As the value of the Bitcoin soars, so do the crimes related to it. Using this virtual currency is fraught with peril, not just due to its fluctuating value and lack of a regulatory body, but because it is an alluring target for hackers, making them the new age bank robbers targeting digital currency exchanges and their unsuspecting users.
To govern Bitcoin’s accounting, cryptography is used to make secure transactions. Basically the owner of a Bitcoin has a public address that contains a balance and is visible on a public ledger on the internet, along with a private encryption key known only to the owner. To authorize a transaction using Bitcoins, both the key and the address are required.
So, by exploiting the security gaps in the computer servers, systems or mobile devices of users, if a criminal minded individual gains access to the user’s private key and address both, then it can be used to transfer the victim’s Bitcoins into the hacker’s account.
Further, most users store their Bitcoins in virtual, online wallets either installed on their systems or hosted on websites. These websites also offer payment processing using Bitcoins along with storage. Therefore, hackers are increasingly targeting the websites hosting online wallets. By hacking these websites, the attackers have been able to transfer millions of dollars in Bitcoins to their own accounts, as in the case of the theft of about USD 1 Mn from European Bitcoin payment processor BIPS; USD 100,000 from Czech exchange Bitcash.cz; USD 1 Mn from Australia’s TradeFortress; and an undisclosed amount from Poland’s Bidextreme.pl.
There are also cases that have been reported about fraudulent websites that are posing as a legitimate Bitcoin exchange and then disappearing with its users’ Bitcoins. GBL, a Chinese Bitcoin trading platform that claimed to be based in Hong Kong, recently vanished with around USD 4.1 Mn of investors’ money.
Another method of exploiting virtual currency is CryptoLocker- a malicious software that locks all the files and data on the victims computer, including secondary hard drives and network storage system. The only way to retrieve the data is to pay a “ransom” of 2 Bitcoins for it, within a given time limit to save the data from being destroyed. At the time this Trojan first appeared, 2 Bitcoins converted to approx USD 300. However now as the value of a single Bitcoin is nearly USD 700, the people behind CryptoLocker have downscaled the ransom demand to 0.5 Bitcoin.
Some security measures that can be taken by users involve confirming the identity and authenticity of a seller or exchange before transferring their Bitcoins. Further, instead of storing all the Bitcoins in one “hot wallet” which is connected to the net, the users should store most of them in “cold storage” such as USB drives or separate computers which aren’t used to connect to the web. The private keys can be written on paper or engraved into rings instead of digitally storing them.
To contact the author, write to firstname.lastname@example.org