The cyber attack yesterday which closed Mt.Gox, the heretowith largest bitcoin exchange, has realised some of the concerns felt by Compliance and AML specialists. What will you tell clients who lose their funds via cyber-theft? While Mt.Gox has closed – its webpage is blank – other crypto-businesses and exchanges are working to restore trust in crypto-currencies and reassure investors. Many observers I have spoken to in the past few months have erred on the side of caution in terms of investing in bitcoin. Crypto-currencies are vulnerable to attack, but they are also developing rapidly. At the time of publishing, the exchange rate was XBT1 = USD441.9.
Bitcoins, other digital currencies stolen in massive ‘Pony’ botnet attack
The attack was carried out using the “Pony” botnet, a group of infected computers that take orders from a central command-and-control server to steal private data. A small group of cybercriminals were likely behind the attack, Trustwave said.
Over 700,000 credentials, including website, email and FTP account log-ins, were stolen in the breach. The computers belonging to between 100,000 and 200,000 people were infected with the malware, Trustwave said.
The Pony botnet has been identified as the source of some other recent attacks, including the theft of some 2 million log-ins for sites like Facebook, Google and Twitter. But the latest exploit is unique due to its size and because it also targeted virtual wallets storing bitcoins and other digital currencies like Litecoins and Primecoins.
Eighty-five wallets storing the equivalent of $220,000, as of Monday, were broken into, Trustwave said. That figure is low because of the small number of people using Bitcoin now, the company said, though instances of Pony attacks against Bitcoin are likely to increase as adoption of the technology grows. The attackers behind the Pony botnet were active between last September and mid-January.
“As more people use digital currencies over time, and use digital wallets to store them, it’s likely we’ll see more attacks to capture the wallets,” said Ziv Mador, director of security research at Chicago-based Trustwave.
Most of the wallets that were broken into were unencrypted, he said.
“The motivation for stealing wallets is obviously high—they contain money,” Trustwavesaid in a blog post describing the attack. Stealing bitcoins might be appealing to criminals because exchanging them for another currency is easier than stealing money from a bank, Trustwave said.
There have been numerous cyberattacks directed at Bitcoin over the last year or so as its popularity grew. Last year, a piece of malware circulating over Skype was identified as running a Bitcoin mining application. Bitcoin mining is a process by which computers monitor the Bitcoin network to validate transactions.
“Like with many new technologies, malware can be an issue,” said a spokesman for the Bitcoin Foundation, a trade group that promotes the use of Bitcoin, via email. Wallet security should improve, the spokesman said, as more security features are introduced, like multisignature transactions, he said.
Digital currency users can go to this Trustwave site to see if their wallets and credentials have been stolen.