The SM Story, a Hack and then a Scam? HOT!!! the remaining funds of SM are moving right now!!!

Hi,

you can see here a part of the story that led me to discover this Bitcoin address where the SM Stolen Funds were centralized before they were sent to Tumbling.

http://www.reddit.com/r/DarkNetMarkets/comments/1trmgc/sm_was_hacked_by_profesorhouse_it_is_now_prooved/ http://www.reddit.com/r/DarkNetMarkets/comments/1trhna/the_bitcoin_address_where_the_sm_stolen_funds/

The Address is this one :

1D55bWMJeqZTVKACpcZMFjEYfTaqg5jt2E

So ok let's admit that SM was hacked as it seems to be verified now.

5600 BTC woot that's a lot, and by big packets of hundreds of bitcoins hacked from the site.

The hacker, we can surely call "Profesorhouse" now, has use this address to centralize the funds before he sent them to be tumbled and mixed.

So some questions comed to my mind from this, ok let's assume it was a hack, we have the dates on this address that show a lot of things :

but the hacker was clearly not confident with cotinuing the attack to get more coins, or perhaps it was harder to reach the remaining coins, because attacks a then separated by 45 min insead of 15 min the first time.

And then an increasing time between the attacks but still automated : 90 min, then 135 min, then he stopped.

Then he seems to have decided to stop because he achieved 2 more attacks very close to each other the 06/11 after the first one, and then decided to put the BTC stolen into tumbling.

From all these successives atttacks he stole 1200 BTC.

He so send 2700 BTCs into Tumbling, 4x 300 BTC and 3x 500BTC.

At start he send a pack everyday, but then it seems he wanted to get more and so send the remaining packs in one day and go to hack another time SM.

Perhaps he wanted to see the reaction of SM and how they were dealing with the problem, at that time nothing was apparent and SM was announcing nothing, perhpas he wanted SM to get more coins before he continues, we'll never know.

anyway on the 19/11/2013 he goes again and hack again SM, this time it is a little different, not automatized, but manual.

He steals then 400 more BTCs and stop there the hacks.

He now take his time to send the remaining stolen BTCs into the Tumbler by packets of 200, 300, 500 and 100. On the 02/12 he sent the last pack of 100 BTCs ending there the SM hack.

So we can speculate on what happened during that time in SM...

The hack started on the 23/10, one month before SM close on the 21/11.

It seems in the last days of SM the withdrawals were paralyzed anyway, but let's speculate on what happened just after the hack.

They surely discovered at one moment that some bitcoins were missing in the system, perhaps they thought it was a bug, perhaps they thought they could handle the first hack of 4000 BTCs, anyway they did nothing allowing the hacker to steal 1600 more BTCs.

At the end (the last hack was 2 days before the down) they were perhaps thinking they could avoid the next hacks and recover progressively, but it seems they had underestimated the hacker...

So there is another interesting question...the hacker stole 5600 BTC but there was surely more coins in the site at the moment of the hack, and as he took only packs of 100 BTCS, at least some BTCs were remaining on the site.

The answer is yes, there was more of course on the SM Site.

But remember, the SM owner wasn't able to counter the hacks, and he lost 4000 BTCs + 1200 BTCs shortly after. He probably figured out that it was the end a soon as he realized these bitcoins were gone.

Was he wanted to try to recover really? that's not sure, perhaps he was simply trying to get as much money as he could before he shut down the site, knowing he had been robbed the most part of his coins and will never be able to recover.

anyway he obviously thought he could handle the next hacks and kept SM opened.

In the last days i can't imagine he was not planning to escape with some money of the people, and i think it was the reason why he made so much efforts to create the illusion that SM was working fine. the fake "counter" for the withdrawals was one of these efforts.

When he saw the last hack performed with the same facility than previously he probably thought it was time to end SM.

But what happened so? In fact he was hacked at the end of October, but the market stayed opened for the possible reason we have evoqued, so BTCs were still entering the site until the 21/11.

SM was hacked a last time of 400 BTCs at during November but it was not so much compared to what SM was getting as deposits and blocking withdrawals, but surely it was a big concern for the owner.

Despite all the security measures he took the hacker was robbing him again, letting him probably think he could now lost eveything that was remaining on SM.

So he decided that it was impossbile for SM to recover or that it was time to end the scam he started with the hack of 5200 BTCs a month before, and runned away with the remaining BTCs of the site.

As we have the addresses were the Stolen BTCs were coming from we are able to explore a little what was supposed to be the back office bitcoin system of SM.

If the bitcoins were retrieved by packs of 100 BTCs from the backoffice bitcoin system of SM, at one point there should be some remainings of bitcoins after the hack, in the addresses, logically they should have been gathered by the owner. before he ran away.

And yes they were indeed gathered, all the accounts of the back office were completely emptied when SM went down.

So there was obviously a mean to follow these funds to the wallets of the owner after he had them out of the system.

Again there was Tumbling but after an extensive search I located the wallets were ended the remaining funds of SM.

Because until today the funds were immobilized on storage accounts, 2 wallets of 1000 and another one with an unknown amount.

Yes you heard me well "UNTIL TODAY", because in the last hours the funds have started to moove.

Obivously someone decided that it was time to move his funds that were frozen since end of November.

I don't know if my thread and his popularity of the SM case had an influence but for sure the funds that were scammed with SM by the owner are moving as we speak.

I prefer so to not give the addresses he use to move the funds as you read this.

Of course he is running away with about half what "Profesorhouse" hacked but that is more than 2000 BTCs for sure, not so bad...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT :

following always the same tracks of "profesorhouse" i explored a little bit what used to be the SM BackOffice Bitcoin System, meaning all the wallets used to store bitcoins and that were hacked.

As i was saying the hacker has retrieved the BTCs from the site with 100 BTCs packets, so it means there are a lot of small amounts of bitcoins that were staying in the SM Bitcoin system.

As the site was going to close, the owner was surely not going to abandon all these bitcoins, he was going to gathered them.

when you look at the transactions you can see that on the 23/11 he gathered what remains in the addresses of the SM Bitcoin system.

I was surprised to see that all these addresses were gathered in packs of 1000 BTCs and sent to another address which is indeed very interesting.

174psvzt77NgEC373xSZWm9gYXqz4sTJjn

Woot that is what you can call a "Bitcoin address with some activity"!!!!

It is said to be a BTC-E Wallet but i don't think so :

Don't jump too fast on conclusions, the owner of sheepmarket don't own the coins that transit there, he just used the mixing/tumbling service offered, and the tracks stop here, but if you wanted to see what looks like the main address of a big big Tumbler/mixer here is one...


Comments


[6 Points] AdamSandlerFan:

Are you on any amphetamine?


[3 Points] Thisguyisascammer:

What a show.


[1 Points] mdmantra:

All I see is a lot of text. I completely fail to see how any of this is even marginally "prooved" or "verified".

Can you explain how what you're doing is in any way different from what /u/sheepmarketreloaded2 did (ie he chased his meth binge through a few sleepless days, achieving nothing).


[1 Points] throwssilkaway:

TLDR dude


[0 Points] sheeproadreloaded2:

That wallet there that you've identified is quite smallon the sheepmarketplace scale.

Follow the largets chunkof the top arrow to right, about 10 times, and you end up here:-

https://blockchain.info/address/1KozY3dMTYs5tCUb6DHPngP9FfdiEcJrVt

Themoney then moves to a next dooe wallet

https://blockchain.info/address/18eW5diQ6R32XnwFKTHXfg7NbPBWk6aMJi

where it is being spend in the sort of dribs & drabs transactions typical of a local bitcoins trader account

assuming these wallets are connected without me working back, if you can purchaes a coin from that wallet,the seller will have to supply their direct debit bank details

The dates check out if you look at a graph, but the munbers are quite small

https://blockchain.info/charts/received-per-day?address=18eW5diQ6R32XnwFKTHXfg7NbPBWk6aMJi