Please enable Javascript

Javascript needs to be enabled in your browser to use Yahoo Tech.

Here’s how to turn it on:

Mind Your Wallet: Why the Underworld Loves Bitcoin

Mind Your Wallet: Why the Underworld Loves Bitcoin

By Jeremy Wagstaff, Reuters

Criminals may already have made off with up to $500 million worth of Bitcoin since the virtual currency launched in 2009 — and you can double that if it turns out they emptied Mt. Gox.

Internet criminals, security experts say, are attracted to Bitcoin because of its stratospheric rise in value, because it’s easier to steal than real money, and because it’s easier to trade with other criminal elements. But, they add, Bitcoin will survive the damage.

“It’s just growing pains,” says Keith Jarvis, a security researcher at Dell SecureWorks. “Bitcoin is large enough and has enough momentum behind it to survive any public relations damage from this (Mt. Gox) case or anything else.”

The fall of Mt. Gox, the Tokyo-based exchange that filed for bankruptcy last month after saying it lost some 850,000 bitcoins to hackers, is certainly the virtual currency’s biggest crisis.

But data collated by Reuters from specialist Bitcoin industry websites and Internet forums shows that more than 730,000 bitcoins were already missing to theft, hacking, cyber-ransom payments and other apparently criminal pursuits before Mt. Gox’s collapse. That’s nearly 6 percent of all bitcoins and doesn’t include dozens, possibly hundreds, of unreported cases of individuals who have lost bitcoins from their computers or online exchanges to hackers.

For sure, there’s no way of telling who has these missing bitcoins or whether they were converted to real money when the price was much lower. And of course some bitcoins may have been counted twice if criminals stole them from each other or if they were put back into circulation and stolen again.

But there’s no question that bitcoins have attracted the attention of cyber-criminals — as a currency and an asset worth stealing.

Beware malware
A study by Pat Litke and Joe Stewart of Dell SecureWorks showed that as the price of bitcoin soared beyond $1,000 last year, so did the number of viruses designed to steal bitcoins from wallets — programs that hold bitcoins on people’s computers or smartphones. Of the 140 types of such software, more than 100 appeared in the past year.

Writing such viruses, Stewart says, is easy. “There’s no sophistication involved in the storage of bitcoin in wallets. As for malware, it’s some of the easiest stuff to write.”

Indeed, this cyber pocket-picking wasn’t criminals’ first foray into bitcoins. Initially, they focused on using their control of large networks of infected computers — called botnets — to make their own bitcoins.

Bitcoins are created through a “mining” process where a computer’s resources are used to perform millions of calculations. For a while, says Kirill Levchenko, a researcher at the University of California, San Diego, criminals added malware to their botnets to turn infected computers into bitcoin miners.

This triggered predictions of doom for bitcoin — that the criminals would take over the mining of bitcoin through botnets and bring the whole currency crashing down. But as bitcoins become harder to mine — according to an algorithm that slows down their production the more people try to create them — this approach has proved less profitable.

In 2012 and 2013, says Danny Huang, another researcher at the University of California, San Diego, botnets earned at least 4,500 bitcoins, a relatively small sum compared with the total produced. “Few botnets are mining bitcoins now,” he says.

Instead, criminals have turned to stealing them from wallets or, more lucratively, from exchanges.

According to data compiled last year by academics Tyler Moore and Nicolas Christin, of 40 exchanges tracked, 18 had closed, with customer balances wiped out in many cases — not always, they point out, due to fraud. Since then, according to public reports, more than a dozen others have been hacked.

Currency of thieves
Cyber-criminals have also made use of the ease with which bitcoins can be traded without any third party — such as a bank or an online payments service like PayPal — to use it as at least one way of paying for services among themselves.

“Bitcoin made it much easier for them, because they have to trust each other even less. Even complete strangers can cooperate,” said Juraj Bednár, a Bitcoin security expert in Slovakia.

But while Bitcoin has its advantages, it’s not a perfect tool for the bad guys.

Take, for example, ransomware. Viruses that encrypt data and then demand payment for a key to unlock it have become increasingly sophisticated, says Dell SecureWorks’ Jarvis.

The most successful: CryptoLocker, which Jarvis believes is run by a Russian-speaking gang who are also behind a botnet called Gameover Zeus that targets financial websites.

Bitcoin often appears on CryptoLocker as an option for victims to pay up. Its appeal, Bednár says, lies in the fact that it needs no third party for the transaction to work.

But there have been problems. For one thing, the type of person to be infected by a virus wasn’t likely to be the type who is technologically savvy enough to be familiar with Bitcoin. Also, as Bitcoin rose in value, it became a more expensive option for the victim, forcing the criminals to lower their ransom demands to match prevailing exchange rates.

Tracing transactions
Then there’s Bitcoin’s transparency. All transactions are visible, and while they’re just digits and letters, in theory they could be connected to an individual and the entire history of all the bitcoins’ transactions traced.

Italian computer engineer Michele Spagnuolo, for example, was able to trace a number of ransom payments for CryptoLocker. The gains have been impressive: He and academics from Politecnico di Milano speculate that up to 6,757 bitcoins — then worth around $6 million — could be linked to those behind CryptoLocker late last year. That estimate of their total takings, he says, could be very conservative.

But the fact that such payments can be traced would raise a red flag for cyber-criminals, says Daniel Cohen of RSA, the security division of EMC, even though there are online services that can “launder” bitcoins to hide their origin. “Sure, there are Bitcoin laundering services, but still if I tie a wallet to an identity I can see every single movement,” he said.

And, ironically, the success that some criminals have had in stealing bitcoins has made them less appealing to the underworld. RSA’s Cohen says his team monitoring underground forums has noticed that criminals lately see Bitcoin as “volatile, seizable and, with the recent thefts, unsafe.”

Fixes needed
That’s not to say Bitcoin is out of the woods.

While the protocols underlying Bitcoin have proved themselves to work, the weak links have been the software containing the wallets, whether on exchanges or on individuals’ computers.

“The attacks on the exchanges did not in themselves indicate any particular weakness of Bitcoin per se, but rather exploiting vulnerabilities within the exchanges,” says Raj Samani of Intel’s Internet security company McAfee.

Such holes are being addressed, says Dell SecureWorks’ Stewart, pointing to such innovations as hardware wallets to replace software ones. “We’re just going to have to get into that mode of thinking,” he says.

For now, Bitcoin remains a vulnerable target.

That was illustrated when hackers breached Mt. Gox’s servers and its owner’s blog this week to post files purporting to be Mt. Gox’s transactions in Bitcoin stretching back to 2011.

Amid the files lurked another surprise awaiting the unwary: a Bitcoin-stealing virus.

(Editing by Ian Geoghegan)