests or other law en­force­ment ac­tion I am aware of. I am a lit­tle be­wil­dered by the com­plete si­lence. So I no longer have any idea on their role. For all I know, they’ve com­pletely given up. Or maybe they’ll an­nounce ar­rests to­mor­row. You should ask Tar­bell.

I’m cu­ri­ous what you think about the sub­red­dit post­ings by the two hack­ers who os­ten­si­bly “chased” the thief through cy­ber­space. Was it real chase against the wrong per­pe­tra­tor or an­other part of Jiřikovský’s ruse?

It was a real chase, but nei­ther of them are very fa­mil­iar with blockchain analy­sis, and so they wound up even­tu­ally reach­ing false con­clu­sions like “Sheep stole 97k bit­coins”.

This is a com­mon prob­lem with blockchain analy­sis. Peo­ple at first think that Bit­coin trans­ac­tions are com­pletely anony­mous, then when they learn the truth, they vul­garly go to the op­po­site ex­treme and as­sume that be­cause every trans­ac­tion is pub­lic, it’s com­pletely track­able and there is no pri­vacy and analy­sis is a sim­ple mat­ter of fol­low­ing trans­ac­tion­s—not re­al­iz­ing that at every trans­ac­tion, you have to make a men­tal leap and as­sume you are still fol­low­ing the same per­son or bit­coins, an as­sump­tion which is frag­ile, eas­ily bro­ken, and diffi­cult to ever jus­ti­fy.40

Also did your in­for­mant tell you why he/she reached out to you in­stead of him post­ing the sus­pi­cions about SMP on­line him­self?

Well, he did­n’t post pub­licly at the time be­cause he did­n’t want to in­ter­fere with the FBI in­ves­ti­ga­tion. Why did­n’t he post after Tomas had been doxed by the other Red­di­tor, when I felt free to post his re­sults? I’m not sure. I get the im­pres­sion he does­n’t much care about pub­lic­ity or help­ing out the DNM com­mu­ni­ties, so while he al­lowed me to post what I knew, he felt no par­tic­u­lar need to post any­thing him­self. As well, my pre­com­mit­ment and rep­u­ta­tion meant that any post­ing would mean more com­ing from me.


On 2013-02-07, I an­swered some ques­tions from Paul-Philipp Hanske of the Ger­man mag­a­zine about the DNMs and Sheep in par­tic­u­lar:

So, I would take the lib­erty of ask­ing some ques­tions about the SMP scam and black mar­kets in gen­er­al. As I told it be­fore: many thanks in ad­vance for an­swer­ing them…

Ac­cord­ing to this re­port the chase for the thief went wrong. What’s your es­ti­ma­tion? What hap­pened?

What hap­pened was sim­ple: the bit­coins got moved around, and at some point, the thief was given un­linked bit­coins, with­out the hob­by­ists re­al­iz­ing it. The prob­lem with the blockchain is that peo­ple start off think­ing Bit­coin is com­pletely anony­mous; when they re­al­ize they are wrong, they flip to as­sum­ing it’s com­pletely pub­lic & trans­par­ent & any trans­ac­tion can be eas­ily un­der­stood, which is less wrong but still not right. At any trans­ac­tion, con­trol can be trans­ferred with­out any vis­i­ble sign. The trans­ac­tion could have been to an on­line wal­let, an ex­change, a pre­dic­tion mar­ket, a DNM, a laun­dry/mix­er, Shared Send, etc. The blockchain merely records trans­ac­tions among ad­dresses and it does not give you any mean­ing be­yond that. Peo­ple for­get the lim­i­ta­tions and es­ca­lat­ing un­cer­tain­ty, and so the Sheep chasers found them­selves at a BTC-E cold wal­let ad­dress. Pre­sum­ably the Sheep thief then with­drew bit­coins (be­ing paid from the then-hot-wal­let) or sold & with­drew some fiat or both.

If the chasers traced the wrong amount of bit­coins: how could the thief hide such a big amount? Do you think he sold it?

The amount in Bit­coins can be eas­ily hid­den: just scat­ter it among mul­ti­ple ad­dresses to make the bal­ances small enough they would not draw any at­ten­tion. I don’t know if he sold it. I think he should not sell much, as to han­dle a large amount would re­quire an ex­change which might re­quire pa­per­work & us­ing his real iden­ti­ty; but then, I would not have wasted hun­dreds of bit­coins try­ing to send such a huge sum through the Bit­coin Fog mix, so I do not think the Sheep thief is the most ra­tio­nal or knowl­edge­able per­son around.

what’s your es­ti­ma­tion how much was stolen?

The best es­ti­mate right now seems to be ~₿39k, al­though some of this may have been what the hacker (ap­par­ently a Pro­fe­sor­house) earned.

Is there still strong ev­i­dence that Jiřikovský is part of the scam?

The ev­i­dence re­mains largely the same, I think. Jiřikovský backed down on his threats of le­gal ac­tion against a Czech red­di­tor, and he gave a strange in­ter­view with a Czech pa­pers which struck me as ig­nor­ing most of the cir­cum­stan­tial ev­i­dence, ar­ro­gant, and mak­ing in­co­her­en­t/wrong tech­no­log­i­cal claims. I have heard of no re­lated ar­rests, but that does­n’t mean much: Ross Ul­bricht was­n’t ar­rested for al­most a year after pay­ing for a hit with his Aus­tralian bank ac­count, after all, and many in­ves­ti­ga­tions take longer.

If he (or his group) would be part of it: is­n’t it now ter­ri­bly dan­ger­ous for them? A lot of peo­ple are an­gry…

Prob­a­bly. But it’s un­likely any­one will act on spec­u­la­tion.

What’s your lat­est es­ti­ma­tion about the role of the FBI in this case?

I don’t think they’re do­ing much but wait­ing. If there’s ac­tive in­ves­ti­ga­tions, I’d guess all the work is be­ing done by agen­cies in the EU with phys­i­cal ac­cess.

Do you think any­one com­plained to the po­lice be­cause of the scam?

No. I’m im­pressed that Plu­topete has the chutz­pah to chal­lenge the Silk Road seizure, but I still can’t see any­one ac­tu­ally com­plain­ing to the po­lice about losses on an il­le­gal DNM.

One last ques­tion con­cern­ing black mar­kets: I’m very fas­ci­nated by op­er­a­tors of these web­sites. What do you think is their mo­ti­va­tion? Only earn­ing mon­ey?

Of the op­er­a­tors of the ~20 sites ac­tive at this mo­ment, the ma­jor­ity seem to be en­tirely non-ide­o­log­i­cal and prag­mat­ic: a few seem to have mixed mo­tives re­lat­ing to cryp­top­unk or mar­i­juana or pub­lic ser­vice, and SR2’s DPR2/Defcon/Hux may be lib­er­tar­i­ans (as­sum­ing they’re not just im­i­tat­ing Ul­bricht), but the rest? They’re in it for the mon­ey.

One of the in­ter­est­ing parts of the post-SR fall­out and the new crop of mar­ket­places is see­ing to what ex­tent SR’s longevity was due to Ul­bricht’s prin­ci­ples. It may be that we over­es­ti­mated the value of run­ning a mar­ket­place, that the in­cen­tives to scam first-gen­er­a­tion mar­ket­places (with­out mul­ti­-sig­na­ture es­crow) are too great.

Or also some lib­er­tar­ian be­liefs as Ross Ul­bricht claimed to have?

I don’t see any rea­son for skep­ti­cism about that.

In gen­er­al: how strong do you think is the con­nec­tion be­tween black mar­kets and lib­er­tar­ian think­ing?

It was strong in the be­gin­ning, but like Bit­coin it­self, I think it’s be­come too pop­u­lar­ized to re­main strongly ide­o­log­i­cal. I sus­pect most users strongly agree with the lib­er­tar­ian po­si­tion on the War on Drugs, but maybe not much be­yond that.

What do you think is the best black mar­kets in the mo­ment?

From a de­sign per­spec­tive, I’m in­ter­ested in The Mar­ket­place for pi­o­neer­ing what I think may be the next step for­ward for DNMs, mul­ti­-sig­na­ture es­crow; they’ve used it longest, and from a se­cu­rity per­spec­tive, that puts them ahead of al­most all of their com­peti­tors. From a more prac­ti­cal per­spec­tive, SR2 still seem to have the widest se­lec­tion and most busi­ness, al­though their prob­lems with get­ting ba­sic func­tion­al­ity work­ing has dri­ven off a lot of buy­ers & sell­ers.

Where did the most ven­dors go to? (it would be great if this mar­ket would be so big that you could also browse for Ger­man ven­dors… ;)

It’s hard to es­ti­mate since I haven’t yet ex­tracted counts of prod­ucts and ven­dors, but the biggest sites seem to be SR2, Ago­ra, Pan­do­ra, Blue Sky, and The Mar­ket­place. I’m sure there are Ger­man sell­ers on some of them.

The au­thor­i­ties are re­ally up­set about the Tor/deep­-net-mar­ket-thing. What can they do against it? Do they have any pos­si­bil­i­ties? Do you think the deep­-net-mar­ket-scene will still ex­ist in 5 years?

Even if Tor turns out to be ir­re­deemably com­pro­mised, there’s still I2P, and be­yond I2P, there’s also Freenet. When cur­rent mar­kets are busted or go down, given how many peo­ple have tasted the for­bid­den fruit, there will still be plenty of de­mand for re­place­ments. I ex­pect there will still be a DNM scene in 5 years us­ing one of the net­works, and if there is­n’t, it’ll be be­cause some tech­ni­cally su­pe­rior ap­proach has ob­so­leted all the cur­rent mar­kets. (Pe­ri­od­i­cally peo­ple sketch out de­signs for fully dis­trib­uted DNMs; none of them have made any se­ri­ous pro­gress, but on the other hand, peo­ple were spec­u­lat­ing about dig­i­tal cur­ren­cies for many years be­fore Bit­coin came along…)


Jor­dan Pear­son, “Moth­er­board”, 2015-03-19:

What is your mo­ti­va­tion for re­leas­ing the tor­rent file [of the Evo­lu­tion mar­ket­place and fo­rums]? How will this help with the Evo fall­out? What was your role on Evo (ven­dor? mod?)

Scrapes of the mar­ket are use­ful for peo­ple try­ing to cope with the fall­out. If you need to look up a ven­dor’s con­tact info so you can email them, or if you did­n’t save the PGP key of your fa­vorite ven­dor & want to ver­ify the Agora one is­n’t a fake, or can’t quite re­mem­ber their name though you’d rec­og­nize their list­ings… Plus, since every­one knows I scrape, they’ll be ask­ing me to look things up or for copies, and it’s eas­ier to make a tor­rent.

I had no role on Evo (I was, if any­thing, a crit­ic). I am an in­de­pen­dent writer/re­searcher and I scrape all the mar­kets for re­search.

How long were you scrap­ing Evo for?

Pretty much from when it opened to buy­ers to when it shut down a few days ago: 2014-01-21 to 2015-03-17.

And dur­ing this time you no­ticed some stuff that alerted you to the no­tion that the ad­mins could pull an exit scam? What was that?

Exit scams are al­ways a pos­si­bil­ity for cen­tral­ized-e­scrow mar­kets. (Evo­lu­tion had a mul­ti­sig op­tion, but it was not true mul­ti­sig and no one used it.) I was al­ways par­tic­u­larly dis­trust­ful of Evo­lu­tion be­cause their well-known roots in card­ing/fraud & al­low­ing list­ings like poi­sons & guns meant they both had no morals and were par­tic­u­larly likely to be in­fil­trated or bust­ed; ei­ther way, loss of coins was a ma­jor risk. I ex­pected them to die well be­fore this, how­ev­er, and even odds of it dy­ing by LE raid.

You’re a re­searcher-why help peo­ple track down their deal­ers?

Be­cause it’s help­ful. I have the mir­rors, so I might as well do some­thing use­ful with them.

These deal­ers are os­ten­si­bly mov­ing to differ­ent mar­kets, some of which are pop­ping up right now (i.e. Iron­clad). What do you think of that? A lot of chat­ter right now about moths rush­ing to the lat­est flame in terms of scammy sites.

That’s al­ways a prob­lem when a big mar­ket goes down—the sud­den di­as­pora can over­load the older trust­wor­thy mar­kets, and the newer un­trust­wor­thy ones see a large in­flow. eg SR1 in­di­rectly knocked out BMR and led to the rise of Sheep. Right now the big ques­tion is whether Agora will last: they are older than Evo­lu­tion, IIRC, and must be tempted to exit scam for the same rea­sons, es­pe­cially since the LE at­ten­tion on Evo­lu­tion will be forced to move onto Ago­ra. If they stay open, they’re the mar­ket of choice for every­one, but if they dis­ap­pear too, peo­ple will be forced to choose from among the ex­ist­ing small mar­ket­s—Nu­cle­us, Abrax­as, Di­a­bo­lus, Black Bank, Mid­dle Earth, Kiss, Out­law, etc. If the smaller mar­kets are am­bi­tious, this will be their golden op­por­tu­nity to as­cend and be­come the new top mar­ket, but of course, they could dis­cover the risk feels too much and the cen­tral­ized es­crow is too tempt­ing… We went through a few it­er­a­tions of this after SR1 be­fore things sta­bi­lized un­der the Ago­ra/Evo­lu­tion du­op­oly.

(LE is an­other ques­tion-mark; by now, with Evo­lu­tion over a year old and TCF be­fore that and at least 3 ven­dors bust­ed, they should have man­aged to in­fil­trate at least one em­ployee into Evo­lu­tion, but we won’t know for months whether they had enough to bust any­one else be­fore Evo­lu­tion closed and effec­tively ter­mi­nated their in­ves­ti­ga­tion­s.)


Thomas Fox-Brew­ster, 2015-03-23:

Some deal­ers I’ve spo­ken to think set­ting up a be­spoke mar­ket is the way to go. Think that’s the case? Are you plan­ning to set one up if you don’t have one al­ready?

By be­spoke mar­ket, I as­sume you mean a ven­dor shop. Those are defi­nitely dead end­s—they do not solve the trust is­sues of rat­ing and es­crow. (For ex­am­ple, one scam is to set up a ven­dor shop and tell cus­tomers to use an ob­scure third-party es­crow ser­vice; nat­u­ral­ly, this es­crow ser­vice is run by the same peo­ple, and when the mark sends the bit­coins to buy some­thing, they keep it.) They also ag­gra­vate is­sues of hacks, since a drug ven­dor is not likely to also be a great web pro­gram­mer & sysad­min. Ven­dor shops have never scaled, and never will with­out solv­ing de­cen­tral­ized mar­kets.

Can we trust any of the big mar­kets any­more?

You could never trust any of the big mar­kets. Evo exit scam­ming is just peo­ple wak­ing up from their dreams and learn­ing from his­tory the hard way. All this has hap­pened be­fore, and will hap­pen again.

Is the dream of a de­cen­tralised mar­ket even close to hap­pen­ing?

I don’t think so. Open Bazaar, last I heard, had next to no anonymity and I don’t know how far any of the oth­ers have got­ten. If they did ex­ist, I’m not sure any­one would use them; they will likely be in­trin­si­cally hard to use, like mul­ti­sig, and may see the same lack of adop­tion. They work in the­ory but not prac­tice. Mar­ket exit scams, for all the hy­per­bolic me­dia cov­er­age, are sim­ply an or­di­nary and ac­cept­able cost of do­ing busi­ness.

Sep­a­rate­ly, why do most deal­ers I speak with use Lelan­tos?

Gmail etc are well-known for hand­ing over email in­for­ma­tion to law en­force­ment; Safe-mail used to be pop­u­lar but peo­ple seem to have fi­nally re­al­ized that any se­cu­rity there is il­lu­sory and it’s an­other Hush­mail in the mak­ing; Rise-up is a bit hard to get ac­counts on; and Tor­mail has been gone for years. So I guess Lelan­tos is just the best bal­ance avail­able?

Reddit advice

A list of tips from an anony­mous Red­di­tor, pre­sented for what they are worth (not all are nec­es­sar­ily im­por­tan­t):

This guy’s mis­takes:

  • Get­ting 41 pounds of weed sent to him. That’s a lot of weed.
  • Get­ting weed sent through the mail at all (it’s easy to de­tec­t).
  • Sign­ing un­der a false name.
  • Sign­ing for a pack­age at all41.
  • Had a scale in his house at the time of de­liv­ery.
  • Never sign for pack­ages. Never get them sent un­der false names. Do not open them im­me­di­ate­ly. Never have para­pher­na­lia or any­thing in­crim­i­nat­ing in your house at the time of de­liv­ery. Al­ways use bit­coin. Use PGP wher­ever pos­si­ble. Al­ways ask for a lawyer but oth­er­wise don’t talk to cops.


  • Be sure to read both the guides for sell­er’s and buy­er’s on Silk Road.
  • Make sure that your ven­dor ships via USPS. Ra­tio­nale: USPS must get a war­rant to open your mail. Al­so, USPS han­dles much more mail than UPS or FEDEX. I don’t know this for sure, but I’d bet their screen­ing/­track­ing of sus­pected drug im­porters is prob­a­bly laxer than UPS/FEDEX.
  • Open a large PO box (big enough to hold a USPS Pri­or­ity mail en­ve­lope (11.625 inches X 15.125) with­out fold­ing). Ra­tio­nale: Most sam­ples will fit in an en­ve­lope less than this in size. Or­der­ing a big mail­box means that you don’t have to go to the counter to pick it up.
  • Open your box at a “Mom and Pop” ser­vice, not a UPS store or USPS PO Box. “Mom and Pop” shops don’t have the re­sources to track sus­pi­cious pack­ages. And USPS PO Box’s won’t ac­cept pack­ages from UPS or FEDEX. (While you spec­ify that you only ac­cept USPS, you should be pre­pared to ac­cept pack­ages from other ven­dors.)
  • Make sure you have 24 hour ac­cess. Ra­tio­nale: Pick it up after hours with­out meet­ing face to face. Also al­lows for faster pick­up–the less time spent in the sys­tem, the bet­ter.
  • Send a test pack­age be­fore or­der­ing drugs. Ra­tio­nale: You want to make sure you can re­ceive mail at that ad­dress with­out prob­lems be­fore or­der­ing drugs.
  • Or­der only from do­mes­tic sources. Ra­tio­nale: If it does­n’t cross an in­ter­na­tional bor­der, it does­n’t have to go through cus­toms screen­ing.
  • If you must or­der from over­seas, or­der from UK or Ger­many, not Nether­lands or other com­mon drug source coun­try. Ra­tio­nale: Anec­do­tal re­ports sug­gest that ship­ments from com­mon drug source coun­tries get closer screen­ing.
  • Or­der small amounts (gram or less). Ra­tio­nale: Law en­force­ment has lim­ited re­sources. Odds are, they’re not go­ing to bother with small amounts.
  • Use your real name and ad­dress on all forms. Ra­tio­nale: Any­one (such as a vin­dic­tive ex, or an en­e­my) could send you drugs. If you get caught re­ceiv­ing mail with drugs in it, you can deny that it’s yours. A fake name de­stroys your plau­si­ble de­ni­a­bil­i­ty, as it in­di­cates an in­tent to de­ceive.
  • Or­der nor­mal stuff to your box on a reg­u­lar ba­sis. Ra­tio­nale: You want to make your box stand out as lit­tle as pos­si­ble.
  • Refuse to sign for any drug pack­age. Ra­tio­nale: Re­mem­ber, those drugs aren’t yours. If you sign for it, it’s ev­i­dence that you were ex­pect­ing the pack­age.
  • Don’t or­der too many drugs at once. Ra­tio­nale: Many ven­dors don’t in­clude any iden­ti­fy­ing in­fo., so you may end up with a bunch of pack­ets of white pow­der, with lit­tle idea of what’s in each pack­et.
  • Use GPG to en­crypt your mes­sages to the ven­dors. Ra­tio­nale: While this does­n’t pro­tect you if the ven­dor is com­pro­mised, it does pre­vent your name and ad­dress from be­ing stored ‘in the clear’ in Silk Road’s data­base.
  • Don’t or­der out of es­crow. Ra­tio­nale: Your only pro­tec­tion from bad ven­dor be­hav­ior is their rep­u­ta­tion and es­crow. And some ven­dor’s don’t care about their rep­u­ta­tion.
  • Read up on ven­dor’s in the fo­rums. Ra­tio­nale: You’ll get a much bet­ter idea of their prod­uct qual­ity than you can get from their offi­cial rat­ings/re­views alone.

A mole?


In March 2013, I learned of a ru­mor that a par­tic­u­lar fake ID seller on SR1, “KingOf­Clubs”, was ac­tu­ally a fed­eral mole. It came from a per­son who claimed that the fo­rum which had been busted in early 2012, was un­done by an agent who in­fil­trated it over 2 years as a user named “celtic” by sell­ing high­-qual­ity fake IDs to mem­bers (ac­cord­ing to Wired’s July 2013 cov­er­age, Celtic was a real carder who had been busted & his iden­tity as­sumed). This is per­fectly plau­si­ble as one of the stan­dard law en­force­ment strate­gies to take down card­ing or drug fo­rums is in­fil­trat­ing fo­rums (eg. , Carder­s­Mar­ket, Carder­Planet,, tak­ing them over, or even set­ting up their own fake fo­rums as hon­ey­pots (the “Carder Profit” fo­rum).

He thought that the seller had a sim­i­lar modus operandi, mak­ing the fol­low­ing com­par­isons:

  1. celtic sold fake cus­tom IDs from 15 states; the seller like­wise sells these spe­cific states
  2. celtic sold a large va­ri­ety of IDs; the seller sells a wider va­ri­ety than oth­ers,
  3. celtic ad­ver­tised with lengthy de­tailed de­scrip­tions; the seller has de­scrip­tions which are much more than a few lines, like some other SR sell­ers
  4. celtic sold ex­pen­sive high­-qual­ity IDs, with diffi­cult new se­cu­rity fea­tures; like­wise
  5. celtic ad­ver­tised his wares as “nov­elty IDs”
  6. celtic im­plied he was Russ­ian
  7. celtic asked for the nec­es­sary in­for­ma­tion to be sent via email and re­quired 2 email ad­dresses
  8. celtic had his non-anony­mous pay­ments sent within Nevada
  9. celtic had op­er­ated on the fo­rum for over 2 years; the seller was at the 1 year mark.

They also men­tioned that after con­tact­ing the SR ad­mins, they were blocked from ac­cess­ing SR un­der that or other ac­counts.


This ru­mor struck me as un­usu­ally de­tailed, plau­si­ble, and in­ter­est­ing. It would also be cool to scoop an in­ves­ti­ga­tion. So I looked into the mat­ter more deeply; I started by com­pil­ing an archive of all KoC’s list­ings, re­views on Red­dit, and list­ings by other ID sell­ers for com­par­i­son (archive; con­tains MAFF & MHT), and noted the fol­low­ing:

  1. the mole sup­pos­edly sold 15 states’ IDs and so does KoC. But KoC’s cur­rent pro­file lists only the fol­low­ing:

    Prod­uct Price
    Mon­tana Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.61
    In­di­ana Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.61
    Wis­con­sin Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.61
    Alaska Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.61
    New Cal­i­for­nia Dri­vers Li­cense (Holo­grams + Scans) ₿6.61
    Rhode Is­land Dri­ver’s Li­cense (Holo­gram+S­cannable) ₿6.60
    Idaho Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.60
    Ten­nessee Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.60
    Ari­zona Dri­ver’s Li­cense (Holo­grams + Scannable) ₿6.60
    New York Dri­ver’s Li­cense (Holo­gram + Scannable) ₿6.60
    On­tario Dri­ver’s Li­cense (Raised Let­ter­ing, Scans) ₿6.60
    New Texas Dri­vers Li­cense(Raised LTR, Holo, Scans) ₿6.60
    Texas Dri­vers Li­cense (Holo­grams + Scannable) ₿6.60
    subto­tal: 13
    New South Wales Dri­ving Li­cense (Holo­gram­s+S­cans) ₿6.61
    Man­i­toba Dri­ver’s Li­cense (S­cannable Tracks 1,2,3) ₿6.60
    Que­bec Dri­ver’s Li­cense (S­cannable Magstripe1,2,3) ₿6.60
    Al­berta Dri­ver’s Li­cense (Holo, Raised LTR, Scans) ₿6.60
    UK Dri­ving Li­cense (Holo­grams + Scannable) ₿6.60
    subto­tal: 5
    to­tal: 18 (ex­cludes combo offers)

    No mat­ter how you sum it, that’s not 15 states.

  2. It’s not clear that celtic or KoC’s va­ri­ety is un­usu­al. For ex­am­ple, in the in­dict­ment 2 of the de­fen­dants, Hag­gerty or “Wave” & John Doe or “Gru­ber”, ac­tu­ally sound al­most iden­ti­cal to this “celtic”: they coun­ter­feited dri­ver’s li­censes in 15 states; this does not seem con­sis­tent with their story and un­der­mines the value of any ob­ser­va­tion of KoC sell­ing 15 states since that’s at least 2 peo­ple who also sold for 15 states—­sug­gest­ing that 15 states is sim­ply what is eas­ily han­dled by avail­able equip­men­t/tech­niques, are fa­vored due to hav­ing many res­i­dents be­ing tourists, or some­thing like that.

  3. On the SR side of things, KoC does not seem all that un­usu­al. Some sell­ers talk a lot and sell a lot, oth­ers don’t. For ex­am­ple, the seller namede­clined has some­thing like 21 differ­ent items in the forgery & fake ID sec­tions, and is pos­i­tively pro­lix about one I ran­domly clicked on, his fake Ge­ico in­sur­ance card.

  4. If his cards were be­ing done with gov­ern­ment equip­ment, or top of the line any­way, they ought to be ex­cel­lent and might as well be cheap to at­tract as many sus­pects as pos­si­ble. But there are many com­plaints in the SR fo­rums & Red­dit that his rather ex­pen­sive cards weren’t very good and in some cases were very poor. He also is­n’t all that cool with cus­tomers, eas­ily los­ing his tem­per. All this is re­flected in his feed­back score, which is not ter­ri­ble but also is not great.

  5. KoC us­ing the term “nov­elty ID” does­n’t mean much. As far as I know, all the Chi­ne­se/Asian sell­ers use that ex­cuse as well: “oh, they’re not fake IDs, they’re nov­elty IDs; we can’t be blamed if our cus­tomers mis­use them.”

  6. KoC does­n’t make it sound like he’s Russ­ian. He comes off as Amer­i­can, and his list­ings im­ply he’s ship­ping do­mes­ti­cal­ly.

  7. ob­vi­ously in buy­ing cus­tom fake IDs, cus­tomers need to pro­vide the rel­e­vant info like age and a photo of the per­son who will be us­ing the ID. KoC pro­vides a pub­lic key, ac­cepts en­crypted pri­vate mes­sages on SR for the form, and links re­peat­edly to a hid­den ser­vice for im­age up­loads; he does list a email ad­dress as an op­tion, but you can just con­nect to’s hid­den ser­vice (that’s the point of it) and send an email via them. You would have to be lazy or fool­ish to send such an email from your reg­u­lar email ad­dress be­fore he would have ac­cess to your email, and there is no men­tion of re­quir­ing 2 email ad­dresses

  8. while KoC seems to have ac­cepted West­ern Union, Mon­ey­gram, and Mon­ey­pak early on (like a mole might), he seems to have dropped them en­tire­ly: his pro­file specifi­cally dis­claims ac­cept­ing any­thing but bit­coin. Why would a mole do that?

  9. Many sell­ers are less than 2-3 years old, since SR is still rel­a­tively new and it was­n’t clear early on that it would sur­vive or be worth do­ing busi­ness on; given that new sell­ers prob­a­bly drop quickly as they stop sell­ing for var­i­ous rea­sons (they were scam­mers, it turned out to be too much work, what­ev­er), we would ex­pect to see mostly medi­um-aged ac­counts sell­ing.

Two ad­di­tional points I would make:

  • while the me­dia does con­firm that mem­bers used fake IDs, this is com­mon to many or all card­ing fo­rums; more im­por­tant­ly, I can­not con­firm their ac­count of the demise of based on the 2012 in­dict­ment, and no one in Google men­tions any “celtic” in com­bi­na­tion with The redac­tions make it diffi­cult to be sure, but they do not seem to have usu­ally redacted the user­names or pseu­do­nyms or nicks (eg pg40), and in the lists of redacted de­fen­dants’ offens­es, few short­-names come off with large quan­ti­ties of forged items or other such vi­o­la­tions. While the Farm­ers Mar­ket in­dict­ment listed enough de­tails that I could be sure that it was mostly due to Hush­mail rolling over (as in­deed proved to be the case), here I’m not sure of any­thing; the in­dict­ment goes into the wrong de­tails for me to feel I can in­fer any­thing.
  • At least one of their claims seems false: yes, SR might ban an ac­count for fil­ing a false re­port against a sell­er. But it can’t lock you out based on your IP or some­thing like that; the Tor hid­den ser­vice ar­chi­tec­ture sim­ply does­n’t al­low for that, as far as I know. The most it could do is maybe set a cookie and not let any­one with a cookie from a banned ac­count log in or reg­is­ter an ac­count, but that is triv­ially by­passed by delet­ing all cook­ies or us­ing an incog­nito mode or us­ing a differ­ent brows­er.

A coun­ter-ob­jec­tion is that celtic-KoC might have de­lib­er­ately dropped Nevada IDs and non-bit­coin pay­ment to throw off any­one fa­mil­iar with the pre­vi­ous iden­ti­ty. But in this sce­nar­io, pre­sum­ably the ab­sence would be for pub­lic con­sump­tion and any­one re­quest­ing ei­ther would get what they asked for as they be­came juicy tar­gets for his in­ves­ti­ga­tion. This can be eas­ily tested just by ask­ing; so 2 throw­away ac­counts mes­saged KoC on those is­sues:

  1. First con­ver­sa­tion:

    • “I know they’re not list­ed, but would it be pos­si­ble for you to do ei­ther a Utah or Nevada li­cense? (Ide­ally with UV and holo­gram.)”

    • “I won’t be able to do Nevada but I may be able to do Utah with UV and holos, i’ll get back to you in the next cou­ple days on that”

  2. Sec­ond:

    • “bro how are you, do you make Nevada li­cense and do you ac­cept WU OR MG thanks”

    • “I don’t do Nevada DL’s at the mo­ment but I can do a bunch of differ­ent states that aren’t list­ed, what else are you in­ter­ested in? I don’t ac­cept WU or MG but if you go un­der the ‘Money’ sec­tion of SR and go to the ven­dor ‘FreeMoney’ he will be able to ex­change your WU or MG or Mon­ey­pak for ₿. Re­gards.”

While his con­sis­tent dis­avowal of both non-bit­coin pay­ments and mak­ing Nevada li­censes might sim­ply be try­ing to be con­sis­tent in his per­sona, that would im­ply con­sid­er­able para­noia on his part about be­ing rec­og­nized—and makes this pos­si­bil­ity that much more un­like­ly.


When will we know? The in­dict­ment was signed 2012-01-10. The ear­li­est dates men­tioned in it are in 2007, but most of the early dates seem to be in 2009, in line with a >2 year in­fil­tra­tion which sug­gests a 2-3 year lag (or pos­si­bly as much as 5 years). The KoC ac­count is listed as 1 year old and con­sis­tent with that, he has ini­tial fo­rum posts dat­ing back to March 2012. That sug­gests any busts will come March 2014-2015, up to 2017. (I can’t guess whether the hy­po­thet­i­cal SR bust would be faster or slower than SR is much more se­cure and de­cen­tral­ized from a sell­er’s point of view, so one might ex­pect it to take longer; but SR is also much higher pro­file as far as I can tell and so one could ex­pect there to be much more pres­sure to de­liver some sort of vic­to­ry.)

What’s my cur­rent opin­ion? Read­ing through all of the above, think­ing about the diffi­cul­ties of at­tack­ing SR (KoC can only have ac­cess to small fry buy­ers, not SR staff like Dread Pi­rate Robert­s), I feel that I can only as­sign 20% to a pre­dic­tion that by March 2015, “there will have been a bust (>10 named de­fen­dants) re­lated to forged IDs eg. dri­ver’s li­cens­es, linked to the SR ven­dor KoC”.

We’ll see.


In Oc­to­ber 2013, SR1 was raided and its op­er­a­tor Ross Ul­bricht was ar­rest­ed; a few months lat­er, sev­eral em­ploy­ees were also ar­rest­ed.

Part of the ini­tially re­leased ev­i­dence was a pho­to­graph of sev­eral fake IDs for Ul­bricht pur­chased on SR1 (which he seems to have used for buy­ing server host­ing) which had been in­ter­cepted by Cus­toms around 2013-07-10. This was strik­ing, and some peo­ple claimed the IDs in the photo looked like KoC’s IDs. This was con­firmed in a De­cem­ber 2014 fil­ing in his trial42

Is this con­fir­ma­tion? Well, the fil­ing does not de­scribe KoC as a CI or UC, but it also does not de­scribe how the KoC pack­age was in­ter­cepted other than “as part of a rou­tine bor­der search”, which sounds im­plau­si­ble for any fake ID ship­ment (fake IDs should not trig­ger any drug dogs and are likely shipped in en­velopes rather than bulkier pack­ages) and es­pe­cially im­plau­si­ble in that it just so hap­pens to be a ship­ment to a per­son of in­ter­est; if Ul­bricht’s name had been en­tered in some sort of screen­ing data­base, that would be plau­si­ble but the fil­ing specifi­cally men­tions the pack­age was ad­dressed to a “Josh”; and the early July 2013 date seems a bit too soon for the SR1 server imag­ing in June 2013 to have de-anonymized Ul­bricht to the point where his phys­i­cal ad­dress was known and his mail could be screened. KoC be­ing a CI/UC would re­solve the ques­tion im­me­di­ate­ly, but di­rect ev­i­dence of this is ab­sent.

So I think the ex­act role KoC played in the fall of SR1 re­mains un­cer­tain.

Bitcoin exchange risk

“Be­ware the Mid­dle­man: Em­pir­i­cal Analy­sis of Bit­coin-Ex­change Risk” com­piles a list of Bit­coin ex­changes and which ones have died or failed to re­turn one’s money (see also the fol­lowup ); I was in­ter­ested in the av­er­age risk per day, but the pa­per did not in­clude the rel­e­vant fig­ure, so I copied the raw data and par­tially repli­cated their analy­sis in R:

exchange <- read.csv("")
# log transform busy-ness per paper
exchange$ActiveDailyVolume <- log1p(exchange$ActiveDailyVolume)
# calculate lifetime lengths
exchange$Days <- as.integer(as.Date(exchange$Dates) - as.Date(exchange$Origin))
# but the paper says "The median lifetime of exchanges is 381 days"!
# The difference may be due to me defaulting each exchange opening/closing to the 1st of the month,
# since the paper's table on pg3 only specifies month/year.
#    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
#      15     168     344     365     565     930

# Rough daily risk percentage calculation: # of lossy exchange-days / total exchange-days:
(sum(exchange$Repaid==0, na.rm=TRUE) / sum(exchange$Days)) * 100
# [1] 0.03421
# eg. so leaving funds on an exchange for a month is ~1% (0.03 * 30 = 0.899 ~= 1)

# replicate Cox model survival curve & regression
# plot aggregate survival curve
surv <- survfit(Surv(exchange$Days, exchange$Closed, type="right") ~ 1)
plot(surv, xlab="Days", ylab="Survival Probability")

# see how the moderators help predict exchange death
cmodel <- coxph(Surv(Days, Closed) ~ Breached + ActiveDailyVolume + AML, data = exchange)
# ...
#   n=40, number of events=18
#                       coef exp(coef) se(coef)     z Pr(>|z|)
# Breached           0.80309   2.23242  0.57129  1.41    0.160
# ActiveDailyVolume -0.22233   0.80065  0.10493 -2.12    0.034
# AML                0.00156   1.00157  0.04230  0.04    0.970
#                   exp(coef) exp(-coef) lower .95 upper .95
# Breached              2.232      0.448     0.729     6.840
# ActiveDailyVolume     0.801      1.249     0.652     0.983
# AML                   1.002      0.998     0.922     1.088
# Concordance= 0.696  (se = 0.08 )
# Rsquare= 0.116   (max possible= 0.94 )
# Likelihood ratio test= 4.91  on 3 df,   p=0.178
# Wald test            = 5.22  on 3 df,   p=0.156
# Score (logrank) test = 5.41  on 3 df,   p=0.144

predict(cmodel, type="risk")
#  [1] 1.0062 1.2807 1.8416 1.4132 0.6280 0.6687 2.5166 1.4629 1.3860 1.3283 0.8558 1.6955 1.1386
# [14] 0.9682 0.6275 1.9333 0.5593 1.1443 1.1941 1.8569 1.9889 3.6656 0.9899 0.9849 0.5649 0.6393
# [27] 0.5527 0.4847 0.5212 0.8798 0.5222 0.8132 0.8166 0.5222 0.4404 1.2850 0.6114 1.0574 0.9704
# [40] 1.8765
# difference between the paper's risk ratios and the calculated risks:
predict(cmodel, type="risk") - exchange$Risk.Ratio
#  [1] -0.1138438  0.0007105 -0.1684229 -0.1768372 -0.0219620  0.0586867 -1.3333981 -0.1070626
#  [9] -0.0639567 -0.1416868 -0.0841594 -0.1044674 -0.1013990 -0.0117733  0.0174954  0.0533416
# [17]  0.0293197  0.0543248  0.0540563 -0.2930878 -0.2411229 -0.7444104 -0.0901261  0.0348886
# [25]  0.0348513  0.0392880  0.0327111  0.0347424  0.0311519 -0.0302076  0.0321711  0.0532302
# [33]  0.0165801 -0.0178064 -0.0095536 -0.1650013 -0.0186322 -0.0825834 -0.0696364 -0.3535190
summary(predict(cmodel, type="risk") - exchange$Risk.Ratio)
#    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
# -1.3300 -0.1090 -0.0203 -0.0992  0.0323  0.0587

# Moving on; replicate the logistic regression they ran on predicting breaches:
lbreach <- glm(Breached ~ ActiveDailyVolume + I(Days/30), family="binomial", data = exchange)
# ...
# Deviance Residuals:
#    Min      1Q  Median      3Q     Max
# -1.158  -0.671  -0.283  -0.102   2.982
# Coefficients:
#                   Estimate Std. Error z value Pr(>|z|)
# (Intercept)        -4.4996     1.7666   -2.55    0.011
# ActiveDailyVolume   0.7730     0.3182    2.43    0.015
# I(Days/30)         -0.1048     0.0698   -1.50    0.133
#     Null deviance: 42.653  on 39  degrees of freedom
# Residual deviance: 32.113  on 37  degrees of freedom
# AIC: 38.11

Moore has pro­vided his orig­i­nal R source code, his ex­change data, and an­ti-money-laun­der­ing-laws data, so his orig­i­nal analy­sis can be repli­cated by any­one in­ter­ested in the top­ic.

Estimating DPR’s fortune minus expenses & exchange rate

Ron & Shamir 2013, based on blockchain analy­sis, es­ti­mates SR/DPR earned ₿633,000 in com­mis­sions; the FBI in­dict­ment states that it was ₿614,305, pre­sum­ably based on the seized site data­bas­es. It’s been sug­gested that the ex­pense of run­ning SR, and the large changes in the ex­change rate, may sub­stan­tially re­duce how many bit­coins DPR ac­tu­ally could have saved up, pos­si­bly to as low as ₿“150-200k”. (The logic here is that if SR earns com­mis­sions of ₿100 in 2011 but needs to pay $100 of host­ing bills, it needs to sell all ₿100 but in 2013, it would need to sell only ₿1.)

DPR surely spent some of the com­mis­sions on run­ning SR & him­self, but run­ning a web­site is­n’t that ex­pen­sive, and how badly the ex­change rate bites will de­pend on de­tails like how it fluc­tu­ated over time, how sales grew over time, and how big the ex­penses re­ally are. The re­duc­tion could be tiny, or it could be huge. It’s hard to tell based just on a gut es­ti­mate.

So: be­low, I take es­ti­mates of SR growth from and the FBI in­dict­ment, in­fer lin­ear growth of SR sales, es­ti­mate daily ex­pens­es, and com­bine it with his­tor­i­cal Bit­coin ex­change rates to show that DPR prob­a­bly has most of his bit­coins and 200k or lower is right out.


My strat­egy is to model Silk Road’s growth as lin­ear in dol­lar amounts, but with differ­ent amounts of bit­coins each day de­pend­ing on the ex­change rate, sub­tract a daily op­er­at­ing cost, and then sum the com­mis­sions.

So say that on 2012-01-01, SR did $10k of busi­ness, and the ex­change rate was 1:100, so ₿100 in turnover, and SR gets an av­er­age com­mis­sion of 7.4%, so it would get ₿7.4.

To do this, I need to es­ti­mate the rev­enue each day, the ex­penses each day, the com­mis­sion each day, and the ex­change rate each day. Then I can mul­ti­ply rev­enue by com­mis­sion, sub­tract the ex­pense, and sum the left overs to get an es­ti­mate of the to­tal bit­coins avail­able to DPR which he could (or could not) have spent.


  1. Em­ploy­ees: we know that Lib­er­tas and one or two oth­ers were em­ployed at salaries of $1-2k per week. I’ll as­sume there were 2 oth­ers, and each was paid the max of $2k per week, which means to­tal daily em­ployee ex­penses is = $571 per day. (Un­for­tu­nate­ly, the in­dict­ment does­n’t give any clear in­di­ca­tion of their num­bers, just re­fer­ring to them as ‘they’.)

    This is a con­ser­v­a­tive es­ti­mate since I’m pretty sure that SR was a one-man op­er­a­tion un­til prob­a­bly in 2012.

  2. The servers: we know there were at least 2 servers (the main site, and the fo­rum­s). The task of host­ing the sites does not seem to be too band­width or disk-space in­ten­sive, and servers are ex­tremely cheap these days. The use of Dat­a­ and Gi­gaTux sug­gest DPR was us­ing cheap VPSes. I’ll es­ti­mate a monthly ex­pense of $500 ($250 a piece) which per day is $16.

    This is also very con­ser­v­a­tive.

  3. DPR: his rent of $1000/­month has been widely bruited about, and in gen­eral he re­port­edly spent lit­tle. Makes sense to me, I’ve met and seen the rooms of a few well-paid geeks in SF like DPR, and I would be­lieve them if they said they did­n’t spend much money on any­thing but rent & food. I’ll bump this up by $1000 for food and all ex­pens­es, since he ap­par­ently did­n’t even eat out very much. So .

    Dou­bling his rent for to­tal ex­penses is prob­a­bly also con­ser­v­a­tive; for most peo­ple, rent is not >50% of in­come, but SF is in­cred­i­bly ex­pen­sive to live in.

This gives a daily ex­pense of $652 (or a monthly to­tal of $19.1k in ex­pens­es). As you can see, the em­ploy­ees are by far the most ex­pen­sive part of run­ning SR in my es­ti­mate, which makes me won­der if maybe Lib­er­tas was the only em­ploy­ee.


As­sum­ing the de­tails about DPR hir­ing hit­men in the in­dict­ments are rea­son­ably ac­cu­rate, we can throw in two large ex­pens­es:

  1. an $80k ex­pen­di­ture for killing his Mary­land em­ploy­ee. The first pay­ment of $40k was made on 2013-02-04 and the sec­ond/­fi­nal pay­ment of $40k was made on 2013-03-01 (pg9). If we use the ex­change rate of those two days, then the hit cost DPR (40000 / 20.42) + (40000 / 34.24) = ₿3127

  2. the sec­ond hit was priced in bit­coins (pg23):

    Through fur­ther mes­sages ex­changed on March 31, 2013, DPR and redand­white agreed upon a price of 1,670 Bit­coins

So the hits cost DPR some­where around ₿4797. An ex­tremely large and painful amount, by most stan­dards, but still nowhere near ₿10k—­much less high­er.

Revenue over time: first and last days


Ta­ble 3 pro­vides a break­down of the feed­back rat­ings from 184,804 feed­back in­stances we col­lect­ed…In Fig­ure 12, we plot an es­ti­mate of the daily com­mis­sions col­lected by Silk Road op­er­a­tors as a func­tion of time. We sim­ply reuse the pre­vi­ous es­ti­mates, and ap­ply both the fixed 6.23% rate, and the sched­ule of Ta­ble 4 to each item. We find that the new sched­ule turns out to yield on av­er­age a com­mis­sion cor­re­spond­ing to ap­prox­i­mately 7.4% of the item price.

The FBI:

From Feb­ru­ary 6, 2011 to July 23, 2013 there were ap­prox­i­mately 1,229,465 trans­ac­tions com­pleted on the site…$79.8 mil­lion (USD) in com­mis­sions.

Ac­cord­ing to Bit­coin Charts, on 2013-07-23, the Mt­Gox price was $91. (As the most fa­mous ex­change, any FBI es­ti­mate al­most cer­tainly used it.) So that im­plies =₿876,923. Or to put it the other way, at $79.8m in trans­ac­tions, then us­ing Christin’s 7.4% es­ti­mate, to­tal sales were $1,078,000,000 or ₿10,780,000.

Wikipedia says “These trans­ac­tions in­volved 146,946 unique buyer ac­counts, and 3,877 unique ven­dor ac­counts.”, and “The to­tal rev­enue gen­er­ated from trans­ac­tions was 9,519,664 bit­coins. Com­mis­sions col­lected from the sales by Silk Road amounted to 614,305 bit­coins.”

(So the num­bers aren’t too differ­ent: 614k vs 876k and 10.8m vs 9.5m.)

We’ll set 2011-02-06 to $10 in sales (prob­a­bly not too far from the truth). But what about 2013-07-23? pg20 of the in­dict­ment says:

For ex­am­ple, on July 21, 2013 alone, DPR re­ceived ap­prox­i­mately 3,237 sep­a­rate trans­fers of Bit­coins into his ac­count, to­tal­ing ap­prox­i­mately $19,459. Vir­tu­ally all of these trans­ac­tions are la­beled “com­mis­sion”.

= $262,959 that day. $20k in com­mis­sions is ex­tremely im­pres­sive, since Christin es­ti­mates only $4k/­day com­mis­sions as late as the end of July 2012—so SR must have grown by 500% from 2012 to 2013. We use this rev­enue es­ti­mate as our end­point and in­ter­po­late from $10 to $262,959 over the ~900 days SR ex­ist­ed. This is a con­ser­v­a­tive way of mod­el­ing SR, since the graphs in Christin in­di­cate that SR saw sig­moid growth in 2012, and 2013 would’ve seen even more growth (to be con­sis­tent with the 2013 July com­mis­sion dat­a­point be­ing 5x the 2012 July com­mis­sion dat­a­point).

Exchange rate

I grab weighted price for each day be­tween 2011-02-06 & 2013-07-23, and stuff it in a CSV.


sr <- read.csv("")
sr$Sales <- c(10, rep(NA, 890), 262959, NA, NA)
## revenue increased by $300 a day:
l <- lm(Sales ~ as.numeric(Date), data=sr); l
# Coefficients:
#      (Intercept)  as.numeric(Date)
#             -285               295
sr$Sales <- predict(l, newdata=sr)
sum(with(sr, (Sales * 0.074 - 652) / ExchangeRate))
# [1] 803397

Or we can run the es­ti­mate the other way: if DPR had to spend $652 a day and con­verted at that day’s ex­change rate, and we took into ac­count the hit­men, how many bit­coins would he have spent in to­tal?

sum(with(sr, 652 / ExchangeRate))
# [1] 127154
(614305 - 127154) - 4797
# [1] 482354


Ob­vi­ously ₿803k > ₿614k, which im­plies that the lin­ear model over­es­ti­mates sales in the early life of SR; but go­ing the other di­rec­tion and es­ti­mat­ing just from costs & hit­men & to­tal com­mis­sion, we still wind up with nearly ₿500k (and that was after mak­ing a bunch of highly con­ser­v­a­tive as­sump­tion­s). The fewer sales (and com­mis­sions) early on, the less of a fixed num­ber of bit­coins will be sold. So, while it may ini­tially sound plau­si­ble that DPR could have been forced to part with say ₿400k to pay for SR and sundry ex­pens­es, the dis­tri­b­u­tion of sales and fluc­tu­a­tions of Bit­coin value mean that this sim­ply does not seem to be the case.

Un­less there are some aban­doned yachts float­ing around the SF Bay Area, DPR/Ross Ul­bricht prob­a­bly has ₿500k-614k.

The Bet: BMR or Sheep to die in a year (by Oct 2014)

On 2013-10-30, I offered to any com­ers 4 es­crowed Bit­coin bets re­lat­ing to whether Black­Mar­ket Re­loaded and Sheep Mar­ket­place would sur­vive the next year. I posted it to

Re­ac­tions were gen­er­ally ex­tremely neg­a­tive, ac­cus­ing me of scam­ming, be­ing LE, pre­tend­ing to be the es­crow nan­otube, etc. No one took any of the bets and I shut the books on 2013-11-06. For pos­ter­i­ty, I am archiv­ing a copy of my state­ment be­low.


BMR & Sheep have demon­strated their dan­ger, but few DNM-users seem to gen­uinely ap­pre­ci­ate this. I am pub­licly bet­ting that they will fail in the near-fu­ture. If you think I am wrong, just try to take my money and prove me wrong! Oth­er­wise, spare us your cheap talk.

Hi! I’m . You may re­mem­ber me from such DNM web­pages as , and /r/silkroad. To­day I’m here to talk to you about Black­Mar­ket Re­loaded & Sheep Mar­ket­place.

(A signed ver­sion of this 2013-10-30 post will be posted as a com­ment, be­cause I wish to use Mark­down for­mat­ting; my PGP key is avail­able.)


With the fall of SR, we’re all very sad: it was a good site which per­formed a use­ful func­tion. But life goes on, so it’s no sur­prise we’re all mov­ing on to new DNMs. That said, I am con­cerned by the ac­cu­mu­lat­ing pat­tern I am see­ing around BMR and Sheep, and by the delu­sional op­ti­mism of many of the users.


Black­Mar­ket Re­load­ed, since the fall, has been marked by a pat­tern of ar­ro­gance, tech­ni­cal in­com­pe­tence, dis­missal of prob­lems, tol­er­ance for sell­ers keep buyer ad­dresses & is­su­ing threats, as­tound­ing tol­er­ance for in­for­ma­tion leaks (all the im­ple­men­ta­tion in­for­ma­tion, and par­tic­u­larly the VPS in­ci­dent with the user data leak; mir­rors: 1, 2), etc. We know his code is shitty and smells like vul­ner­a­bil­i­ties (pro­gram­mer in 3 differ­ent IRC chan­nels I fre­quent quoted bits of the leaked code with a mix­ture of hi­lar­ity & hor­ror), yet some­how back­opy ex­pects to rewrite it bet­ter, de­spite be­ing the same per­son who wrote the first ver­sion and the ba­sic se­cu­rity prin­ci­ple that new ver­sions have lots of bugs. (I’m not ac­tu­ally both­ered by the DoS at­tacks; they’re is­sues for any site, much less hid­den ser­vices.)

And then there’s the things he’s not telling us. At­lantis shut down be­cause they were wor­ried about con­tacts from LE, and thus far this shut down seems to have saved them; but BMR has been around sev­eral times longer than At­lantis—­would it not beg­gar be­lief if LE had not made con­tacts, at­tempted SR-style stings, or in­fil­trated BMR staff? And re­mem­ber how we were able to dis­cover all sorts of leaks in DPR’s opsec once we had the in­dict­ment and knew what to look for? Or con­sider the claims be­ing made about the Project Black Flag Leaks, where some­one claims to have ac­cessed a laun­dry list of in­for­ma­tion from its in­ter­nal­s—only after Metta DPR de­cided to rip-and-run. If this is what we see pub­licly for BMR, what on earth is go­ing on be­hind the sce­nes?

back­opy should have handed on BMR weeks ago, but is still around. He seems to plan to re­peat SR/DPR’s mis­takes ex­act­ly: leak in­for­ma­tion all over the place, never re­tire, and just keep on un­til he is busted and takes who-knows-how-many peo­ple down to prison with him. He has learned noth­ing. What, ex­act­ly, is his exit strat­e­gy? What goals does he have and when will they ever be sat­is­fied? He has been run­ning BMR for more than 2 years now, and has not left. How does this story end: of a man who does not know his lim­its, does not have abil­ity equal to the task, and re­fuses to quit while he’s ahead? It ends with a par­ty-van, that’s how it ends.

And hardly any­one seems trou­bled by this! The BMR sub­red­dit is full of bustle; peo­ple are even hail­ing back­opy as a “hero” for al­low­ing with­drawal of bit­coins. (How gen­er­ous of him.)


Is Sheep any bet­ter? No. BMR is trou­bled and prob­a­bly in­fil­trated at this point, but Sheep may well be a dead mar­ket walk­ing at this point. No one has a good word to say about its cod­ing, so there may well be BMR-style is­sues in its fu­ture. More im­por­tant­ly: the ver­i­est Google search would turn up that clear­net site, and it has been pointed out that the clear­net Czech site hosted by Hexa­Geek was un­can­nily sim­i­lar to the ac­tual hid­den ser­vice. It uses al­most the same ex­act tech­nol­o­gy, and the offi­cial ex­pla­na­tion is that they had “fans” (fans? who set up, many months ago, be­fore any­one gave a damn about Sheep, an en­tire func­tion­ing mir­ror while cloning the soft­ware stack and be­ing in a for­eign non-Eng­lish-s­peak­ing coun­try just like the Sheep ad­min­s?). Ridicu­lous! DPR may have set up a Word­Press site, but at least ‘al­toid’ did­n’t run an en­tire SR mir­ror! (He left that to & Sheep’s likely about one sub­poena of Hexa­Geek away from fun party times in the par­ty-van.

The Wager

I am un­in­ter­ested in see­ing Sheep/BMR busted and lots of new­bies caught be­cause they can’t ap­pre­ci­ate the pat­terns here. Peo­ple don’t take mere crit­i­cism se­ri­ous­ly, and even if I lay it all out like here, and I men­tion that I have an , they still won’t be­cause any­one can doom-mon­ger and is­sue warn­ings, it won’t get through to them. I want to get through to them—I want them to un­der­stand the risks they’re tak­ing, I want them to re­flex­ively use PGP, and I want them to leave bal­ances on sites for as short a time as pos­si­ble. So! I am putting my money where my mouth is.


I and 3 oth­ers are pub­licly wa­ger­ing ₿4 ($816 at to­day’s rate), ₿1 each, on the fol­low­ing 4 bets:

  1. BMR will not be op­er­at­ing in 6 months:

    25%; 1:3 (you risk ₿3 and if BMR is still op­er­at­ing, you win our ₿1, else you lose the ₿3 to us)

  2. BMR will not be op­er­at­ing in 12 months

    40%; 1:1.5 (you risk ₿1.5 & BMR is op­er­at­ing in a year, you win our ₿1, else lose ₿1.5)

  3. Sheep will not be op­er­at­ing in 6 months

    30%; 1:2.3 (y­our ₿2.3 against our ₿1)

  4. Sheep will not be op­er­at­ing in 12 months

    60%; 1:0.66 (you risk ₿0.66 against our ₿1)

The ₿4 are cur­rently stored in 1AZvaBEJMiK8AJ5GvfvLWgHjWgL59TRPGy (proof of con­trol: IOqEiWYWtYWFmJaKa29sOUqfMLrSWAWhHxqqB3bcVHuDpcn8rA0FkEqvRYmdgQO4yeXeNHtwr9NSqI9J79G+yPA= is the sig­na­ture by 1Az of the string "This address contains bitcoins for the BMR/Sheep bet run by gwern.").

  • BMR = kss62ljxtqiqdfuq.onion

  • Sheep = sheep5u64fi457aw.onion

  • The ex­act de­fi­n­i­tion of ‘not op­er­at­ing’ in­cludes but is not lim­ited to this: on noon EST of 2013-04-30 (6-months) or 2014-10-30 (12-month­s), if Nan­otube can visit the rel­e­vant DNM, cre­ate a buyer ac­count, de­posit bit­coins, and or­der an item, then the site is op­er­at­ing. If de­posits or new ac­counts or pur­chases are not al­lowed or not pos­si­ble, it is not op­er­at­ing.

    At his own dis­cre­tion, the ar­bi­tra­tor can take into ac­count other fac­tors, like wide­spread re­ports that a mar­ket has been raided and turned into a sting op­er­a­tion.


Ar­bi­tra­tion & es­crow are be­ing pro­vided by Nan­otube, a long-time Bit­coin user & -otc trader, who has han­dled some past bets (most fa­mous­ly, the ₿10,000 bet be­tween the Ponzi schemer pi­rateat40 & Van­droiy) and I be­lieve can be trusted to es­crow this one as well; he has agreed to a nom­i­nal fee of 1%.

(I am not us­ing Bets of Bit­coin be­cause they have a dis­hon­est & ex­ploita­tive rule-set, and I am not sure Pre­dic­tious would al­low these bet­s.)


If you dis­agree and are man enough to take our bets, post the amount you are bet­ting on which bet, and Nan­otube will sup­ply an ad­dress for you to trans­fer your bit­coin to. When it ar­rives in his wal­let, then our bet will be in effect.

May the most ac­cu­rate be­liefs win.

Statistical considerations

In my past bet­ting & pre­dict­ing, I have found it use­ful to start with some sim­ple base rates & sta­tis­ti­cal cal­cu­la­tions as a way of an­chor­ing my sub­jec­tive con­sid­er­a­tions. Nei­ther ap­proach is ex­tremely re­li­able, but they can help us fig­ure out what are rea­son­able-look­ing es­ti­mates and we can in­crease or de­crease them based on the ob­served se­cu­rity is­sues to get a fi­nal es­ti­mate which will be bet­ter than ei­ther ran­dom guess­ing based on gut-feel or blind ac­cep­tance of num­bers spat out by a mod­el.

In my bet, I used an ear­lier ver­sion of this analy­sis, and after look­ing at the var­i­ous re­sults, set­tled on gut-es­ti­mates as fol­lows:

  1. BMR 6-month shut­down risk: 35%
  2. BMR 12-month: 50%
  3. Sheep 6-month: 40%
  4. Sheep 12-month: 50%

After ex­pand­ing the data to in­clude Deep­bay and con­tin­u­ing to ob­serve the DNMs, I would per­son­ally de­crease the risk for BMR and in­crease for Sheep (a choice vin­di­cated when Sheep shut down with a scam in late No­vem­ber, not long after my analy­sis).

Basic data

I am in­ter­ested in web­sites sell­ing drugs over Tor or i2p, us­ing cryp­tocur­ren­cies like Bit­coin/Lite­coin/­Do­ge­coin, al­low­ing mul­ti­ple sell­ers other than the site op­er­a­tors, and pro­vid­ing some sort of es­crow func­tion­al­i­ty. This ex­cludes clear­net sites like Top­ix, sin­gle-ven­dor shops like Mod­ern Cul­ture or Bungee54, card­ing shops like Tor Carders Mar­ket, host­ing ser­vices like Cryuserv or Bad Wolf, DNM-focused fo­rums like The Hub, and fo­rums for buy­ers & sell­ers to deal di­rectly with each other like The Ma­jes­tic Gar­dens.

This data is cur­rent as of 2013-11-12 and is used in the fol­low­ing sur­vival analy­sis:

Mar­ket Started End­ed/cur­rently Months op­er­at­ing Sta­tus Notes
Silk Road Jan­u­ary 2011 Oc­to­ber 2013 33 closed Raided
At­lantis 2013-03-26 Sep tem­ber 2013 6 clo sed Vol un­tary shut down; scam? Losses not clear
Deep­bay June 2013 2013-11-04 5 close d [s­cam ](http­s://­dit.­com/r/Bit­coin/­com­ments/1qae­wa/deep­bay_­mar­ket­place_own­er_steal­s_sites_bit­coin­s/)
Bud­ster 2013-10-10 2013- 10-20 0 closed [ scam?](ht tp­s://we­­b/20150518085349/http­s://­dit.­com/r/Bud­ster/­com­ments/1ove9w/has_any­one_­made_a_pur­chase_yet/c­cw8s­rh)
Project Black Flag 2013-10-14 2013- 10-28 0 closed [ scam](htt ps://­dit.­com/r/­Dark­Net­Mar­ket­s/­com­ments/1pegu­v/pbf_rip/)
Black­Mar­ket Re­loaded June 2011 No­vem­ber 2013 30 open
Sheep Mar­ket­place Feb­ru­ary 2013 No­vem­ber 2013 10 open
Buy­It­Now April? 2013 No­vem­ber 2013 8 open buyitnowquyft7dx.onion
Pan­dora 2013-10-21 Novem ber 2013 1 open `pand ora­jodqp5zr­r.o­nion`
Silk Road 2 2013-11-06 Novem ber 2013 0 open
Tor­mar­ket 2013-11-07 Novem ber 2013 0 open `torm arkoza­e­gyv­co.o­nion`; no re­ports of sales yet

Survival analysis

I have some ba­sic fa­mil­iar­ity with from my lengthy analy­sis of , so I thought I’d take a stab at a sur­vival analy­sis of the DNMs:

market <- read.csv(stdin(),header=TRUE, colClasses=c("factor","Date","Date","logical","factor"))

market$Days <- as.integer(market$Ended - market$Started)
surv <- survfit(Surv(market$Days, market$Dead, type="right") ~ 1)

 time n.risk n.event survival std.err lower 95% CI upper 95% CI
    1     11       1    0.909  0.0867        0.754            1
    7      8       1    0.795  0.1306        0.577            1
  152      6       1    0.663  0.1628        0.410            1
  179      5       1    0.530  0.1761        0.277            1
  979      1       1    0.000     NaN           NA           NA

# Confidence intervals show not enough datapoints to really estimate!
# 6-month mortality:
sixm <- 1 - (1-((1-0.53)/179))^(365.25/2); sixm
[1] 0.3813
# 12-month mortality
1 - (1-((1-0.53)/179))^(365.25)
[1] 0.6172

plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI")
A sur­vival curve cal­cu­lated from 11 DNMs

So, a 40% risk of fail­ing in 6 months and 62% in a year. Not good news. But can we do bet­ter?

Expanded sample: Bitcoin exchanges

As it hap­pens, I pre­vi­ously wrote some R code to do an­other sur­vival analy­sis as well, this one of Bit­coin ex­changes like Mt­Gox, check­ing a pub­lished pa­per’s re­sults. A Bit­coin ex­change is an on­line web­site which trades in Bit­coins, is a tar­get for hack­ers, and is often of ques­tion­able le­gal­i­ty—so they’re ac­tu­ally quite a bit like DNMs in some re­spects. What if we try to bor­row strength by com­bin­ing the DNMs & ex­changes into a sin­gle dataset, in­clude a dummy vari­able in­di­cat­ing DNM or ex­change, es­ti­mate a sur­vival curve from that dataset, and pre­dict?

Con­tin­u­ing from be­fore:

market$Type  <- as.factor("")

exchange <- read.csv("")
exchange <- with(exchange, data.frame(Marketplace=Exchange, Started=as.Date(Origin), Ended=as.Date(Dates),
                                      Dead=as.logical(Closed), Cause=NA))
exchange$Days <- as.integer(as.Date(exchange$Ended) - as.Date(exchange$Started))
exchange$Type <- as.factor("exchange")

allSites <- rbind(exchange, market)

# plot aggregate survival curve
surv <- survfit(Surv(allSites$Days, allSites$Dead, type="right") ~ 1)
plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI")
The 11 DNMs lumped in with a few dozen Bit­coin ex­change sites

We can try ask­ing whether the DNMs seem to be riskier:

cpmodel <- cph(Surv(Days, Dead) ~ Type, data = allSites, x=TRUE, y=TRUE, surv=TRUE)
# ...
#                   Coef   S.E.   Wald Z Pr(>|Z|)
# 0.2128 0.5644 0.38   0.7061

The risk does seem to be higher (odds ra­tio of 1.24) but un­sur­pris­ingly we can’t have much con­fi­dence in the es­ti­mate yet.

With the sur­vival curve and an es­ti­mate of DNM risk, we can ex­tract sur­vival es­ti­mates for the stil­l-liv­ing DNMs:

conditionalProbability <- function (d, followupUnits, cmodel) {
    chances <- rep(NA, nrow(d)) # stash results

    for (i in 1:nrow(d)) {

        # extract chance of particular subject surviving as long as it has:
        beginProb <- survest(cmodel, d[i,], times=(d[i,]$Days))$surv
        if (length(beginProb)==0) { beginProb <- 1 } # set to a default

        tmpFollowup <- followupUnits # reset in each for loop
        while (TRUE) {
            # extract chance of subject surviving as long as it has + an arbitrary additional time-units
            endProb <- survest(cmodel, d[i,], times=(d[i,]$Days + tmpFollowup))$surv
            # survival curve may not reach that far! 'survexp returns 'numeric(0)' if it doesn't;
            # so we shrink down 1 day and try again until 'survexp' *does* return a usable answer
            if (length(endProb)==0) { tmpFollowup <- tmpFollowup - 1} else { break }

        # if 50% of all subjects survive to time t, and 20% of all survive to time t+100, say, what chance
        # does a survivor - at exactly time t - have of making it to time t+100? 40%: 0.20 / 0.50 = 0.40
        chances[i] <- endProb / beginProb
allSites$SixMonth <- conditionalProbability(allSites, (365/2), cpmodel)
allSites$OneYear <- conditionalProbability(allSites, 365, cpmodel)

allSites[allSites$Type=="" & !allSites$Dead,][c(1,8,9)]
   Marketplace SixMonth OneYear
# 46         BMR   1.0000  0.3679
# 47       Sheep   0.8084  0.6429
# 48    BuyItNow   0.8248  0.7286
# 49     Pandora   0.6934  0.5720
# 50         SR2   0.6765  0.5579
# 51   Tormarket   0.6765  0.5579

While it seems rea­son­able to ex­pect these mar­kets to sur­vive with high con­fi­dence for a few months, I am left quizzi­cal by the es­ti­mate that BMR has a 100% chance of sur­viv­ing for half a year, yet a 37% chance of sur­viv­ing for a year. I could ac­cept the 37% es­ti­mate, but 100% is bizarre and re­flects the lim­its of this ap­proach.


A nifty way of es­ti­mat­ing some things come from (ad­di­tional de­riva­tions): s fail­ures and n to­tal chances to fail, is . nshep­perd offers a more gen­eral for­mu­la: the prob­a­bil­ity that the next site will last for at least ‘z’ time, given to­tal run­ning of all DNMs of t months with n shut­downs is .

Pooled, al­l-mar­kets (SR+BMR+Sheep+Deepbay+BIN+PBF+Budster+SR2+TorMarket), # of fail­ures vs # num­ber of live months:

  • by Laplace: 5/(33+6+5+0+0+30+10+8+1+0+0) = 5/93 = 0.0434 = 5.4% chance of clo­sure per mon­th; gen­er­al­ly: 1 - (93 / (93+1))^5 = 100 - 95% = 5% chance of clo­sure in the first month

    1. 6 month sur­vival: (93 / (93+6))^5 = 73% chance of sur­vival = 27% clo­sure
    2. 12-month sur­vival: (93 / (93+12))^5 = 54% chance of sur­vival = 46% clo­sure

By mar­ket:

  • BMR:

    1. 6-mon­th: 33 / (6 + 33) = 0.84 = 84% sur­vival = 16% clo­sure
    2. 12-mon­th: 33 / (12 + 33) = 0.73 = 73% sur­vival = 27% clo­sure
  • Sheep:

    1. 6-mon­th: 9 / (6 + 9) = 0.60 = 60% sur­vival = 40% clo­sure
    2. 12-mon­th: 9 / (12 + 9) = 0.43 = 43% sur­vival = 57% clo­sure

I be­lieve both sets of es­ti­mates are lower than the true risk, given what I have dis­cussed about the sites’ se­cu­rity & anonymi­ty.



Archives of SR pages

For my­self & other peo­ple, I some­times archive sets of DNM pages; they may be of in­ter­est to oth­ers, so I pro­vide a list here:

  1. See also the fol­lowup look­ing at DNMs in gen­er­al: , Soska & Christin 2015↩︎

  2. Given the ex­e­crable & am­a­teur qual­ity of the PHP code which pow­ered BMR, it is diffi­cult to see how any­one sane could trust the site again.↩︎

  3. “Meet The Dread Pi­rate Roberts, The Man Be­hind Boom­ing Black Mar­ket Drug Web­site Silk Road”, pg2 (Sep­tem­ber 2013 Forbes).↩︎

  4. “The emer­gence of deep web mar­ket­places: a health per­spec­tive”, Caudevil­la; ch7, The In­ter­net and drug mar­kets 2016:

    At the end of 2012 and dur­ing 2013, the En­ergy Con­trol team was aware of the grow­ing pop­u­lar­ity of DWMs through in­for­ma­tion pro­vided by recre­ational drug users. An ex­ploratory search of the avail­able mar­kets at that time (Silk Road, Black Mar­ket Re­loaded and Sheep) prompted the de­vel­op­ment of the IDTS pro­vided by En­ergy Con­trol and fo­cus­ing on DWMs.

    Dur­ing the first quar­ter of 2014, a spe­cific pro­to­col with ob­jec­tives, pro­ce­dures, meth­ods and tech­niques was elab­o­rated us­ing TEDI (Transna­tional Eu­ro­pean Drug In­for­ma­tion: TEDI, 2014) guide­lines as a ref­er­ence. All sam­ples were analysed by . The fee for a sim­ple analy­sis was EUR 50 (to be paid in bit­coin­s). All funds raised were put back into run­ning the pro­ject.

    A one-year pi­lot project started in April 2014; drug users who pur­chase drugs in DWMs were the tar­get pop­u­la­tion. Sev­eral threads in the main DWM fo­rums were opened offer­ing gen­eral in­for­ma­tion about the IDTS with links to a spe­cific IDTS page on En­ergy Con­trol’s web­site ( 12 ). An email ad­dress for users to con­tact the ser­vice for de­tailed in­for­ma­tion about the process was made avail­able. After sub­mit­ting sam­ples for analy­sis, users re­ceive a de­tailed re­port with drug test re­sults and spe­cific and in­di­vid­u­alised harm re­duc­tion in­for­ma­tion. Users were en­cour­aged to en­gage with En­ergy Con­trol ex­perts by emails or in DWM fo­rums in or­der to re­solve their ques­tions.

    …A to­tal of 129 sam­ples were analysed over this pe­ri­od, as shown in Fig­ure 7.2. Users are asked about the type of sub­stance they be­lieve they have pur­chased. In 120 of 129 sam­ples (93%), the main re­sult of the analy­sis was con­sis­tent with the in­for­ma­tion pro­vided by the user. In the re­main­ing 9, the sam­ple con­tained an­other drug, a mix­ture of sub­stances was de­tected or it was not pos­si­ble to de­ter­mine the com­po­si­tion of the sam­ple with the an­a­lyt­i­cal tech­niques em­ployed. The main re­sults of the drug test­ing are shown in Ta­ble 7.2 was the sub­stance most fre­quently sub­mit­ted for analy­sis. Pu­rity lev­els were high, al­though more than 50% of sam­ples were adul­ter­at­ed. was the adul­ter­ant most fre­quently de­tect­ed, in 43% (23 out of 54) of sam­ples. Other adul­ter­ants de­tected in co­caine sam­ples were in 9% (5 out of 54), caffeine (1 sam­ple) and (1 sam­ple). sam­ples (in both pill and crys­tallised forms) showed high lev­els of pu­ri­ty, and no adul­ter­ants or other ac­tive in­gre­di­ents were de­tect­ed. Other sam­ples analysed were and (n = 3), , , , , , syn­thetic cannabi­noids (n = 2), , , , , , , , , , , and (n = 1). Re­sults for MDMA pills, show­ing very high dosages of MDMA that can lead to sig­nifi­cant ad­verse or toxic effects, are sim­i­lar to those re­ported by other harm re­duc­tion groups offer­ing drug test­ing pro­grammes (TEDI, 2014). The high fre­quency of non-adul­ter­ated co­caine sam­ples is also no­table, al­though lev­amisole con­t­a­m­i­na­tion seems to be a wide­spread prob­lem, as re­ported in the rest of the global drug mar­ket…An­other in­ter­est­ing as­pect is the low fre­quency of ‘’ in sam­ples sub­mit­ted for analy­sis.

    TABLE 7.2: Test re­sults for sam­ples analysed by the En­ergy Con­trol In­ter­na­tional Drug Test­ing Ser­vice (Sam­ples analysed be­tween April and De­cem­ber 2014. Cat­e­gories with n < 5 sam­ples not in­clud­ed.)

    Sam­ple n Only main com­pound de­tected Pu­rity (m ± SD) Range
    Co­caine 54 48.1% (26/54) 70.3 ± 19.9% 5-99%
    MDMA (crys­tal) 9 100% (9/9) 91.1 ± 8.0% 78-99%
    MDMA (pills) 8 100% (8/8) 142.1 ± 40.2 mg 94-188 mg
    Am­phet­a­mine (speed) 8 37.5% (3/8) 51.6 ± 34.6% 10-98%
    LSD 8 100% (8/8) 129.7 ± 12.1 μg 107-140 μg
    Cannabis resin 5 100% (5/5) THC: 16.5 ± 7.5% / CBD: 3.4 ± 1.5% THC: 9.1-16.4% / CBD: 1.6-5.3%
    Ke­t­a­mine 5 40% (2/5) 71.3 ± 38.4% 27-95%
  5. “Sources: DEA probes Silk Road, sus­pected on­line hub for il­le­gal drugs”, 2013-09-22:

    “So far, un­for­tu­nate­ly, their sys­tem has been some­what suc­cess­ful,” said a fed­eral law en­force­ment source in­volved in the in­ves­ti­ga­tion into the site. “Our goal is to make sure that does­n’t con­tinue to be the case.” Fed­eral charges have yet to be brought against the site or its ad­min­is­tra­tors, but an­other law en­force­ment source in­volved in the Silk Road probe said high­-tech in­ves­tiga­tive meth­ods used by the gov­ern­ment are help­ing in­ves­ti­ga­tors build a case. Those meth­ods in­clude en­cryp­tion-crack­ing tech­nol­ogy and the ex­ploita­tion of se­cu­rity weak­nesses in some en­crypted email and in­stant mes­sage soft­ware used by Silk Road cus­tomers, the source said. Efforts to find any known op­er­a­tor of Silk Road were un­suc­cess­ful.

    The en­crypted chat pro­gram may be (given its pop­u­lar­i­ty) or (given its se­ri­ous se­cu­rity is­sues & its known use by the At­lantis ad­min­is­tra­tors, who shut down in Sep­tem­ber 2013 cit­ing se­cu­rity is­sues); the “en­crypted email” is al­most cer­tainly a ref­er­ence to , which al­lowed emails set in the clear & which server was seized in the Ju­ly/Au­gust FBI raids on Free­dom Host­ing.↩︎

  6. For ex­am­ple, the British writes in “How il­le­gal drugs are bought and sold on the dark web”:

    How­ev­er, Silk Road is still up and run­ning. A source close to the FBI told Chan­nel 4 News that it has “ex­cep­tion­ally good op­er­a­tional se­cu­rity”, and its own­ers avoid per­sonal meet­ings in or­der to stay un­der the radar.

    This sounds like the FBI might know quite a bit about DPR—except that month be­fore, Andy Green­berg had writ­ten in Forbes:

    At one point dur­ing our eight-month pre-in­ter­view courtship, I offer to meet him at an undis­closed lo­ca­tion out­side the United States. “Meet­ing in per­son is out of the ques­tion,” he says. “I don’t meet in per­son even with my clos­est ad­vi­sors.” When I ask for his name and na­tion­al­i­ty, he’s so spooked that he re­fuses to an­swer any other ques­tions and we lose con­tact for a month.

  7. A poster on the SR fo­rums claims:

    The beauty of this sys­tem is that the buyer has no idea who is sell­ing them the drugs. I still talk to some peo­ple I used to work with and they talk about this place. They don’t know what to do about it. In gen­er­al, the po­lice are in­ter­ested in get­ting drug deal­ers. They will ar­rest buy­ers to get to the deal­ers. They try to flip small time deal­ers to get to big­ger deal­ers, but that rarely hap­pens. Usu­ally they are just get­ting other small deal­ers. The only way I know of that they could prove you were us­ing SR is by seiz­ing your com­puter and find­ing ev­i­dence on it or by you telling them. Even if that hap­pens, they still won’t be able to get to the deal­er. SR is very frus­trat­ing to law en­force­ment. I just talked to a cop who was at a con­fer­ence where the DEA was talk­ing about SR. Ac­cord­ing to him, they don’t have a clue with how to bust this place and the DEA guy was one of their com­puter ex­perts.

  8. DPR pub­licly claims the at­tack was so­phis­ti­cated and fea­tured ze­ro-days; from his 2013 Forbes in­ter­view:

    Q: What can you tell me about the cy­ber­at­tack that hit the Silk Road in May? How big was it? How long did it last? Is it still go­ing on? Do you know any­thing about who is re­spon­si­ble?

    A: It lasted nearly a week if I re­call cor­rect­ly. Hack­ers and scam­mers are con­stantly try­ing to at­tack Silk Road any­way they can. Every­one knows there’s a lot of money flow­ing through here, so we are the biggest tar­get on the Tor net­work by far. This has been a bless­ing and a curse. For one, our sys­tems are in­cred­i­bly re­silient to at­tack and are con­stantly be­ing test­ed. On the other hand, we are on the fron­t-line deal­ing with and re­act­ing to all of the lat­est ex­ploits. We do our best to stay at least one step ahead, but as we saw last mon­th, some­times we get taken by sur­prise by some­one with a zero day ex­ploit. This one was by far the most so­phis­ti­cated we’ve seen to date. I’d rather not com­ment on the par­ties re­spon­si­ble for the at­tack or the specifics of the at­tack it­self.

    Q: So this was not merely a dis­trib­uted de­nial of ser­vice at­tack? It was a zero day ex­ploit? Did it gain ac­cess to any data or sim­ply knock the site offline?

    A: I’m not one hun­dred per­cent on this, but I don’t think it’s pos­si­ble to do a DDoS over Tor, or at least it is much harder than do­ing it over the clear net. The effect of the at­tack was to block ac­cess to Silk Road. No data was leaked, in fact we’ve never had a data leak.

    Q: Do you be­lieve the at­tack was or­ches­trated by your com­peti­tors at At­lantis, as many have sug­gest­ed?

    A: I’d rather not com­ment on the par­ties re­spon­si­ble for the at­tack.

  9. Which in­cludes SR founder Dread Pi­rate Roberts and his suc­ces­sor; for a se­lec­tion of their writ­ings on the top­ic, see Green­berg’s “Col­lected Quo­ta­tions Of The Dread Pi­rate Roberts, Founder Of Un­der­ground Drug Site Silk Road And Rad­i­cal Lib­er­tar­ian”.↩︎

  10. Dread Pi­rate Roberts on SR’s data re­ten­tion pol­icy c. Ju­ly/Au­gust 2012:

    • ad­dresses are kept on record un­til your ven­dor has marked your item as shipped. I en­cour­age every­one to en­crypt their ad­dress to their ven­dor’s pub­lic key just in case.
    • mes­sages are kept for two months. again, sen­si­tive data trans­mit­ted through our mes­sag­ing sys­tem should be en­crypt­ed.
    • trans­ac­tion records, in­clud­ing feed­back are kept for 4 months. I said 3 in an­other thread, but upon dou­ble check­ing, it is 4. We do this be­cause the data con­tained in the trans­ac­tion record, in­clud­ing the buy­er, is used to weight the feed­back for that trans­ac­tion. After 4 months, the age weight has pretty much re­duced the weight to zero any­way, so we no longer need the da­ta. If you want fur­ther ex­pla­na­tion about this, check out the wiki page and fo­rum thread about the feed­back weight­ing sys­tem.
    • the ac­count­ing log is kept for 3 months. Only 2 weeks are dis­played so an ad­ver­sary who gains ac­cess to your ac­count won’t be able to see all of that his­to­ry.
    • with­drawal ad­dresses are not kept, but every­one should re­al­ize that the time and amount of the with­drawal could nar­row down which trans­ac­tion it was in the blockchain quite a bit, es­pe­cially if it was an un­com­mon amount.
    • deleted items are kept for 4 months. this is to pre­serve the in­tegrity of the link to the trans­ac­tions as­so­ci­ated with the item.
    • user ac­counts with a zero bal­ance and no ac­tiv­ity for 5 months are delet­ed.

    …These time pa­ra­me­ters were ar­rived at through trial and er­ror. They are as tight as we can make them with­out sac­ri­fic­ing the in­tegrity of the mar­ket. Could they be a lit­tle tighter? Maybe by a week or two, but please think through the im­pli­ca­tions of pol­icy changes be­fore you call for them.

    That SR1 did have such a data re­ten­tion pol­icy has been con­firmed by the FBI in its JTAN search war­rant re­quest, but it’s un­clear whether the re­ten­tion pol­icy was un­der­mined by the SR1 backup sys­tem:

    In an­a­lyz­ing the con­fig­u­ra­tion of the Silk Road Web Server, the FBI has dis­cov­ered that the server reg­u­larly purges data from these data­bases older than 60 days. Thus, the im­age of the Silk Road Web Server pos­sessed by the FBI con­tains data re­flect­ing only 60 days of user ac­tiv­i­ty, count­ing back from the date the server was im­aged…How­ev­er, the FBI has also dis­cov­ered com­puter code on the Silk Road Web Server that pe­ri­od­i­cally backs up data from the server and ex­ports that data to an­other serv­er. Test­ing of this backup script has re­vealed the IP ad­dress of the server to which this backup data is ex­port­ed—­name­ly, the IP ad­dress of the TARGET SERVER. Based on analy­sis of the backup script, it does not ap­pear that pre­vi­ously backed-up data is deleted when new back­-ups are made. There­fore, I be­lieve it is likely that the TARGET SERVER con­tains records of user ac­tiv­ity on the Silk Road web­site span­ning a much longer date range than the data kept on the Silk Road Web Serv­er.

  11. Note that this is not a nor­mal WWW site; there are no nor­mal WWW sites for the SR. There was which was ap­par­ently con­trolled in some fash­ion by SR (prob­a­bly to stop do­main squat­ting or scam sites pre­tend­ing to be SR), but what­ever it was, it was­n’t im­por­tant; not up­dated reg­u­larly and no longer work­ing.

    The bad thing about .o­nion URLs is that they are not hu­man-mem­o­rable (see ), and so it is es­pe­cially easy to spread a fake link. In par­tic­u­lar, SR has been the tar­get of many at­tacks, where a ran­dom .o­nion hid­den server is set up to look like SR and ei­ther pre­tends to be SR or just does a , prox­y­ing for the real SR serv­er. For ex­am­ple, one such site has al­ready been linked in the com­ments on this page; it was easy to de­tect as it was even slower than SR (s­ince there are two hid­den servers in­volved), and it blindly for­warded me to the real SR .onion with the fake user/­pass­word pair, ap­par­ently ex­pect­ing that I would be logged in with­out prob­lem. Lat­er, SR in­tro­duced PINs re­quired for any with­drawal of bit­coins, so phish­ers adapted their lo­gin forms to ask for PINs as well. A 2012-2013 ex­am­ple of such a phish­ing page:

    A screen­shot of a SR phish, with the tel­l-tale PIN field cir­cled; pro­vided by anony­mous au­thor

    A re­search pa­per doc­u­mented how to ob­serve traffic vol­umes to par­tic­u­lar hid­den ser­vices, so a blog­ger ob­served hid­den node traffic April-May 2013, and recorded what .onions were be­ing vis­it­ed; no sur­prise, a sub­stan­tial num­ber were SR phish­ing at­tempts (“I have con­firmed that some users were di­rected to these phish­ing pages from links on the ‘The Hid­den Wiki’ (.o­nion).”). Sum­ming the offi­cial & phish­ing URLs for the 2 days his nodes were in charge of SR, he gets a lower bound of 27,836 vis­i­tors to SR & 327 to SR phish­ing sites (so 1.17% of would-be SR vis­i­tors were ex­posed to a phish­ing site) and an up­per bound of 167,016/1,962 (re­spec­tive­ly). An­other way to mea­sure hid­den-ser­vice traffic is to run a DNS server and see how many clients ac­ci­den­tally try to lookup a hid­den ser­vice’s .onion ad­dress; Thomas & Mo­haisen 2014 col­lected leaks 2013-09-10 to 2014-03-31 and found SR1 was 1.4% of leaked re­quests & Agora 1.1%, which given that Agora is grow­ing & SR1 is gone, sug­gests Agora may now be as large as SR1 was. In­ci­den­tal­ly, the dark­net mar­kets seem to make up a large frac­tion of con­tent avail­able as Tor hid­den ser­vices; see the above traffic es­ti­mates and also Spit­ters et al 2014

    Nat­u­ral­ly, noth­ing stops the .onion URLs sup­plied on this page from them­selves be­ing part of a phish­ing/­man-in-the-mid­dle at­tack! This is a fun­da­men­tal se­cu­rity prob­lem: how do you boot­strap your­self into a ? In this case, if you don’t know the SR ad­mins, about all you can do is Google the URLs I have list­ed, and see whether enough other peo­ple claim that they are the true URLs that you will trust the URLs. Caveat emp­tor.↩︎

  12. Specifi­cal­ly, one that will be very diffi­cult to brute-force the hash. This won’t pro­tect you from some com­pro­mises of SR (for ex­am­ple, the server be­ing con­trolled by an at­tacker and har­vest­ing pass­words as they are en­tered by live user­s), but it will pro­tect you from oth­er­s—­for ex­am­ple, if the data­base is stolen, a long pass­word helps frus­trate an at­tempt to de­rive the orig­i­nal pass­word and let them log into your ac­count and en­gi­neer end­less ne­far­i­ous mis­deeds.↩︎

  13. Mix­ing ser­vices are run by var­i­ous peo­ple and not al­ways re­li­able. Meik­le­john et al 2013 re­ported that one coin­tum­bler ser­vice stole their bit­coins, and Möser 2013 tested 3 coin­tum­blers & found 1 was bro­ken.↩︎

  14. Mt.­Gox and My­Bit­coin offer a dou­bly in­struc­tive les­son into why one trusts Bit­coin third-par­ties as lit­tle as pos­si­ble, keeps one’s bit­coins lo­cal­ly, and reg­u­larly back it up; the large Pol­ish ex­change Bit­o­mat offers a third.↩︎

  15. Ad­dresses ought al­ways to be en­crypt­ed, and fur­ther, one must do the en­cryp­tion one­self. If a sin­gle per­son, tool, or site is do­ing the en­cryp­tion for your SR or­der­ing, and only SR en­cryp­tion, then they are an ob­vi­ous tar­get for at­tack­ers like law en­force­ment.

    This is a very real con­cern: in Sep­tem­ber 2011, an older on­line drug mar­ket, “Farmer’s Mar­ket”, was busted and 8 ad­min­is­tra­tors or sell­ers were in­dicted. No user­s/buy­ers seem to have been ar­rest­ed, in­dict­ed, or con­victed yet, but re­port­edly for­mer cus­tomers have got­ten love-let­ter-e­quiv­a­lents from the De­part­ment of Jus­tice warn­ing them & ask­ing for in­for­ma­tion.

    The in­dict­ment does­n’t re­veal how all the ev­i­dence was ob­tained (a­side from the drugs pur­chased by and mailed to agents), but the de­fen­dants all used a Cana­dian email ser­vice called which pro­vides a Web in­ter­face for emails en­crypted us­ing PGP. Hush­mail ei­ther pro­vides or runs the en­cryp­tion code for the user, and as such, can com­pro­mise users at any time, and in­deed, turned over de­crypted emails to law en­force­ment in the past (“Op­er­a­tion Raw Deal” yielded “12 CDs” of email­s). I per­son­ally stopped us­ing Hush­mail when this was re­vealed in 2007, but it seems the de­fen­dants did not. In Oc­to­ber 2012, a Tor de­vel­oper at­tended an FBI con­fer­ence where a DEA agent told them that “they just had ran­dom Amer­i­cans re­ceive the Pay­pal pay­ments, take a cut, and then turn them into a Pana­ma-based dig­i­tal cur­rency [Pe­cu­nix], and the Panama com­pany did­n’t want to help trace where the money wen­t…the two main peo­ple used Hush­mail to com­mu­ni­cate. After a sub­poena (and ap­par­ently a lot of pa­tience since Canada still is­n’t quite the same as the US), Hush­mail rolled over and gave up copies of all the emails.” (The litany of de­tailed fi­nan­cial records in the in­dict­ment is also a vivid demon­stra­tion of how in­se­cure non-Bit­coin ser­vices can be.) An­other sober­ing ex­am­ple comes from an Aus­tralian child pornog­ra­phy ring which prac­ticed re­mark­able op­er­a­tional se­cu­rity in its use of PGP and Usenet mes­sage groups (as de­scribed in the 2008 Castle­man affi­davit & a sum­mary by Baal): after a mem­ber was flipped due to offline ac­tiv­i­ties, the length in­ves­ti­ga­tion suc­ceeded in pros­e­cut­ing less than half of its mem­bers, prin­ci­pally those mem­bers which had placed their trust in a third-party email/VPN ser­vice called Privacy.LI. Fi­nal­ly, was pop­u­lar with DNM users for pro­vid­ing a hid­den ser­vice, and while it did not be­tray its users, its French servers were seized in the Free­dom Host­ing raid and its emails have since been em­ployed by the FBI.↩︎

  16. I only used the stan­dard Bit­coin es­crow. (Need­less to say, Pay­pal is com­pletely out of the ques­tion.) SR has an­other es­crow scheme where the es­crowed amount is tied to the cur­rent ex­change rate, in or­der to pro­tect the seller against ex­change rate volatil­i­ty; that es­crow is doc­u­mented in the an­nounce­ment and the “Es­crow hedge” sec­tion of the Buy­er’s Guide.

    Volatil­i­ty, par­tic­u­larly dur­ing Bit­coin’s pe­ri­odic bub­ble such as the move from $1 to $30 dur­ing SR1’s early his­to­ry, has been sug­gested as a rea­son Bit­coin is in­ap­pro­pri­ate for DNMs (left un­said, typ­i­cal­ly, is what non-cryp­tocur­rency would be a safe al­ter­na­tive or what al­ter­na­tive cryp­tocur­rency would be ex­pected to be less volatile were it to be­come as suc­cess­ful as Bit­coin). But how does volatil­ity affect DNMs?

    Volatil­ity up­wards is, of course, largely a good thing for DNMs, as they pro­duce a wealth effect. (Un­sur­pris­ing­ly! Why would Bit­coin be­com­ing more valu­able be bad for a Bit­coin-based econ­o­my? If that’s a dis­as­ter, may Heaven send us many more such dis­as­ter­s.) The buy­ers, who have been hold­ing or ob­tain­ing bit­coins to pre­pare for fu­ture drug pur­chas­es, now have a more valu­able as­set; and the sell­ers, who are typ­i­cally hold­ing even larger sums, get an un­earned wind­fall profit. And the buy­ers who have a pur­chase in­-flight may have missed out on a dis­count com­pared to if they had wait­ed, yes, but there are rel­a­tively few such peo­ple at any given in­stant (you only buy drugs every so often, after all) and they seem to take it fairly philo­soph­i­cally since they know they would­n’t’ve been hold­ing those bit­coins if they had­n’t been in­tend­ing to spend them buy­ing drugs in the first place. As much as old SR1ers joke about how they spent $500,000 of Bit­coin on LSD, every­one knows that’s not how it re­ally works. And there’s no “de­fla­tion­ary spi­ral”, be­cause DNMs rep­re­sent only a tiny frac­tion of trans­ac­tions, and any­way who’s go­ing to hold off a drug or­der just be­cause of the pos­si­bil­ity of a 5% in­crease the next day? If some­one re­ally be­lieved in Bit­coin be­ing a great in­vest­ment, they’d sim­ply buy some more bit­coins to off­set their pur­chas­es.

    The re­ally bad thing is when prices crash. This sets up an ugly dy­namic for un­hedged sell­ers: typ­i­cally you still have to pay your ex­penses and your sup­plier in a fi­at, so do you con­tinue ship­ping out or­ders pre-paid with bit­coins which are now worth a lot less and may well in­cur a loss? That was al­ways the prob­lem on SR1 as I re­call it: ris­ing prices were great, but after a crash like -50%, some sell­ers could­n’t or would­n’t de­liv­er. (Sim­i­lar to exit scams. Not every­one was good about be­ing ad­e­quate­ly-cap­i­tal­ized or hav­ing safe profit mar­gins or avoid­ing debt.)

    This is bad un­til the in­-flight or­ders get worked out, one way or an­oth­er. Of course, sub­se­quent or­ders are then pegged to the new lower ex­change rate so the prob­lem is tem­po­rary. If Bit­coin dropped 90%, there’d be mass can­cel­la­tions and a lot of anger, but after all the sturm und drang, it would go mostly back to nor­mal maybe with a num­ber of sell­ers banned or their rep­u­ta­tion per­ma­nently tar­nished, ex­cept an or­der which cost 0.1btc the week be­fore now costs 1btc etc. And any neg­a­tive wealth effect, I sup­pose, from buy­ers eat­ing the loss on their held bit­coin & need­ing to stock up, and feel­ing poorer and or­der­ing less.↩︎

  17. “Fi­nal­iza­tion” can be done be­fore the pack­age ar­rives, but ob­vi­ously this leaves you open to a bad sell­er. I have never fi­nal­ized ear­ly, and I re­gard as id­iots any­one who does—an opin­ion borne out by re­ports of a SR scam in April 2012 where the high­ly-rated seller Tony76 held an at­trac­tive sale re­quir­ing early fi­nal­iza­tion; the hun­dreds of or­ders never ap­peared, and he left with thou­sands of bit­coins. (See the SR fo­rum thread for Tony76 re­views for dis­cus­sion ad nau­se­am.) He ran a pri­vate store as well, and that has been es­ti­mated at steal­ing >5,800 bit­coins. The pro­ce­dure is also in­ter­est­ing; cap­tain­jojo:

    From every in­di­ca­tion Tony76 was set­ting every­thing up for this a cou­ple of weeks in ad­vance. He re­fused to send via ex­press or pri­or­ity or any type of tracked ship­ment, so it would take longer be­fore peo­ple could say their pack­age was­n’t com­ing. He asked for FE from ba­si­cally every­body, he opened up in­ter­na­tion­al. He then told every­one he was go­ing offline to get caught up, fur­ther ob­scur­ing things. The sim­plest an­swer would seem to be he just com­pleted one of the biggest scams on SR and is re­lax­ing sea­side with a Mar­garita with 60-100k of every­body’s mon­ey.

    This fail­ure mode was fore­seen by cypher­punks back in the 1980s & 1990s; Tim­o­thy C. May’s com­ments on the is­sue have al­ready been quot­ed. The of Christin 2013 gives us a SR-wide look into the prac­tice of FE:

    We ob­serve that 20,884 in­stances of feed­back con­tain vari­a­tions of “F.E.,” “fi­nal­iz­ing ear­ly,” or “fi­nal­ize ear­ly.” This shows that fi­nal­iz­ing early is a rather com­mon prac­tice on SR. There does not ap­pear to be [sub­stan­tial­ly] more prob­lems re­ported with feed­back in­clud­ing such strings (only 342 of them map to a rat­ing of 1 or 2). This seems to show that es­tab­lished sell­ers that are offered the op­tion of re­quest­ing early fi­nal­iza­tion from their cus­tomers do not abuse that priv­i­lege….A third ob­ser­va­tion is that item 4 stops be­ing sold im­me­di­ately after April 20. The last time it is ob­served on the site is April 25, be­fore be­ing de-list­ed. From dis­cus­sions in SR fo­rums [6], it ap­pears that the seller of that item abruptly left the mar­ket­place, po­ten­tially leav­ing a large num­ber of paid, fi­nal­ized ear­ly, or­ders un­ful­filled. In other words, there is sus­pi­cion of a “white­wash­ing at­tack [12],” whereby a seller cre­ates an ex­cel­lent rep­u­ta­tion, be­fore us­ing that rep­u­ta­tion to de­fraud users and leav­ing the sys­tem. In hind­sight, the 20% drop in price oc­cur­ring just prior to April 20 was con­sid­er­ably steeper than all the other pro­mo­tional dis­counts. This could have been an in­di­ca­tor that the seller was not in­tend­ing on ful­fill­ing their or­ders and was in­stead ar­ti­fi­cially low­er­ing prices in hopes of at­tract­ing large num­bers of cus­tomers to de­fraud.

    I’d note that this does­n’t show that one can F.E. heed­less­ly, since it is a de­scrip­tion of the cur­rent sta­tus quo in which users know not to F.E. light­ly; this only proves a claim like ‘ex­ist­ing sell­ers re­quest­ing early fi­nal­iza­tion have not yet ma­jorly abused it’. An­other ma­jor is­sue is that these es­ti­mates are an up­per bound due to 3 sources of un­der­es­ti­mat­ing neg­a­tive re­views (per­sonal com­mu­ni­ca­tion, 2013): Christin’s crawl had ac­cess is­sues in April 2012 and so did not cap­ture any non-FE post-4/20 re­views left for Tony76; the dele­tion of banned seller pages—Tony76’s page was gone by the time the crawl re­sumed—means that neg­a­tive re­views are much more likely to not be pub­licly ac­ces­si­ble; and peo­ple who were scammed do not seem to re­li­ably up­date their “5/5 FE” re­views. The fi­nal 2013 pa­per reads

    We ob­serve that 20,884 in­stances of feed­back con­tain vari­a­tions of “F.E.”, or “fi­nal­iz­ing early”, ac­count­ing for spelling vari­a­tions (“fi­nal­ize” vs.“fi­nalise”) and word or­der (“early fi­nal­iza­tion” vs “fi­nal­ize early”). Feed­back in­clud­ing such strings does not, at first glance, ap­pear [sub­stan­tial­ly] worse: only 342 of them map to a rat­ing of 1 or 2. There is how­ever a [sub­stan­tial] caveat be­hind this find­ing. A buyer that fi­nal­izes ear­ly, leaves a good rat­ing, and ends up be­ing de­fraud­ed, does not have to lower their rat­ing; do­ing so is purely vol­un­tary, and other than by sheer al­tru­ism, there is lit­tle in­cen­tive to do so. In fact, buy­ers may not even have the pos­si­bil­ity of up­dat­ing their feed­back, if a rogue seller shuts their page down after hav­ing ab­sconded with their vic­tims’ mon­ey.

  18. To quote a SR seller:

    I don’t think I’m risk­ing much. It would be al­most im­pos­si­ble for law en­force­ment to find me. They would need to find out where the pack­age came from, and go to that mail­box, and have a po­lice offi­cer wait a few weeks for me to re­turn to that mail­box. All just be­cause they found a 100mg of a Sched­ule II drug in an en­ve­lope. Al­so, they would­n’t sus­pect me. My crim­i­nal record is per­fectly clean. Not even a park­ing mis­de­meanor…I doubt that I could be caught. They would need to find out the mail­box that I’ve been putting the pack­ages in, and then have some­one wait there and watch me, and then they would need to prove that I was the one who put it in the mail­box. So if they could back­-track and find out where the pack­age came from, then maybe they could catch me. Al­so, there are many differ­ent mail­boxes around me, so I put the pack­ages in differ­ent mail­boxes each time. Defi­nitely can’t hurt.

    A Red­di­tor com­ments on the ju­ris­dic­tional ad­van­tages of go­ing through USPS (as is usu­ally rec­om­mended in seller dis­cus­sion­s); I do not know if he is cor­rect, but the de­scrip­tion sounds plau­si­ble:

    Al­so, once it’s in the mail­box, it’s prop­erty of the US postal ser­vice, and they’re VERY par­tic­u­lar about what hap­pens to it. No one (in­clud­ing other agen­cies) can carry weapons in a post office ex­cept for postal in­spec­tors, nor can they in­ves­ti­gate mail on their own; it has to go through the post office it­self.

  19. I was not wor­ried at all. I’ve re­searched very care­fully how many modafinil users have ever been pros­e­cuted for any rea­son, and it is a hand­ful at most out of mil­lions of users, and that in­cludes peo­ple or­der­ing from on­line phar­ma­cies which are far less se­cure than SR. As well, the most sim­i­lar ex­am­ple, Farmer’s Mar­ket (see pre­vi­ous foot­note) showed no pros­e­cu­tions of their cus­tomers, and they had ter­ri­ble se­cu­ri­ty. So I was safe on mul­ti­ple lev­els: I was buy­ing some­thing al­most never pros­e­cut­ed, I was a cus­tomer & not a sell­er, I was buy­ing on a se­cure site, and I was buy­ing small quan­ti­ties.↩︎

  20. I have no idea why the stamps are not ; Wikipedia men­tions that some­times the stamp can­cel­la­tion ma­chines fail and the stamps get a in­stead. One seller men­tions that some­times he re­ceives un­canceled stamps, and ask­ing older rel­a­tives, they did too (and some­times the pack­age or en­ve­lope was can­celed—just not on the stamp­s).↩︎

  21. This met­ric is the per-u­nit cost weighted by an ex­pect­ed-value in­ter­pre­ta­tion of what feed­back im­plies about the risk; see the later Quan­ti­ta­tive sec­tion for the full ex­pla­na­tion.↩︎

  22. See the threads AAKOVEN SELECTIVE SCAMMER!” & “AAkoven—US Buy­ers Be­ware”↩︎

  23. aakoven fo­rum ac­coun­t’s posts↩︎

  24. For unit prices <₿3, I in­crease the unit count un­til it fits within ₿7.5; oth­er­wise, μg/₿ is cal­cu­lated the ob­vi­ous way: dose times quan­tity di­vided by price plus ship­ping.↩︎

  25. Pre­mi­um­DutchUK fo­rum ac­coun­t’s posts↩︎

  26. The pro­lific seller Synap­tic was ex­cluded for fail­ing to pro­vide a pub­lic key; pub­lic keys are not op­tion­al.↩︎

  27. “lonely kamel” fo­rum ac­coun­t’s posts↩︎

  28. Vi­ta­Cat fo­rum ac­coun­t’s posts↩︎

  29. “No FE ever” fo­rum ac­coun­t’s posts↩︎

  30. graffen­burg fo­rum ac­coun­t’s posts↩︎

  31. USAReshipper fo­rum ac­coun­t’s posts↩︎

  32. The sec­ond tran­script of tes­ti­mony by Skin­ner (co-con­spir­a­tor, turned state’s ev­i­dence) has this pas­sage on page 7-8:

    [Skin­ner:] …This [aspirin pill] weighs ap­prox­i­mately a gram. And if it was ground up and every­thing, this would be about 10,000 doses of LSD in the pure crys­talline form.

    Q. And what would then a dosage unit sell for?

    A. At the whole­sale level to the largest cus­tomers in the world, ap­prox­i­mately 29.75 cents per dosage.

    Q. And what would it sell for then on the street at the re­tail lev­el, if you know?

    A. Well, I—I’ve heard as—­fig­ures as high as…$10 per dose.

    Q. (by Mr. Hough) So when a kilo­gram was man­u­fac­tured at this lab and it was then given -

    A. Fronted out to Petaluma Al.

    Q. Fronted out to Petaluma Al, what was the un­der­stand­ing of what that was worth and what -

    A. $2,975,000 ap­prox­i­mate­ly.

  33. Il­lus­trat­ing the dan­ger of early fi­nal­iza­tion even for top sell­ers, he did a “sale” FE rip-and-run in Feb­ru­ary 2013 which net­ted >₿700 (>$21k); re­port­edly he left a Wire quote on his pro­file page: “But, the game’s out there, and it’s play or get played. That sim­ple.” To which one might add, . ETM’s scam played out as it slowly be­came ap­par­ent that an­other LSD sell­er, Lucy­Drop, was pulling the same thing and prob­a­bly had­n’t shipped any of their >600 out­stand­ing or­ders (>$70k).

    I am in­creas­ingly dis­gusted watch­ing these FE scams: while suck­ers will al­ways be suck­ers and peo­ple scammed by FE have mostly them­selves to blame, equally to blame is the SR staff/DPR, for en­abling these scams. They could at any time sim­ply ban FE, and choose not to. Nor am I alone in this; dis­cussing events with sev­eral peo­ple, the con­ver­sa­tion in­vari­ably went some­thing like this:

    • me: [men­tions lat­est FE scam]
    • them: What’s FE?
    • me: Oh, that’s where you de­lib­er­ately re­lease your pay­ment from es­crow to the seller be­fore the goods have ar­rived.
    • them: ??? Why would you ever do that?
    • me: Well, there’s a cou­ple rea­sons. You could do it to be nice to the sell­er, maybe make their cash­flow eas­i­er. Or be­cause you’re a new buyer and should bear some more risk. And… that’s mostly it, re­al­ly.
    • them: Those don’t sound ter­ri­bly im­por­tant. Am I miss­ing any­thing?
    • me: Not that I know of.
    • them: I see. How much did you say these two big re­cent FE scams lost?
    • me: We think that they made away with $40-140k, but it could be more de­pend­ing on how many peo­ple haven’t left feed­back, how many will con­tinue or­der­ing, what ex­change rate they cash out at, etc.
    • them: And how much does SR sell a mon­th?
    • me: Christin 2012 es­ti­mates some­thing like $1.2m a month.
    • them: So this month SR buy­ers have lost to just 1 or 2 scam­mers the equiv­a­lent of a tenth of the en­tire monthly turnover of SR, as much as SR it­self takes in com­mis­sions, all thanks to an al­most en­tirely use­less ‘fea­ture’, and the SR staff have done noth­ing about it?
    • me: Looks like it.
    • them: [hope­ful] Did this ‘early fi­nal­iza­tion’ fea­ture just get added?
    • me: No. It’s been there since the start ~3 years ago. [help­ful­ly] There’s been lots of big scams be­fore this too, like Tony76 who made off with, I think, >$100k in to­tal.
    • them: This looks like the Worst Idea Ever, un­less the SR staff hates the buy­ers and wants them to suffer as much as pos­si­ble. Am I in­sane—or are the SR staff in­com­pe­tent, in­sane, or evil?
    • me: I have no idea.

    The com­pet­ing At­lantis mar­ket­place prided it­self on its less abu­sive early fi­nal­iza­tion sys­tem

    Re­stricted Fi­nal­ize Early (we only al­low our trusted sell­ers [see seller guide for re­quire­ments] to re­quest Fi­nal­ize Ear­ly, the op­tion is not phys­i­cally avail­able for other sell­ers, and re­quest­ing it will have them banned. This has proven to be a price­less tech­nique for pro­tect­ing users and weed­ing out scam­mer­s.)

  34. Look­ing at the re­views posted to the front page and sen­ti­ment on the fo­rum, I would haz­ard a guessti­mate that scam­mers are 0-10% of the mar­ket­place, and prob­a­bly to the low end of that spec­trum. In the Jan­u­ary 2012 one-year an­niver­sary mes­sage, “State of the Road Ad­dress”, the ad­min­is­tra­tor claimed that “over 99% of all trans­ac­tions con­ducted within the es­crow sys­tem are com­pleted to the sat­is­fac­tion of both buyer and sell­er, or a mu­tu­ally agreed upon res­o­lu­tion is found.” Christin 2013’s analy­sis found 99.1% of feed­backs giv­ing 4-5 stars (sim­i­lar to eBay rank­ings) but notes that this can­not pick up scams done out of es­crow (as one might ex­pect many scams to be done).↩︎

  35. A seller can­not nec­es­sar­ily sim­ply pro­vide their pub­lic key & the orig­i­nal mes­sage, and op­er­a­tors en­crypt the mes­sage to the key to get the same en­crypted text, be­cause GPG ap­pears to not be de­ter­min­is­tic. There are en­cryp­tion ap­proaches which would al­low it, but they weren’t in use.↩︎

  36. While BW held up its end of the deal and I un­der­stand why its op­er­a­tor might fear the le­gal con­se­quences, I am a lit­tle dis­ap­pointed that he chose not to pub­lish it; I was re­minded of :

    Thus con­science does make cow­ards of us all,
    And thus the na­tive hue of res­o­lu­tion
    Is sick­lied o’er with the pale cast of thought,
    And en­ter­prises of great pith and mo­ment,
    With this re­gard their cur­rents turn awry,
    And lose the name of ac­tion.

  37. Dis­missal of LE as too in­com­pe­tent to mount at­tacks fea­si­ble for the NSA has be­come much less ten­able as the news has leaked how the NSA has shared data with the DEA’s “Spe­cial Op­er­a­tions Di­vi­sion”. Given the mount­ing weak­nesses in the Tor net­work & hid­den ser­vices, it is likely the NSA could find SR if it wants. The only pos­i­tive as­pect to the Snow­den leaks for SR is that the doc­u­ments show that the NSA goes to con­sid­er­able effort to re­veal data gath­ered through its ad­vanced ca­pa­bil­i­ties only when it is pos­si­ble to come up with a more in­no­cent pos­si­ble source (a “par­al­lel con­struc­tion”), and there does­n’t seem to be any ob­vi­ous way to do that for a SR bust. The most ob­vi­ous place that par­al­lel con­struc­tion might en­ter into SR is the Cus­toms search which—mirabile dictu—just hap­pened to un­cover Ul­bricht’s fake IDs, inas­much as the DEA train­ing ma­te­ri­als on par­al­lel con­struc­tion em­pha­size the value of search­es.↩︎

  38. The op­er­a­tor of the failed (hacked) post-SR2 mar­ket Flo­Mar­ket pro­vides an ex­plicit ex­am­ple in his post-shut­down in­ter­view:

    my­self: who are you in real life, per­son­ally and pro­fes­sion­al­ly?

    Flole: I have de­vel­oped soft­ware for some peo­ple, but I never did it pro­fes­sion­al­ly. I did it just as hob­by, and I learned all pro­gram­ming skills as hob­by.

    Flole: Per­son­ally I am a 15 year old pupil, liv­ing in EU, who has fun de­vel­op­ing soft­ware. I am do­ing it for sev­eral years now.

    Flole: As a side note i can add that I have never tried any drugs, never smoked cig­a­rettes and never drink al­co­hol.

    my­self: How did you ended to de­velop and ad­min a Dark­Mar­ket? and Why? what were you ex­pect­ing from it?

    Flole: I saw that silkroad has been seized and I thought there should be some­thing re­plac­ing it (Silkroad 2.0 has been faster). I have read, that back­opy, ad­min of BMR, made 440.000$ per days, so I though: sounds in­ter­est­ing I mainly ex­pected money and fun from it. I wanted to buy ex­pen­sive DJ equip­ment, so I started the site.

    my­self: what do you think about all the new dark­mar­kets that have been cre­ated late­ly?

    Flole: they tried the same thing I did: Mak­ing profit from SR and BMR shut­down. I think we can’t trust to any of the new sites, since they haven’t been tested for ex­ploits. I will and like my site: Some time all works well, and then they get hacked… They just want to make money easy and fast…

  39. If we were to clas­sify Silk Road / BMR / At­lantis / SMP as the first gen­er­a­tion of Bit­coin+­Tor DNMs and analo­gize them to Nap­ster, then the sec­ond gen­er­a­tion of DNMs, the Bit­Tor­rent of DNMs, will—I think—be the new DNMs which make use of “mul­ti­-sig­na­ture es­crow” to re­move the weak point of a cen­tral­ized site han­dling de­posit­s/e­scrow which can then be hacked or stolen. “The Mar­ket Place” seems to be the pi­o­neer here, but it’s still too early to say whether mul­ti­-sig­na­tures work in prac­tice like they do in the­ory or whether DNM users value the con­ve­nience of a cen­tral­ized site too much.↩︎

  40. A les­son that must be re­learned with every ma­jor theft or loss of Bit­coins. For ex­am­ple, core de­vel­oper Gre­gory Maxwell re­buk­ing blockchain sleuths on 2014-02-27 after the Mt­Gox bank­rupt­cy:

    What peo­ple are do­ing is load­ing up a fa­mous 424k BTC trans­ac­tion MTGox made in 2011. (Or at later 550k BTC trans­ac­tion for which I’m aware of no solid ev­i­dence be­longed at the time to MTGox—Just some spec­u­la­tion by Dooglus) and then click­ing around on the move­ment of funds un­til they find an ad­dress with a large amount of coin avail­able to it.

    The prob­lem is that you would ex­pect a large por­tion of all with­draws from MTGox to be linked in such a man­ner and cer­tainly all very high value ones. Once you’ve gone even one hop you can­not be sure that the coins are con­trolled by MTGox any­more. The al­ter­na­tive hy­pothe­ses that these were large man­ual with­draws to big pur­chasers is equally sup­ported by the da­ta. A sig­nifi­cant frac­tion of all cir­cu­lat­ing coins are “linked” to MTGox—but this does­n’t mean that MTGox cur­rently con­trols them.

  41. Deal­ing with a con­trolled de­liv­ery by sign­ing and then hav­ing “thrown it in the trash” did not work in the case of Matthew Nel­son. I’m not clear on whether just sign­ing and then not tak­ing it any­where is cul­pa­ble or if it was due to the trig­gered search war­rant which turned up ad­di­tional con­tra­band and then en­abled a charge on pos­ses­sion of the pack­age.↩︎

  42. Rel­e­vant ex­cerpt:

    The Gov­ern­ment in­tends to offer ev­i­dence that, while the Silk Road web­site was op­er­a­tional dur­ing 2013, the de­fen­dant at­tempted to pro­cure fraud­u­lent iden­ti­fi­ca­tion doc­u­ments from Silk Road, and that the de­fen­dant leased servers un­der fake iden­ti­ties.

    On or about July 10, 2013, agents with U.S. Cus­toms and Bor­der Pro­tec­tion (“CBP”) in­ter­cepted a pack­age that was in­bound from Canada as part of a rou­tine bor­der search, which con­tained nine fraud­u­lent iden­ti­fi­ca­tion doc­u­ments. (Com­pl. ¶ 42(a)(i)). These coun­ter­feit iden­tity doc­u­ments con­sisted of fake dri­ver’s li­censes bear­ing Ul­bricht’s pho­tograph, but with differ­ent names, and ap­peared to be is­sued by New York, Flori­da, Tex­as, Col­orado, Cal­i­for­nia, South Car­oli­na, Al­ber­ta, Canada, the United King­dom and New South Wales, Aus­tralia. The Gov­ern­ment ex­pects to offer these seized coun­ter­feit iden­ti­fi­ca­tion doc­u­ments into ev­i­dence, through the tes­ti­mony of an agent with Home­land Se­cu­rity In­ves­ti­ga­tions, who, on or about July 26, 2013, per­formed a con­trolled de­liv­ery of the fraud­u­lent iden­ti­fi­ca­tion doc­u­ments to Ul­bricht. (Com­pl. ¶ 42(a)(i­i)). The Gov­ern­ment ex­pects Agen­t-1 to tes­tify that Ul­bricht pro­duced a copy of his true gov­ern­men­t-is­sued Texas dri­ver’s li­cense dur­ing this en­coun­ter, and stat­ed, in sum and sub­stance and among other things, that: (1) “hy­po­thet­i­cally” any­one could go onto a web­site called “Silk Road” and pur­chase any drugs or fake iden­tity doc­u­ments he or she de­sired; and (2) he lived at the res­i­dence to which the pack­age con­tain­ing the fake IDs was ad­dressed, where he was liv­ing un­der the alias “Josh.” (Com­pl. ¶¶ 42(b)(i­i­i)-(iv)).

    Fur­ther, the Gov­ern­ment in­tends to in­tro­duce ev­i­dence that Ul­bricht in fact or­dered these coun­ter­feit iden­ti­fi­ca­tion doc­u­ments off of Silk Road, us­ing the Silk Road user ac­count “she­foundme.” Specifi­cal­ly, be­gin­ning on June 10, 2013-ap­prox­i­mately one month be­fore the nine fake IDs were seized by CBP-“she­foundme” sent a mes­sage on the Silk Road mes­sag­ing sys­tem to a Silk Road ven­dor named “KingOf­Clubs,” in which “she­foundme” in­di­cated he wanted to or­der “a few of your high­est qual­ity IDs.” In sub­se­quent mes­sages, “she­foundme” or­dered nine fake IDs for $1,650 in United States cur­ren­cy, and spec­i­fied that he wanted coun­ter­feit iden­ti­fi­ca­tion doc­u­ments from New York, Flori­da, Tex­as, Col­orado, Cal­i­for­nia, South Car­oli­na, Al­ber­ta, Canada, the United King­dom and New South Wales, Aus­tralia, cor­re­spond­ing to the ju­ris­dic­tions on the nine coun­ter­feit IDs which were ul­ti­mately seized by CBP. On July 5, 2013, “KingOf­Clubs” con­firmed that he had sent the pack­age con­tain­ing the fraud­u­lent iden­ti­fi­ca­tion doc­u­ments to “she­foundme” and that they were sched­uled to be de­liv­ered the fol­low­ing week. On July 18, 2013, “KingOf­Clubs,” pro­vided the United States Postal Ser­vice (“USPS”) track­ing num­ber to “she­found­me,” in re­sponse to com­plaints that the pack­age had not ar­rived, and “she­found­me,” in­di­cated that he checked the USPS web­site, which in­di­cated that the pack­age was “in­bound out of cus­toms on the 10th,” the date on which the coun­ter­feit iden­ti­fi­ca­tion doc­u­ments were seized by CBP.