When people are introduced to Silk Road, one of their earliest instincts is to articulate a few obvious methods by which law enforcers could potentially subvert the community or stability of the site. The feasibility of the attacks usually falls apart given meticulous scrutiny. Most often the techniques rely on social engineering, but occasionally technical attacks are suggested. The technical approaches can be mitigated in the conventional ways and the fortification of web servers has been described in great volume elsewhere, so we will focus on the most commonly suggested social engineering attack.
The social engineering scenario most often contrived involves a government (in practice it is almost always the US government) making thousands of vendor and customer accounts, buying things from themselves, and leaving very positive reviews. When real customers buy from these apparently well established merchants government agents arrest them. The real impact here is not the arrests, but the destruction of confidence in merchants. How can you know who is or is not a government sockpuppet if the majority of the well established vendors may very well be honeypots? The elephant in the room for those familiar with Silk Road’s merchant system is that vendor accounts cost over 500 dollars each, and even that is subject to increase if administrators feel the barrier to entry is too low to stop fakes. Let’s take a quick look at the economics at play here.
Let V be the price of a single vendor account, let G be the number of vendor accounts the government will buy, and let P be the price. Basic arithmetic shows that V * G = P. This means that if the government wants to poison the well with 5000 accounts, and each account is $500, the price just to start out will be $2,500,000. Keep in mind that the price is liable to increase once the administrators feel threatened, and the attackers would need to continuously buy new accounts for each sockpuppet they use to make an arrest.
Another problem with this technique is the administrators would be able to see which accounts are interacting with each other, and it would be possible to figure out which accounts were not buying and selling outside of the government bubble. Thus, this would be an extremely expensive operation and even an organization that had the money could be easily stopped by diligent administrators.