Home » Articles » TorEscrow, What Happend?
Click Here To Hide Tor

TorEscrow, What Happend?

Well, this Basically:
(We held back this report until now for the case it might be back, but considering the fact that the Admin were pretty active on the forums / Reddit, and we have yet to hear from them, it seems pretty unlikely to happen now)

We really wanted to report something about this case – but this is the only info we have about this.

The same story over again, for an traditional escrow marketplace:

1. Build reputation (let me remind that this market was not only a market but also a third party escrow service – so they had shit load of money in escrow, being an escrow service)

2. Grow (also, be very active on reddit / hub)

3. Say you are going to be an invite only market using some “web of trust” sign for users / vendors. (this one is actually unique for this particular market)

4. Get more users

5. Stop Withdrawals

6. Poof.

7. Have fun.

*8. Optional – Say you got hacked

Sorry for using the same picture for the millionth time.

How to proceed from here?


1. Start here – Multisig Guides
2. Than Continue to here to the multisig category- Updated List of Hidden Marketplaces

Sorry for those who lost money, and hopefully this will not happen again (but it probably will).


  1. What happened is that nothing new happened! The same drill all over again. Really how many more markets are gonna pull an exit scam or pretend to have been hacked for dnm users to move to multisig markets? TorMarket, Sheep, Pandora, SR2, Atlantis, FloMarket, Utopia, BMR, everyone of them hacked or dissapeared overnight. I have now registered at some of the markets offering multisig and will never deal with a vendor on a normal escrow site ever again. Though I wish more of my favorite vendors moved there. But sadly I believe many still wont and this episode will play again and maybe a few more times.

    So to anyone who’s lost money with these markets more then once, no you dont have my pity. serves you right I say.

    • boomers

      multi sig has potential but it is still programed by someone, that someone can program the release of coins also – meaning its not 100% secure.

      Also multi sig is a nightmare if you are a busy vendor doing 30+ transactions a day on a slow, under ddos attack site, just means you have to load 2 or 3 more pages for every transactions these can take up to 3 mins each to load…..

      • DeepDotWeb

        No, multisig that uses the Bitcoin core commands cannot release coins without having the private keys of the participating parties.

        – But generally – you are right, multisig is not a magic solution to every DNM problem – but it does almost eliminates the risk of getting scammed by market admins or hackers. and it by all means better than centralized escrow in terms of keeping the money safe,

        It does have flaws, slower to process, no auto finalize (as far as i know), harder to learn, a market admin can still scam if he work with the vendors,

        but the positive outweighs the negative by far – and every market trying to scam while using multisig will not earn much for sure.

        • 1776 does auto-finalize. From a user perspective it works identically to an ordinary site and from the vendor perspective, its’ just a matter of two cut-and-paste operations per transaction. Literally as simple as it could possibly be made.

          If the timer runs out on a transaction, the site automatically signs the escrow release transaction and forwards it to the vendor. Two cut-and-pastes and it’s in his payout wallet.

  2. > 3. Say you are going to be an invite only market using some “web of trust” sign for users / vendors.

    This seems like hyperbole. Which scam sites ever did that before? TorMarket? Sheep? Offhand, I can’t name any.

    • DeepDotWeb

      Haha Correct! this is in no way part of the normal scam drill,

      Should have been part of the “build reputation part”

      invite / web of trust = “we are here for the long run, trust us”.

    • Silk Road is a scam site. Transaction malleability? LOL.

      • SR2 is no longer claiming it was malleability but a race condition in the check-deposits function.

        • DeepDotWeb

          Can you post the source of the new claim? Didnt catch this.

          • > Can you post the source of the new claim? Didnt catch this.


            > In the wake of Mt. Gox claiming that their Bitcoin exchange service had been the victim of a documented weakness in Bitcoin known as “transaction malleability,” it was thought Silk Road had suffered a similar attack.
            > But after weeks of internal investigations, and with coveted members of the community offering to help, Defcon told me that staff concluded there was a vulnerability in the “Refresh Deposits” function of the site. Using this, the hacker was able to spam the link and exponentially credit their account with more and more bitcoins, taking them out of the section of Silk Road that stored the currency while it was being traded. A large stockpile of bitcoin was in transit at the time because of planned upgrades to the infrastructure of the site.

            > Curious: what do you think?

            The malleability story is clearly wrong at this point, for the same reasons the Mtgox malleability story has been busted; but they say that was a mistake now. If I had to guess, I think it may be true. It tallies with some things I was told by the_avid and with how whyusheep seemed to know of it in advance, and SR2 would not be the first market to have race conditions (indeed, not just markets but exchanges too – I’ve seen and heard others talk about glitches while using Cryptsy which indicated potential race-condition exploits).

        • Curious: what do you think?

          • Its bullshit. Defcon stole the money, but I don’t think the few admins on the site know this. He’s been withdrawing 30BTC of the stolen funds at a time, sending them to admins wallets, and letting the admins partially refund who they see fit.

            The admins probably think each 30 bitcoin packet is coming from the site’s current earnings.

            When DPR2 went mad and did a runner, Defcon pretended he couldn’t find the escrow at christmas. It took all of 10 minutes to find it, a UK vendor emailed admin and said “here it is, at this address”, and it was mysteriously “found”. But I think that was going to be a robbery, but Defcon bottled out.

          • Jim Beam

            @1Ah, do you have any proof of this? If Defcon really stole the money why’s he still there forfeiting his commission to refund users?

            Why is SR2 now not using escrow until they get multisig sorted?

            If it was really him, why didn’t he just take the money and disappear?

            I personally think you’re totally wrong my friend.

  3. site owner could implement javascript or anything else, at server if not in site code, so, he can download javascript in firefox cache when you visit website and when you copy paste your private key. and when you even leave website, he can catch all your username and passwords. I watched video about proxy servers, spanish hackers did it, you use proxy, you get downloaded javascript in firefox, so, even when you leave proxy, it will still send all login information to the people who made proxy. it is like javascript keylogger: http://www.youtube.com/watch?v=0QT4YJn7oVI

    • noMaybe

      That’s why you never use the same keypair (priv+pub) keys more then once. So funds are moved and done with.. and any keylogger catching your strokes and keys means no good.

    • tffg

      Except people who aren’t thickos like you use noscript for precisely this reason.

  4. Tbh, I’d rather pay the vendor directly (without waiting for the order to arrive) than use a markets escrow. The vendor wants to sell his product, scamming customers is counter productive long term. Especially if a vendor has been vending for years… obviously some might still decide to quit and take free money, but for most there’s no point.

    The market owners don’t care, they want a lot of cash on their site. Once they have it just makes more sense to take it and disappear.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *