What does a Bitcoin robbery look like?

Kayne Naughton, is a technologist and security researcher with Asymmetric Security. During AusCERT 2014 he took a look into the murky world of Bitcoin and examined the good, bad and ugly of this new currency.

Just to give you some idea of the volatility of Bitcoin, the first actual transaction completed using about 100,000 Bitcoins as payment in the physical world was for the purchase of a pizza. On today's exchange rates, that pizza is now worth about $1.2 million, according to Naughton.

It's little wonder that adventurous investors and criminals see crypto-currencies as being potentially valuable.

Naughton noted in his presentation that the digital nature of Bitcoin allows us to track every transfer historically and visualize these multimillion-dollar thefts in a way never possible in traditional financial networks.

By looking at some of the recent Bitcoin thefts he believes the security industry can learn from this rapidly changing criminal ecosystem and apply the lessons to their own defences, particularly in cloud deployments.

As part of his preparation for the presentation, Naughton told the audience that he mined five Bitcoins. "I sold one and a half of them for about $450AUD. The other three and half were either, sort of, lost, stolen or otherwise went missing through various international exchanges".

He noted that when he began this preparation, they were only worth a few dollars each. But as the exchange rate skyrocketed, he tried to retrieve the lost coins unsuccessfully.

That leads to one of the challenges in securing a Bitcoin wallet. The nature of Bitcoin is that is relies on a series of linked, but independent actions – the so-called blockchain. Although everything is stored in text files, those are encrypted and users hold the keys – not some central agency. So, how are Bitcoins stolen?

Naughton mentioned that the incentives for breaking Bitcoin's cryptography are substantial.

"If you find a bug in Bitcoin, you can extract hundreds of millions of dollars. So, it's a pretty strong incentive to break that crypto," he said.

One of the methods being used to steal Bitcoin has been to compromise cloud services. The ability to purchase scalable cloud computing services at low cost makes them an attractive proposition for some Bitcoin miners. By compromising the cloud provider, thieves, according to Naughton, have been able to access systems and steal Bitcoin wallets.

Part of what makes Bitcoin thefts difficult to track is that the Bitcoin marketplace is just as complex as the real-world financial markets. There are Bitcoin futures traders and their trading systems can be vulnerable.

"Some of these people are moving into market manipulation. If you know prices are going to go down, because you're going to launch a DDoS on the major exchanges, you can effectively short Bitcoin. You can then buy back in at the low point," Naughton explained.

Unscrupulous dealers are also a factor. Some traders are known to have used Bitcoins from customers to play the market and were caught out when the market took an unexpected turn.

These aren’t problems that are unique to Bitcoin and other crypto-currencies but they are harder to trace and investigate, as the required expertise isn’t available within law enforcement at this time. What was clear from Naughton's presentation is that Bitcoin is not all bad although, like traditional currencies and financial markets, it can be used and manipulated for illegal gain.

Maintaining solid system security with cloud providers, if you're using them to store Bitcoin wallets of for Bitcoin mining, is just as much of a priority as for traditional computing tasks.

Join the CSO newsletter!

Error: Please check your email address.

Tags AusCERT 2014Bitcoin

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place