skip to Main Content

Nearly $1B from Silk Road Move for First Time Since 2015

UPDATE: According to a November 5 US Department of Justice complaint, the 69000+ BTC (and the BCH, BSV, and BTG equivalents) that were moved earlier this week were in fact seized by the US DOJ. The complaint adds that the individual that moved the funds (Individual X) was able to hack into Silk Road back in 2013. Silk Road founder Ross Ulbricht was quickly able to identify Individual X’s online identity. Despite threats from the dark market’s creator, the funds were never returned and remained mostly unspent to this day. The identity of Individual X was likely already known to investigators through their initial investigation into the Silk Road. On November 3, 2020, Individual X signed a Consent and Agreement to Forfeiture with the US Attorney’s Office in the Northern District of California, forfeiting the property to the United States government.


On November 3, more than 69,370 BTC originating from the Silk Road—one of the first darknet markets—moved for the first time since April 2015 via the following two transactions:

0d13a52e3b640d05cdf31b41f335b327f126cb79d9eec1e2bc46556ef30a0b57

3f036ff88bb851b57a1e28780dbce35a6457a8b57995c095b55b3b0cf48ba9fd

BTC address 1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx transferred its entire balance to address bc1qa5wkgaew2dkv56kfvj49j0av5nml45x9ek9hz6 via 2 separate transactions. 1 BTC was sent in the first transaction while the remaining 69,369+ BTC was sent shortly after. The initial transaction was most likely sent as a test transaction to ensure that the BTC wasn’t accidentally sent to a wrong address. This action is typically seen when moving large amounts of cryptocurrencies to new addresses.

It appears that this transaction was most likely conducted to switch between address formats. The former address is a Legacy/P2PKH address while the new address is a Bech32/P2WPKH address. Legacy addresses—the original Bitcoin address format—start with a ‘1’ while Bech32 addresses—the native segwit address format—start with bc1q. Bech32 addresses are more efficient with block space, which allow BTC blocks to hold more transactions. Additionally, Bech32 addresses are composed of numbers and only lower-case letters so there is less room for error than prior address formats. Around 5% of BTC is currently held in Bech32 addresses.

Since 1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx held BTC prior to the Bitcoin Cash and Bitcoin SV hard forks (among others), the address owner would also have access to the coins associated with the hard forks. Evidently, around the same time all of the BCH at this address was moved to qqrkjml7h3ymnc7ydd9m5r9s9hnqectmluwpxezd9a via TX 8e0d6a7f4a2fb523972febdb47845585aa94dbf3252b4432e9fad8d0b5037ac1. Additionally, all of the BSV was moved to 1F884r9J2WKbu8wekebqqRcu1Bw1jiRXba via TX 5ff9c81c00bca688cc5c8713f3e38fd1f2a0a85a86de96f4afd096fdc1583fbc. Both of the addresses that the BCH and BSV were sent to had no transactions prior to today.

While it is most probable that these transactions were made to stay up to date with the Bitcoin network, there is also some speculation that the wallet could have been cracked by hackers. These movements could possibly mean that the wallet owner is moving funds to new addresses to prevent hackers from accessing the wallet.dat file or that hackers have already cracked the file.

CipherTrace is monitoring the addresses for additional movement.

Back To Top