Established after the first Silk Road was taken down, the Silk Road 2 relied on the same basic technology as the first site and attracted many of the same users. But Silk Road 2 wasn't vulnerable to the same CAPTCHA attack that gave away location of the first Silk Road's servers, so law enforcement needed more sophisticated tools to take it down. The Silk Road 2 was set up as a hidden service on Tor, so it was only accessible by routing through a network of complex and shifting relays. The court documents refer to a source that provided "reliable IP addresses" for Tor hidden services between January and July of 2014, leading them back to both the servers and 78 different people doing business on the site.

According to a Tor blog post, someone during that period was infiltrating the network by offering new relays, then altering the traffic subtly so as to weaken Tor's anonymity protections. By attacking the system from within, they were able to trace traffic across the network, effectively following the server traffic back to their home IP. In July, Tor noticed the bug and published an update to fix it — but for six months, certain hidden services were badly exposed, and the Silk Road 2 appears to have been one of them.

So who carried out the attack? Already, researchers are pointing to a Black Hat presentation this summer that promised to outline a similar attack, but was controversially cancelled at the last minute. The researchers, working for CMU's CERT Center described similar capabilities and performed their research over a nearly identical span of time: January to July of 2014. If the researchers were also helping the FBI investigate criminal activity on Tor, it would explain why law enforcement might not want their methods getting out to the community at large.