Attackers going after virtual currency are raking in real dollars. A megaheist over the weekend exposed hundreds of user accounts and stole approximately $8.75 million worth of virtual money.
BitCoin is a form of virtual currency popular with users for online trading. Its peer-to-peer network does not attach any identities to the funds being transferred, allowing users to maintain their anonymity. Largely unregulated, BitCoins are like cash; once stolen, they are gone.
About 25,000 BTC were transferred from 478 accounts on Mt. Gox, a virtual exchange that handles currency trading for BitCoins on June 13. It appears the attacker had compromised user passwords and had logged in to the accounts to initiate the transfers, according to a Daily Tech report.
Mt. Gox initially downplayed the incident, blaming users because the attackers clearly logged in using correct passwords. “As a reminder we assume no responsibility should your funds be stolen by someone using your own password,” a support team member told the Daily Tech.
Within an hour of the hack, reportedly 100,000 Bitcoins were sold at incredibly cheap rates on Mt. Gox, plunging the market from around $17.50 USD per Bitcoin to just $0.01 per Bitcoin, the Daily Tech reported. An additional 400,000 Bitcoins were missing, bringing the heist to approximately $8.75 million based on the market value prior to the massive sell-off.
The exchanged later admitted that account information had been leaked, including username, e-mail address and a hashed password. The stolen Mt Gox database was originally offered for sale on Pastebin, and then later publicly dumped. It appears that MD5 was used for passwords. MD5 is fairly easy to brute-force, even if a salt is used, as Mt Gox claimed.
According to Symantec, a new “Infostealer.Coinbit” Trojan making the rounds is designed to access the BitCoin wallet on the user’s computer and send the information to the attacker’s e-mail address. Symantec also warns that in Bitcoin mining botnets could be netting the owners over $100,000 USD a month in profit.
Because of its unregulated nature, politicians have threatened to shut down BitCoin, primarily because the accessibility of unregulated funds may make it easier to buy illegal goods. Websites such as Silk Road, where many black market items are on sale, use BitCoin. Sens. Charles Schumer (D-NY) and Joe Manchin (D-W.Va) have expressed their concerns to United States Attorney General Eric Holder about the use of BitCoins to buy, sell and distribute drugs worldwide.