The FBI gathered information from January to July 2014 that resulted in identifying at least 17 other black markets through the same network, according to an affidavit for search warrant filed in King County Superior Court on Jan. 7.
The IP address for Bellevue resident Brian Farrell was found to have been used to access the vendor portal for SR2, according to the affidavit, prompting Homeland Security to begin surveillance on his home from early August to late December.
http://www.bellevuereporter.com/news/288854101.html
EDIT: During investigation it was found out that Brian Farrell went under the name DoctorClu - one of SR2's site admins. More info and discussion here:
This is not the first time we hear that LE was able to track down people accessing SR2 during those specific months:
- A weed vendor couple was arrested in California after the FBI tracked down their IP address for using SR2:
Investigators said they began to suspect the couple after discovering an Internet Protocol address was accessing the Silk Road 2.0 site
http://www.sfgate.com/crime/article/NorCal-couple-ensnared-in-dark-Web-drug-site-5907946.php
- An anonymous user on Evo forums claimed to have been questioned by DHS after they found his old IP address was accessing SR2:
recently i was visted by US homeland security, the day before the visit i received a call on my phone from a "special agent" saying that they had a list of questions for me, the agent said i "wasnt in trouble" but they needed to meet with me ASAP. [...] when they came, they told me they had my IP address accessing SR2 in july of 2014... WTF?!
http://i25c62nvu4cgeqyz.onion/viewtopic.php?id=34048
Another user in this same thread joins to say he was also questioned by DHS.
Coincidentally (or not), the Tor project detected a group of relays that were trying to deanonymize users from Jan/14 until they were removed in Jul/14:
The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
They speculate that this surveillance could have been based on the same technical flaw(s) that were part of a cancelled Black Hat 2014 talk by CMU researchers, titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget"
[deleted]