A primer on Bitcoin risks and threats

Bitcoin is a digital currency whose creation and transfer is based on an open source cryptographic protocol. There are many benefits to using it (no transaction fees, anonymous payments, etc.), but there are also risks involved.

The first Bitcoins were created in 2009, and their initial value was set by individuals. Since then, a lot of people, organizations and businesses have expressed interest in the currency and have begun “mining” and using it.

The value / price of Bitcoins has risen greatly over the years and in 2013 especially, attracting speculators and criminals. The question is: if you create / buy / use Bitcoins, what can go wrong?

The biggest danger comes from malware.

Most people keep them in their digital wallets, and malware such as the Infostealer.Coinbit are able to search the infected computer for the Bitcoin wallet.dat file and send it to the criminal(s). This can be prevented by encrypting your wallet with a strong password so that criminals can’t brute-force it open.

Malware that uses the victim’s computer’s CPU and other resources to mine new Bitcoins is a danger both to those that use the currency and those who don’t and have no idea what it is.

The victims often do not get robbed of the Bitcoins they might own, but they get stuck with massive electricity bills and their computers work overtime, which increases the chances of them braking down.

Also, the speed with which the affected computers process other tasks given to them by their legitimate users slows down, affecting the work for which they are paid or they do in their spare time.

Finally, the Bitcoin-mining is often only one of the things that a particular piece of malware is able to do (see the ZeroAccess Trojan), which creates additional risks for the users.

And if you thought that Mac users are safe from such malware, the DevilRobber Trojan will prove you wrong.

Also, if you believe that being careful what you download online will keep your computer safe from software that will harness its resources to create Bitcoins, you have only to read about the latest discovery of Bitcoin-mining code in a popular gaming client, courtesy of a greedy insider in the E-Sports Entertainment Association.

Online Bitcoin exchanges have recently been plagued with strong DDoS attacks and breaches.

Mt.Gox, the world’s largest one, has been downed a little over a week ago by a strong DDoS attack. Even through it was quickly brought online again, the disruptions affected its overall functioning for a while and transactions were suspended. All this influenced the price of Bitcoins, and it is believed that the attackers might have profited (and users lost) from the unexpected up and down swings.

Bitcoin exchange service BitInstant has suffered a breach in March that resulted in the loss of nearly $12,500 in Bitcoins. I’m sure that its users were not affected by the loss, but they might have been if the attackers managed to steal bigger amounts.

Let me end all this by pointing you towards an overview of the functioning of a very successful Bitcoin-mining botnet that went undiscovered for more than six months, and whose use of Tor for internal communication and the use of Hidden Services for protecting the backend infrastructure has made it practically impervious to takedowns. I’m sure it’s not the last one.

More about

Don't miss