More and more people are beginning to use cryptocurrency, such as Bitcoin, and more businesses are beginning to accept it. The growing popularity, however, means thieves are also increasingly interested in stealing it.
Cryptocurrency is a digital currency. There is nothing physical—no coins or dollar bills—and it is generated (“mined”) by computers performing complex mathematical calculations. Bitcoin is perhaps the most well-known digital currency currently available, but there are plenty of others, including dogecoin, mazacoin, megacoin, and even solarcoin.
The value of the various cryptocurrencies fluctuates, but for the past few months, Bitcoin’s value has been steadily increasing. This has led many people to think that it can be a viable alternative currency to the almighty Dollar, Euro, and others. It’s a natural progression. More publicity leads to more people buying Bitcoin, which means more businesses agree to accept the cryptocurrency, and the thieves decide the digital currency is valuable enough to steal. It’s important to protect your Bitcoin, because it’s like cash—once stolen, it’s impossible to get it back or to figure out who took it in the first place.
Security Concerns with Bitcoin
There are already more than 100 unique malware families that have cryptocurrency-stealing capabilities, according to a recent Dell SecureWorks study. This list includes malware specifically designed to target digital currency, as well as existing malware that have been modified with new currency-specific functionality. The scary part about this report is the fact that most cryptocurrency-stealing malware is not overly sophisticated and can be developed by “script kiddies,” or anyone with rudimentary programming skills.
For example, if the Trojan is already designed to steal credentials from online banking sites, it isn’t very difficult to modify its capabilities so that it can also intercept credentials from user Bitcoin wallets or from digital currency exchanges. The malware monitors user activity and starts logging keystrokes only when the user tries to access the cloud-based wallet or to log in to the exchange website to send and receive Bitcoins. The credentials are intercepted and sent to the attacker, who can then use the login information to empty the accounts.
It’s also not difficult for criminals to just buy malware kits off underground forums, which can be used to steal Bitcoin.
Keeping Your Bitcoins Secure
The most common type of cryptocurrency-stealing malware is the one targeting user wallets stored on the computer. The malware searches for the “wallet.dat” file or other commonly used filenames and directories on the computer. The malware then uploads the entire wallet to a remote server so that the attacker can extract the key and transfer the funds from the wallet to a different account. Once that money is gone, it can’t be traced back. This is why it’s so important to make sure the antivirus is updated on the computer regularly to detect malware infections, and to also be very careful about what you download from the Web.
The increase in Bitcoin—and other types of digital currency—usage means thieves will inevitably come sniffing, looking for an easy score. Consider that one of the biggest problems with online fraud is cashing out the stolen funds after they’ve been transferred out of user accounts. That is not the case with Bitcoin, since they are tied only to a certain email address. No names, no identifying information, and no way to trace where it went. As a result, users have to be vigilant about malware infections.
If you decide to invest in Bitcoin or other types of cryptocurrency, make sure to exercise good security hygiene. Be careful about what you download, keep your antivirus up-to-date, and watch out for phishing email scams trying to steal your wallet credentials. If you have a firewall or a similar security product installed, you can block the malware from phoning home or trying to transfer out wallet files to a remote server. Protect your email accounts and select strong passwords for your exchange account and for the wallet so that attackers can’t just brute-force their way in.
Eventually Bitcoin and crypto-currency theft could be more profitable than conventional credit card and banking theft. But you can take steps to protect yourself.