According to BitcoinWatch the current market capitalization of the virtual currency stands at an incredible $10.4 billion. A single Bitcoin is now worth more than $800. In the ongoing aftermath of the Silk Road takedown many people wrongly assume Bitcoin is some kind of criminal currency, used to trade in anything and everything illegal online. However, be in no doubt that cyber-criminals are, indeed, attracted to Bitcoin: they are targeting it in virtual bank robberies.
Last month reports surfaced of an Australian Bitcoin 'bank' called inputs.io being hacked and the owner relieved of some 4,100 Bitcoins worth $1.3 million. Now we hear that the Danish company Bitcoin Payment Solutions (BIPS), another Bitcoin startup, has lost a reported $1 million worth of Bitcoins (1295 BTC) after an attacker managed to compromise the hosting account through fairly straightforward email account password resetting and server-side vulnerability that left the two factor authentication in place about as useful as a chocolate teapot.
This latest robbery is thought to have occurred between the 15th and 17th November, and word on the IT security grapevine is that the breach can be traced back to a Russian origin. The virtual-robbers used the increasingly common tactic of staging a Distributed Denial of Service (DDoS) attack on the site as a smokescreen behind which the real attack, the Bitcoin robbery, could take place. The smokescreen analogy is very apt, as when a site is hit by a DDoS attack then all efforts go into dealing with that emergency and it's all too easy for cyber-criminals to then sneak into the site while attention is elsewhere and do pretty much whatever they want.
Amichai Shulman, CTO of Imperva, says: "Regarding the consequences to Bitcoin, it turns out that the same characteristics that made this payment system so popular are the ones that now prevent people from getting their stolen money back. A potential deterrent for such events would be to introduce a black-listing mechanism into the Bitcoin protocol which would prevent people from cashing out on stolen wallets (which would take out the incentive for stealing them in the first place – assuming that BCs are not traded into money before the theft is detected). For now, all that victims could do is sit back and watch how their stolen Bitcoins are being anonymously traded (since all transactions in Bitcoin are public)."