Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7 Reasons Why Bitcoin Attacks Will Continue

Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.

Bitcoins: Currency of the future, or perpetual plaything of Ponzi-schemers and money launderers?

Regardless of your views on the virtual currency or value system, just like dollars -- physical or electronic -- the cryptographic currency can be used for honest and dishonest dealings alike. But by using bitcoins, people expose themselves to additional information security risks. For starters, that's because the skyrocketing value of a bitcoin has driven criminals to hunt for, and exploit, any and every related weakness they can find. Furthermore, when it comes to the infrastructure supporting bitcoins, weaknesses abound.

With that in mind, here are seven reasons why the increasing volume of bitcoin-targeting attacks won't stop.

1. Cybercrime follows the money
Criminals aren't just tapping bitcoins to disguise or launder illegal transactions. They're also trying to steal bitcoins themselves, which by virtue of being a cryptographic currency are incredibly difficult to trace. Also, with the value of a bitcoin at times reaching $1,200, cybercriminals who pull off even a small heist may net a million-dollar payday. "How can they ignore so much value?" said Etay Maor, a cybercrime expert who works for IBM's Trusteer, speaking by phone.

[Want to learn more about bitcoin heists? See Bitcoin Thefts Surge, DDoS Hackers Take Millions.]

2. Bitcoin infrastructure: still in its infancy
When it comes to protecting bitcoin transactions, however, consider what happens when you go online with an FDIC-certified bank: For starters, most banks have deployed an array of defenses against online attackers, including anti-phishing software and adaptive authentication checks. Attackers can be further foiled by using one-time approval codes sent via SMS, or providing customers with a key fob that generates a secure authentication code, either of which can be required before money transfers or other high-risk activities are allowed to proceed. Finally, all of those processes are backed by fraud detection departments and systems that can automatically freeze accounts at the first sign of any suspicious activity.

Now, how many bitcoin exchanges or payment providers offer similar levels of information security? "They're not like these banking websites that have been around for 10 years and have experienced multiple attacks. So they make a better target," said Trusteer's Maor.

He added as a disclaimer that he hasn't personally reviewed the security of any bitcoin sites. "So I don't want to say they're not secure -- because I haven't checked out their security. But they're less experienced," he said. "And yet, they're still handling millions if not billions in money." Is it any surprise they're being targeted by attackers trying to exploit any vulnerability they can find in those sites to make a quick and untraceable buck?

3. Banking malware adaptable to bitcoins
People who store bitcoins on their PCs have already been targeted by malware that scans for bitcoin files, then copies them for the attackers. Targeting bitcoin exchange users turns out to be a relatively simple exercise, at least for existing crimeware toolkit builders and by extension their customers.

Take the Gameover malware, which is a Zeus variant designed to target banks. "I don't want to give the bad guys credit, but it's one of the better versions of Zeus," Maor said. One feature of the malware is that, on any system it's infected, it waits for a user to connect to a designated banking website, then steals their login credentials and relays them to attackers.

About three weeks ago, however, a new version of Gameover debuted that also began watching for anyone who connected to Shanghai-based BTC China Exchange, which handles 40% of the world's bitcoin transactions. BTC China does employ one-time codes to verify transactions. Accordingly, the malware will hide any attacker-made transactions -- using HTML injection -- and, in a social engineering attack, tell the user that they should input the one-time code they're about to receive as a security check. If they do, the malware siphons off their holdings.

Technically speaking, adapting Gameover to steal bitcoins required only a minor upgrade. "It's simply adding a new target to the long list of targets that it has," Maor said. "Everyone knows banking applications and services are targeted, but they should know that these bitcoin services are a target too."

4. Bitcoin exchanges are like banks -- in the Wild West
As the Gameover variant suggests, anyone buying or selling bitcoins is signing up for a set of risks that go beyond the fluctuating value of their currency, starting with ones from the very organizations that they rely on to handle the currency. "It really is a modern-day bank on the frontier, the old Western bank," said Carl Herberger, VP of security solutions at Radware, speaking by phone.

Unlike a modern-day Wells Fargo, bitcoin depositors must worry not only if their funds will be stored securely, but also if their banker is really a banker. For example, the China-based bitcoin exchange GBL, which launched in May, shut without warning in October, when whoever was running the site absconded with almost 1,000 of people's bitcoins, which were worth about $4.1 million.

The same month as that scam, two separate attacks against Australia-based Inputs.io resulted in the theft of all 4,100 bitcoins -- worth about $1.3 million -- being held by the web wallet service, which had advertised itself as being a "free and secure bitcoin wallet for everyone." Likewise, in November, hackers used a distributed denial-of-service (DDoS) attack to disguise a heist of 1,285 bitcoins -- worth almost $1 million -- from an e-wallet service offered by Denmark-based processing provider Bitcoin Internet Payment System (BIPS).

Needless to say, those e-wallet heists lead security experts to warn users against storing any bitcoins online.

5. Spammers can target bitcoins too
Criminals have also been targeting bitcoin users via spam attacks and bogus websites. For example, Kenny MacDermid, a security research analyst with Arbor Networks' ASERT team, recently said he'd received three copies -- in a single day -- of spam from bitcoin-alarm.net. The site offers instructional videos, as well as a free, downloadable Windows executable called BitcoinAlarm.exe, which purports to tell users when the value of bitcoins fluctuates.

Is the application legitimate? In fact, MacDermid's scans of the executable found that it will install a script on the system that first checks to see if antivirus applications are running, which is never a good sign. "A scan of the rest of the file contains other interesting methods like 'disable_uac,' 'anti_hook,' 'persistence,' 'botkiller,' 'downloader,' 'disable_syste_restore,'" MacDermid said in a blog post.

Digging a bit deeper, another file dropped by the installer is a remote-access Trojan called NetWiredRC, which is used to steal login information, and "likely in this case being used to steal bitcoins," MacDermid said. In case you had any doubts, the Trojan also connects to "bitcoins.dd-dns.de." As of Thursday, 23 out of 49 virus engines flagged Bitcoin Alarm as malicious. But last week, it was only being flagged by Kaspersky Lab.


Recommended Reading:

1 of 2
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
12/19/2013 | 10:22:28 PM
Other attacks
Other attacks include infiltrating accounts and setting up/getting API keys.  These keys allow the normal login to be circumvented and they are used for such things as automated trading programs.

One attack/spam attampt is to register an address at blockchain.info and link that address to a web site.  Then send out very small amounts of Bitcoin.  If the user checks blockchain.info to see what the transaction is they may click on the link.

If someone says to send your Bitcoins to a Bitcoin "doubler" that runs some kind of special algorithm that doubles your balance ... don't do it!
User Rank: Apprentice
12/21/2013 | 3:04:36 PM
Play with fire - you might get burned.
As far as I can tell, the main purpose of Bitcoin is for someone to hide whatever he or she is doing from governments, and especially the tax authorities. Since there is no honor among thieves, it's quite possible that, outside the protection of the law and the scrutiny of the banks, that person will become a victim rather than a successful tax evader. "As ye sow, so shall ye reap."
User Rank: Strategist
12/21/2013 | 3:47:41 PM
It's not about government taxes; it's about government, per se.

I'm pretty sure very few people go to all the trouble of bitcoin just to avoid sales tax. Very few "normal" items are buyable in bitcoin anyway. And no one who makes a million dollars a year and gets taxed for it keeps it in bitcoin. The real reason it's popular:

People use bitcoin to buy harmless things that the 21st-century, NSA-infested American  government doesn't want you to have.

Our society has become more and more repressive, thanks to Liberals winning the culture war of the 60's. I'm so Liberal I'm probably a communist, but that's no excuse for jack-booting other people.

Just one example: Women's lib started out with outrage against guys beating up their wives and telling the judge "Aww, I was just drunk." Also, there were asymmetric laws favoring men. But it didn't stop when we ended those. Soon, they redefined "rape" to include all kinds of non-coersive, fun things.  Google the guy who got fired for telling a Seinfeld joke from TV. 

Now, guys are terrified to compliment us at work. That's horrible. The "n-word" is another example. Saying it used to just mean that you're ignorant and stupid. Now it's a "hate crime". Gambling is another example, and there are plenty more.

We have met the new boss, same as the old boss, and he is us.

People use bitcoin for gambling because the government won't let them use Visa. Guys use bitcoin to buy porn that's legal everywhere but the US—pictures in which the "victims" obviously enjoy their job. In every country in Europe, the age of consent is 16 or less, and most are 14 or 13.  Yes, really: http://tinyurl.com/euroconsent

People use bitcoin to buy weed which is legal in 3 states and that never should have been illegal in the first place. They also buy medicine that the drug companies are allowed to charge $15/pill for and (in my case) Adderall for ADD that I'd otherwise have to pay a shrink $120 a visit for plus an outrageous price at the pharmacy.

Until people demand that the government stops spying on us, stops taking bribes from big business, and stops putting people in Security Prison for "crimes" without any victim,  people will continue to use bitcoin.

But it's not about sales tax. Just as in many other countries, it's about technology making us free from government gone mad.

User Rank: Ninja
12/30/2013 | 4:26:34 PM
Re: It's not about government taxes; it's about government, per se.
I agreed with you right up til you equated rape with getting complimented at work. These two things are not even in the same universe of comparisons, and, for you to attempt to do so is an insult in addition to the injury on the person of anyone who has ever been sexually molested and attacked.
noah body
noah body,
User Rank: Apprentice
12/30/2013 | 10:02:22 PM
Well, I guess I ought to reply to that because it's so mean

Look,  I only came here to read the latest news about our industry.  But you dragged the conversation off a technical topic because you're mad at me. I couldn't care less, because I'm autistic, but eventually you'll blame ME for making this personal. And I don't want that. My only post for this article was about bitcoins use. That is, until now, after you changed the subject to rape and my opinion of it.  I wish I could just S T F U and let you malign me and misrepresent something I said.  But I can't.  I don't actually know why, but it has something to do with integrity.

Everybody has a right to their opinions without being hated for them.  You can only judge what people do, not how they feel about something. So don't blame ME for YOUR anger at my opinions. This post is intended as a shotgun blast to give the lie to your unfair assertions. It's also to end this conversation about my attitudes concerning rape, which you started. So don't raise hell and get all offended when that's exactly what this is.

...or I'll spank you in public agan.

[sigh...] Okay, you're probably referring to this:

"Women's lib gone mad redefined "rape" to include all kinds of non-coercive, fun things."

Read my post again, inattentive angry guy.  How is that equating genuine forcible rape with a simple compliment?

That's not a rhetorical question, Poindexter.

Also, you chastise me for my supposed opinion of rape victims, which you deem not sufficiently reverent:

"These two things are not even in the same universe of comparisons, and for you to attempt to do so is an insult in addition to the injury on the person of anyone who has ever been sexually molested and attacked."

WELL, since you inappropriately brought up my attitude about this inappropriate topic, I 'll say right now that I do NOT think that a compliment at work is the same as rape.

Meaningless compliments are nowhere NEAR as exciting as being raped against your will by a complete stranger.

Well, at least, *I* liked it.  And so did the 40% of women who orgasm during stranger rape. Judging from my experience, the other 60% almost did, but the man finished first.

Here, see for yourself in an academic article by a female scientist (Journal of Clinical Forensic Medicine vol. 11, p. 82).

Or you can just read this, by a (female) rape crisis therapist:

The basic concept of experiencing orgasm during rape is a confusing and difficult one for many people, both survivors and those connected to survivors.

There are people who do not believe it's possible for a woman or man to achieve orgasm during rape or other kinds of violent sexual assault. Some believe having an orgasm under these circumstances means that it wasn't a "real" rape or the woman/man "wanted" it.

I've assisted more young women than I can count with this very issue. It often comes up at some point during therapy and it's extremely embarrassing or shameful to talk about. However once it's out in the open, the survivor can look at her/his reaction honestly and begin to heal. The shame and guilt around it is a large part of why some rapes go unreported and why there is a need for better understanding in society for how and why this occurs.

There have been very few studies on orgasm during rape, but the research so far shows numbers from 10% to over 50% having this experience. In my experience as a therapist, it has been somewhat less than half of the girls/women I've worked with.

[ Which is around 40%, just what the journal article says ]

In professional discussions, colleagues report similar numbers. Therapists don't usually talk about this publicly as they fear contributing to the idea of victims "enjoying rape." It's also a reason why there isn't more research done on this and similar topics. My belief is that as difficult a topic as this is, if we can address it directly and remove the shame and stigma, then a lot more healing can happen.


As for me, I was unimaginably shy in 2001 when it happened. Pathological. I only spoke in a whisper and never looked at anybody. Then IT happened. I was raped for two days by a sadistic stranger who was overflowing with the "sexual anger." Some of things he made me endure would almost certainly match the definition of "torture." He let me go after two continuous, nonstop days of this: when he was sleeping, I was still being hurt. He knew damn well that I wouldn't call the police about something I discovered I crave.

But even though I was tied down, unable to move even a little, and crying the whole time, it was a necessary and wonderful epiphany, like a religious revelation. A truth I had run away and hid from was forced into me. Now I'm an outspoken smartmouth smartass, and I'm not scared of anyone or anything, ever.

There's a whole lot more to it than that, but it basically had to do with remembering a horrible, wonderful  truth I( had always suppressed: that I'm not just a systems programmer, I'm also a female animal that exists for a single reason: to be brutally mated and die.

Here, read all the details.

Writing that was cathartic. It let me see the Big Picture. You'll be furious at me for such a shameful, depraved narrative, even though it's just a description of the bad things a man did to me one weekend.

...Well, you'll be furious at me right after you put the hand lotion away.

Though the things he did were more unimaginably painful than I thought was possible to feel, it was also intensely pleasurable at a deep level I didn't even know existed in me. It was a beautiful, transformative experience that changed my life which I will never, EVER do again.  But the truth made me free: I'm now a sex slave for a group house where I have to be naked all the time. A girl I knew in college llets me live here for free. Pix on my blog.

For 10 years I've posted stuff there specifically to spread the Good News for all-too modern man: you too can be a serial rapist—it's not just for stupid people anymore.

We hate in others what we fear in ourselves:

"These two things are not even in the same universe of comparisons, and, for you to attempt to do so is an insult in addition to the injury on the person of anyone who has ever been sexually molested and attacked."

Right. I feel ashamed of myself and intimidated. I'll probably make hari kari to attone for my sin of liking rape and daring to say that at least 40% of the other "victims" do, too.

Now then, geek, will you continue trying to intimidate me and double down on your angry, wrong beliefs? Or will you come to your senses and discontinue this unfortunate, off-topic conversation by not replying to this?

I pray for the latter, so we can go back to discussing Bitcoins.


-faye kane ♀ girl brain ♀ My blog


User Rank: Ninja
12/30/2013 | 4:12:55 PM
Welcome to the jungle
Bitcoin is a viable alternative to the central banking cartel, but unless and until an established marketplace such as eBay gets on board with it, it will continue to be the wild, wild west den of thieves it currently is.
User Rank: Apprentice
1/3/2014 | 10:55:44 AM
Bitcoin DDoS attacks
Every operator of a Bitcoin mining pool should protect his business as well as his users from cyber criminals by using a proper DDoS protection (read: http://www.r00t-services.net/announcements/8/Bitcoin-Mining-Pools-and-DDoS-Attacks.html) to avoid all those problems.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...