According to BitcoinWatch the current market capitalization of the virtual currency stands at an incredible $10.4 billion. A single Bitcoin is now worth more than $800. In the ongoing aftermath of the Silk Road takedown many people wrongly assume Bitcoin is some kind of criminal currency, used to trade in anything and everything illegal online. However, be in no doubt that cyber-criminals are, indeed, attracted to Bitcoin: they are targeting it in virtual bank robberies.

5b4b2c065952977ce6e1c623f7639471 Last month reports surfaced of an Australian Bitcoin 'bank' called being hacked and the owner relieved of some 4,100 Bitcoins worth $1.3 million. Now we hear that the Danish company Bitcoin Payment Solutions (BIPS), another Bitcoin startup, has lost a reported $1 million worth of Bitcoins (1295 BTC) after an attacker managed to compromise the hosting account through fairly straightforward email account password resetting and server-side vulnerability that left the two factor authentication in place about as useful as a chocolate teapot.

This latest robbery is thought to have occurred between the 15th and 17th November, and word on the IT security grapevine is that the breach can be traced back to a Russian origin. The virtual-robbers used the increasingly common tactic of staging a Distributed Denial of Service (DDoS) attack on the site as a smokescreen behind which the real attack, the Bitcoin robbery, could take place. The smokescreen analogy is very apt, as when a site is hit by a DDoS attack then all efforts go into dealing with that emergency and it's all too easy for cyber-criminals to then sneak into the site while attention is elsewhere and do pretty much whatever they want.

Amichai Shulman, CTO of Imperva, says: "Regarding the consequences to Bitcoin, it turns out that the same characteristics that made this payment system so popular are the ones that now prevent people from getting their stolen money back. A potential deterrent for such events would be to introduce a black-listing mechanism into the Bitcoin protocol which would prevent people from cashing out on stolen wallets (which would take out the incentive for stealing them in the first place – assuming that BCs are not traded into money before the theft is detected). For now, all that victims could do is sit back and watch how their stolen Bitcoins are being anonymously traded (since all transactions in Bitcoin are public)."

Edited 3 Years Ago by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.