Bitcoins Come Under Attack as Their Value Rises
NEWS ANALYSIS: As the value of the Bitcoin currency rises above $1,000, the risk of security exploits and attacks are also likely to climb.This past week, the value of a Bitcoin crossed the $1,000 threshold—marking a new milestone for the virtual currency. As the value and use of the Bitcoin—which first emerged in 2009 as a decentralized form of money—rises, interest from hackers and criminals has also climbed. One of the most recent Bitcoin-related exploits is malware that installs itself on users' PCs in order to "mine" new Bitcoins. The virtual currency is created through digital mining that leverages compute power to discover new blocks of Bitcoins. The Bitcoin-mining malware was reported by security firm Malwarebytes and is being installed on victims' PCs by way of a malicious toolbar application. Websites in the Bitcoin ecosystem have also been under recent attack. The bitcointalk.org community site was attacked this past week, with attackers gaining access to user names and passwords on the site.
The risk from such an attack is that the attackers can now potentially leverage those user accounts to profit from Bitcoin activities. In a more direct attack, the European Bitcoin exchange BIPS (Bitcoin Internet Payment System) was breached last week, exploiting users of $1 million in Bitcoins.
"Hackers can easily exploit the vulnerabilities via SQL injection, XSS [cross-site scripting], etc. and retool these vectors to steal Bitcoins from Web services and online wallet services," Venkat said. The other risk to users with Bitcoin wallets is that unlike credit card transactions, Bitcoin payments are not reversable by a central authority like a bank or a credit card issuer. Only the person receiving the funds can refund the Bitcoin transactions, Venkat said. "This means one should take extra care to do business with people and organizations that they trust," Venkat said. The fact that there is no central governing body that oversees Bitcoin transactions or sets any security standards regarding how, where or for what the virtual currency is used is seen as a cause for concern by Devin Krugly, vice president of marketing and business development at AccessData. "Nearly anyone with a minimal set of IT experience can set up a Bitcoin-mining and -transaction site, so novices can easily be hacked," Krugly told eWEEK. Ultimately, as is the case with real hard currency, it is the responsibility of Bitcoin users to protect their own Bitcoins. "If you don't have a backup plan for your wallet, or if the location of your wallets or your passwords is not known by anyone when you are gone, there is no hope that your funds will ever be recovered," Krugly said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.