Mind Your Wallet: Why the Underworld Loves Bitcoin
By Jeremy Wagstaff, Reuters
Criminals may already have made off with up to $500 million worth of Bitcoin since the virtual currency launched in 2009 — and you can double that if it turns out they emptied Mt. Gox.
Internet criminals, security experts say, are attracted to Bitcoin because of its stratospheric rise in value, because it’s easier to steal than real money, and because it’s easier to trade with other criminal elements. But, they add, Bitcoin will survive the damage.
“It’s just growing pains,” says Keith Jarvis, a security researcher at Dell SecureWorks. “Bitcoin is large enough and has enough momentum behind it to survive any public relations damage from this (Mt. Gox) case or anything else.”
The fall of Mt. Gox, the Tokyo-based exchange that filed for bankruptcy last month after saying it lost some 850,000 bitcoins to hackers, is certainly the virtual currency’s biggest crisis.
But data collated by Reuters from specialist Bitcoin industry websites and Internet forums shows that more than 730,000 bitcoins were already missing to theft, hacking, cyber-ransom payments and other apparently criminal pursuits before Mt. Gox’s collapse. That’s nearly 6 percent of all bitcoins and doesn’t include dozens, possibly hundreds, of unreported cases of individuals who have lost bitcoins from their computers or online exchanges to hackers.
For sure, there’s no way of telling who has these missing bitcoins or whether they were converted to real money when the price was much lower. And of course some bitcoins may have been counted twice if criminals stole them from each other or if they were put back into circulation and stolen again.
But there’s no question that bitcoins have attracted the attention of cyber-criminals — as a currency and an asset worth stealing.
A study by Pat Litke and Joe Stewart of Dell SecureWorks showed that as the price of bitcoin soared beyond $1,000 last year, so did the number of viruses designed to steal bitcoins from wallets — programs that hold bitcoins on people’s computers or smartphones. Of the 140 types of such software, more than 100 appeared in the past year.
Writing such viruses, Stewart says, is easy. “There’s no sophistication involved in the storage of bitcoin in wallets. As for malware, it’s some of the easiest stuff to write.”
Indeed, this cyber pocket-picking wasn’t criminals’ first foray into bitcoins. Initially, they focused on using their control of large networks of infected computers — called botnets — to make their own bitcoins.
Bitcoins are created through a “mining” process where a computer’s resources are used to perform millions of calculations. For a while, says Kirill Levchenko, a researcher at the University of California, San Diego, criminals added malware to their botnets to turn infected computers into bitcoin miners.
This triggered predictions of doom for bitcoin — that the criminals would take over the mining of bitcoin through botnets and bring the whole currency crashing down. But as bitcoins become harder to mine — according to an algorithm that slows down their production the more people try to create them — this approach has proved less profitable.
In 2012 and 2013, says Danny Huang, another researcher at the University of California, San Diego, botnets earned at least 4,500 bitcoins, a relatively small sum compared with the total produced. “Few botnets are mining bitcoins now,” he says.