OK, so this is very interesting:
| The court documents refer to a source that provided "reliable
| IP addresses" for Tor hidden services between January and July
| of 2014, leading them back to both the servers and 78 different
| people doing business on the site.
|
| According to a Tor blog post, someone during that period was
| infiltrating the network by offering new relays, then altering
| the traffic subtly so as to weaken Tor's anonymity protections.
| By attacking the system from within, they were able to trace
| traffic across the network, effectively following the server
| traffic back to their home IP. In July, Tor noticed the bug and
| published an update to fix it â but for six months, certain
| hidden services were badly exposed, and the Silk Road 2 appears
| to have been one of them.
|
|| OK, almost certain: CERT Tor deanon attack was FBI source:
|| https://t.co/JKwWD2E3VK SR2 server, 78 vendor IPs, Jan-July 2014
|| â Nicholas Weaver (@ncweaver) January 21, 2015
|
| So who carried out the attack? Already, researchers are pointing
| to a Black Hat presentation this summer that promised to outline
| a similar attack, but was controversially cancelled at the last
| minute. The researchers, working for CMU's CERT Center described
| similar capabilities and performed their research over a nearly
| identical span of time: January to July of 2014. If the
| researchers were also helping the FBI investigate criminal
| activity on Tor, it would explain why law enforcement might
| not want their methods getting out to the community at large.
https://www.theverge.com/2015/1/21/7867471/fbi-found-silk-road-2-tor-anonymity-hack