Its been a while since last time… But it appears that East India Company – One of the newer markets, got hacked, homepage now displays this message:
East India Company is currently offline
The hidden service is either under maintenance or undergoing routine migration to a new location.A Spanish merchant named laBoliviana has found an exploit and decided to abuse it to empty the hot wallet, stealing over 30 Bitcoin. We are in the process of investigating the incident to determine the bug used.
We will not relaunch the service until the cause has been determined and we implement a new 100% multi-signature escrow system.
We will provide more details as we continue our investigation.
We apologize for the software failure and we promise will cover the all the loses suffered once we return.
laboliviana
f251541378ae1c8198613bebbb488bdd651959174d8103bb40f2f678c20ad447
2965d58538ba3af74a4af21f2508059bc4fb81094046e4cf651685b393611eb3
a8d8fff3aad482534220e8cd1fa25f054196fd3db2a420f07c870bd67e6bfe3d
76d5d860ffe1e0e550445fab8605aa24bc7971fe8397614102a7140ca6282411
9fe2ee8a7ee0319819ff178b600c2e3ae00525a54beab74906ac508dac9edc06
44c6613f99fbffc6fbd9efa8d40528cd8f71f7a025f27fae9627665b86123db3
03f747c64f2c386ad5dc8a6c8cf7edc6d017b31344a290bd53a3384fa1b82509
2ca88d374cd3773bd84bf9182520c4601666d75d48d163a9a87733c7472f8307
84afdb670c070b31ac11ee28773d8a0031c9d7a6ad2b8241984f00095c87d554
e15653a6ae7e7aeddeafc2c21a3c82cdf1d3550f43d2f034a84c76ed29b9d5e0We ask you LaBoliviana that you reconsider your decision. If you like to do the right thing LaBoliviana and return the money taken from honset merchants simply trying to provide safe access to drugs during prohibition return the bitcoins back to:
1KpabNf78DzNXMgYHhneJMrwBGjRUbh91U
Update: We have determined the bug was in the escrow system from a previous modification. The servers were not accessed by the attackers and no private data was lost. The attacker used two accounts one customer named nukleus and a merchant account named laboliviana to drain the wallet using this bug in the escrow system. More details we continue our investigation.
If you would like to report the bug, receive a bug bounty and earn more than you stole you can contact us at: BM-2cXu5vwtGnuaQjWxCCoR3PMabt8yAuCUiV.
General support inquiries should be sent to BM-2cXu5vwtGnuaQjWxCCoR3PMabt8yAuCUiV while we are offline. We will return and we will make sure everyone is repaid, we apologize for the inconvience but we must find out exactly what happened and ensure everything is fixed before reopening.
Update: We have been able to replicate the bug used and we are now working on a patch to correct the issue. We will issue updates here as we get closer to bringing the service back online.
From our previous VAST experience with hacked markets we know its a long shot and can only hope that some users will have their money returned to them.