Categories: SecurityWorkspace

Baddies Bash Bountiful Bitcoins

This past week, the value of a Bitcoin crossed the $1,000 threshold — marking a new milestone for the virtual currency.

Bitcoins first emerged in 2009 as a decentralised form of money and,  its value rises, interest from hackers and criminals has also climbed.

There’s gold in them there Bitcoins

One of the most recent Bitcoin-related exploits is malware that installs itself on users’ PCs in order to “mine” new Bitcoins. The virtual currency is created through digital mining that leverages compute power to discover new blocks of Bitcoins. The Bitcoin-mining malware was reported by security firm Malwarebytes and is being installed on victims’ PCs by way of a malicious toolbar application.

Websites in the Bitcoin ecosystem have also been under recent attack. The bitcointalk.org community site was attacked this past week, with attackers gaining access to user names and passwords on the site.

The risk from such an attack is that the attackers can now potentially use those accounts to profit from Bitcoin activities. In a more direct attack, the European Bitcoin exchange BIPS (Bitcoin Internet Payment System) was breached last week, exploiting users of $1 million in Bitcoins.

While attackers are going after Bitcoin-related sites, there is an important distinction between the security of the Bitcoin network and the Bitcoin exchanges, Joe DeMesy, senior security analyst at Bishop Fox, said.

“The Bitcoin network is a network of computers that communicate using the Bitcoin protocol, allowing persons within the network to exchange and mine Bitcoin, whereas a Bitcoin exchange is just a ite that allows users to sell their existing Bitcoin in exchange for other currencies, such as US dollars,” DeMesy told eWEEK.

Bitcoin compromises

No one has ever found a critical vulnerability within the Bitcoin protocol itself that would allow a user within the Bitcoin network to fraudulently create coins or forge transactions, DeMesy said.

That said, there have been compromises of various Bitcoin exchanges throughout the virtual currency’s lifetime, and as the value of a Bitcoin increases, so does the risk in using exchanges.

“The design of these exchanges requires users to transfer their Bitcoins into an exchange, and if an attacker compromises the exchange, they can extract all the Bitcoins stored therein,” DeMesy said.

The other risk for users comes from the security of Bitcoin wallets, which is the technology that actually holds the Bitcoins that users have.

“We have observed several malware packages targeting Bitcoin users’ wallet.dat files,” Adam Meyers, vice president of intelligence at CrowdStrike, told eWEEK. “Losing your wallet.dat file is like losing your actual wallet stuffed with cash—if it’s gone, you likely won’t see that money ever again.”

Bitcoin wallets can be stored locally on a user’s hard drive (and potentially lost if that drive is thrown out), but they can also be stored in the cloud with a service provider, which presents another set of risks.

The fact that Bitcoins could be stored on Web services, associating them with cryptographically generated addresses, exposes them to the common threat vectors in the application layer, Bala Venkat, chief marketing officer at application security company Cenzic, told eWEEK.

“Hackers can easily exploit the vulnerabilities via SQL injection, XSS [cross-site scripting], etc. and retool these vectors to steal Bitcoins from Web services and online wallet services,” Venkat said.

The other risk to users with Bitcoin wallets is that unlike credit card transactions, Bitcoin payments are not reversable by a central authority like a bank or a credit card issuer.

Only the person receiving the funds can refund the Bitcoin transactions, Venkat said. “This means one should take extra care to do business with people and organizations that they trust,” Venkat said.

The fact that there is no central governing body that oversees Bitcoin transactions or sets any security standards regarding how, where or for what the virtual currency is used is seen as a cause for concern by Devin Krugly, vice president of marketing and business development at AccessData.

“Nearly anyone with a minimal set of IT experience can set up a Bitcoin-mining and -transaction site, so novices can easily be hacked,” Krugly told eWEEK.

Ultimately, as is the case with real hard currency, it is the responsibility of Bitcoin users to protect their own Bitcoins.

“If you don’t have a backup plan for your wallet, or if the location of your wallets or your passwords is not known by anyone when you are gone, there is no hope that your funds will ever be recovered,” Krugly said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

What do you know about Bitcoin? Take our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

View Comments

  • CryptoCafe is going to be big in the world of Bitcoin, be sure to sign up for the big release announcement. The website is owned by a public company called Myriad Interactive, the stock symbol is MYRY and its predicted to be very big!

    Myriad Interactive Media Begins Development of Bitcoin Platform CryptoCafe.com

    For more information and to read disclaimers and disclosures: http://finance.yahoo.com/q?s=myry

    Thanks !

  • Ultimately, the only reason both of these coins have so much acceptance right now is due to exchanges that support them, and name recognition.
    The block forming part of a longer chain is taken to be the authentic one.
    Transaction fees can be charged depending on the service provider you choose.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago