You are on page 1of 3

As bitcoin booms, so does bitcoin bank robbery

Robbing a bank is such a hassle in the real world, with all the complicated logistics of weapons, vaults, dye packs, and getaway cars. Its a lot more straightforward to rob digital currency exchanges and payment processors. To paraphrase bank robberWillie Sutton, thats where the bitcoins are.

The huge interest in bitcoin and the concurrent surge in the value of the currency bitcoin has risen 6,000% versus the US dollar in the last year and 300% just this monthhas also created a growing incentive for larcenous hackers:

European bitcoin payment processor BIPS lost the equivalent of about $1 million last week after a distributed denial of service (DDoS) attackoverwhelmed its servers and enabled attackers to gain access to customers online bitcoin wallets.

Polands was also hacked last week, and its users accounts emptied, though it did not disclose the amount taken.

A week earlier, the Czech exchange was hit, with 4,000 users losing bitcoins worth about $100,000.

Australias TradeFortress said it was hacked in November, leading to the loss of $1 million worth of users bitcoins.

Chinas GBL exchange abruptly went offline in October, with $4.1 million in users bitcoins going missing.

How do you actually steal a bitcoin, anyway?

Owning bitcoins, as Wireds extensive survival guide explains, means that you have a private cryptography key thats associated with a public internet address. You need both to access the money. By exploiting cybersecurity flaws on computer servers, PCs, and mobile phones, thieves who discover both the private key and the public address can transfer the bitcoins to their own accounts to spend as they please or convert into another currency.

Bitcoin transactions cannot be reversed without the consent of both sender and receiver, so the transfers are irrevocable. The system is designed to shield the identity of its users, but individual bitcoins are traceable.

While the ownership of money is implicitly anonymous, its ow is globally visible, a recent research paper concluded. Forbes contributor Jon Matonis wrote last year about the theft of 46,703 bitcoins, worth $228,845 at the time of the robbery, from a New Jersey-based hosting company called Linode, which could be traced after the theft through servers in dozens of other countries.

As a one-stop despository of multiple accounts, exchanges make a tempting target, which is why the Bitcoin Foundation warns new users:

When sending money to an exchange or seller you are trusting that the operator will not abscond with your funds and that the operator maintains secure systems that protect against theftinternal or external. It is recommended that you obtain the real-world identity of the operator and ensure that sufficient recourse is available.

BIPS, the European payment processor that was hacked last week, has stopped offering online wallet services and has urged customers to avoid online wallets altogether.

Safe-guarding your own bitcoins can also be fraught, since thieves have exploited security vulnerabilities to steal bitcoins from users own computers. Securityconscious users recommend storing bitcoins not in hot wallets that are necessary for processing transactions, but rather in cold storage, such as a USB drive that is not connected to the internet, or even deep cold storage, such as a usb drive thats stored in a (real world) safety deposit box. Private keys can even be written on pieces of paperor engraved onto a ring.

Bitcoin is still a relatively young currency, and the criminally minded are still figuring out new ways to exploit its virtues. A malicious piece of ransomware called CryptoLocker has been infecting users computers, encrypting their files, and

demanding a ransom paid bitcoins in order to unlock the precious personal data. The fee was initially two bitcoins, but as the currencys value has risen the operators of CryptoLocker have reportedly lowered their price to half a bitcoin, or about $390.

Even more byzantine criminal schemes are likely to emerge if bitcoin continues to become more mainstream. A user on Reddits bitcoin forum suggested a few months back that armed robbers could conceivably find the offices of Mtgox, Coinlab, Bitcoin24, Bitstamp, and all the other exchanges then storm them with guns, forcing employees to hand over the private encryption codes, merging bitcoin bank robbery with the old-school real world version. It may not be long before bitcoin robbers and the people trying to stop themhave to deal with even more complexity and complications than Willie Sutton could have ever dreamed of.