Just one month after the FBI seized the original Silk Road, Silk Road 2.0 emerged to fill the void. Promising to continue Ross Ulbricht's vision, it quickly rose to prominence—only to be revealed as having been infiltrated by law enforcement from nearly the beginning.
Phoenix Rising
- Launch: November 6, 2013
- Operator: "Defcon" (Blake Benthall)
- Duration: Approximately 1 year
- Shutdown: November 6, 2014
- Status: Seized by FBI
Silk Road 2.0 launched on November 6, 2013—exactly one month after the original's seizure. The new site was run by former Silk Road staff members who had escaped the initial takedown.
Initial Leadership
- Dread Pirate Roberts 2 - Original admin (later revealed to be multiple people)
- Defcon - Technical administrator, later primary operator
- Libertas - Irish administrator, arrested December 2013
- Inigo - Staff member, arrested January 2014
The Infiltration
Undercover Operation
What users didn't know: An undercover HSI agent had infiltrated Silk Road 2.0's staff from the very beginning. The agent gained trusted moderator status and had access to internal communications throughout the site's operation.
The Great Heist
In February 2014, Silk Road 2.0 announced that hackers had exploited a "transaction malleability" vulnerability in Bitcoin to steal approximately 4,400 BTC (~$2.7 million) from user escrow.
"I am sweating as I write this..."
"Two of our senior vendors identified a bug in the way our
backend handles rebroadcast attempts of transactions..."
"I must utter words all too familiar: We have been hacked."
"Nobody is in danger, no information has been leaked..."
"Our initial investigations indicate that a vendor
exploited a newly discovered vulnerability..."
Controversy
Many users suspected an inside job or exit scam rather than a genuine hack. The "transaction malleability" explanation was technically possible but convenient. Defcon promised to repay users from commission earnings—a promise only partially fulfilled before the site's seizure.
Blake Benthall: Defcon
Blake Benthall was a 26-year-old from San Francisco with a background in tech companies. His OPSEC failures were remarkably similar to Ross Ulbricht's.
- Personal email: Used personal email to register SR2 server
- IP address: Connected to SR2 infrastructure from home
- Bank account: Received large Bitcoin conversions to personal account
- Luxury lifestyle: Purchased Tesla Model S with Bitcoin proceeds
- Travel patterns: Flew between San Francisco and Thailand frequently
Benthall was arrested on November 5, 2014, at his San Francisco residence. The next day, exactly one year after SR2's launch, the site was seized.
Operation Onymous
Silk Road 2.0's seizure was part of Operation Onymous, a coordinated international law enforcement action that simultaneously took down over 400 .onion sites.
Operation Results
- 17 arrests across 17 countries
- $1 million in Bitcoin seized
- €180,000 in cash, drugs, and gold
- Silk Road 2.0, Cloud 9, Hydra, and others taken down
Unanswered Questions
Law enforcement never fully explained how they located the hidden servers for so many sites simultaneously. Speculation ranged from Tor vulnerabilities to bitcoin tracing to undercover operations. The lack of transparency raised concerns in the security community.
Legacy & Lessons
Key Takeaways
- Infiltration is possible: Undercover agents can gain staff positions
- OPSEC is everything: Same mistakes as original Silk Road
- Escrow is vulnerable: Centralized funds are tempting targets
- Rapid reboots are risky: Law enforcement anticipated SR2
Sentences
| Person | Role | Sentence |
|---|---|---|
| Blake Benthall | Defcon (Operator) | Pending (last update) |
| Brian Farrell | Staff | 8 years |
| Thomas White | Operator (later sites) | 5 years 4 months |