How to profit illegally from Bitcoin … cybercrime and much more

Ethical Hacking Boot Camp

Our most popular course!


Practice for certification success with the Skillset library of overheen 100,000 practice test questions. Wij analyze your responses and can determine when you are ready to sit for the test.


The rente te Bitcoin, one of the most popular currency schemas is high, financial world, petite savers, merchants and of course, cyber-criminals observing with rente the strong surge of its price and subsequent abnormal oscillations. The most frequent questions about Bitcoin asked by the above actors are:

  • How to make money with Bitcoin?

Soaring Bitcoin value has attracted above all the rente of cybercrime. Recently, wij read of malware authors and botmasters that are attempting to exploit fresh and old channels to steal virtual currency or mine it using the computational resources of the victims.

The number of cyber-crimes related to virtual currency is riskily enhancing. Fresh cyber-threats are menacing both Bitcoin exchanges and Internet users.

Criminals can conduct cyber-attacks to steal Bitcoins from the victim’s wallet. They can adopt various mechanisms, such spil use of malware to steal a digital wallet or social engineering attacks, to gather information on Bitcoin user’s funds.

Another way to monetize the rente ter the virtual coin is the manhandle of computational resources of victims. This is by cyber-criminals using a botnet composed of a large number of machines infected with malware tooled with a miner module.

The process of Bitcoin mining requests the resolution of algorithms that became more difficult with the enhanced of number of Bitcoin present on the global market, according to author Satoshi Nakamoto, to avoid inflationary phenomena. Ter this script, the cyber-criminals need to sustain just the cost of opstelling of the botnet, meantime illegally using hardware resources of the victims’ CPUs and GPUs. Spil wij will see te this article, there is an economic evaluation of the number of machines that need to be infected to create a prolific business.

The last way to get a profit by Bitcoin is speculating on the value of the Bitcoins. Of course, this is not illegal, but the virtual currencies schema suffers oscillations related to incidents such spil a cyber-attack (e.g. DDoS or a Gegevens Breach) that are able to cause a fall te the trust ter the digital coin. An ill-intentioned hacker could conduct cyber-attacks against principal exchange services to influence the global level of trust te the currency and consequently its value. Te this way, the criminals could acquire or sell thick volumes of the currency, making excellent profits.

Theft of Bitcoin

The problem of theft of Bitcoin is exactly the same for any other currency, the fact the currency is virtually of course implies that the technologies to steal the coin are fairly different.

Theft of Bitcoin can be perpetrated by cyber-criminals to make a meteen profit, to attack the virtual currency scheme itself for speculation purposes, or to affect the level of trust on the currency.

The principal methods to steal Bitcons are hacking technics and malware-based attacks. They could be used te attacks on the Bitcoin exchange or the final user.

The number of Bitcoin thefts during the last years has grown hand-in-hand with the popularity of digital currency. One of the most well-known cases occurred ter early 2012 when a group of hackers exploited a vulnerability te the cloud services provider, Linode, that talent them the access to users’ digital wallets —stealing a total of 46,703 BTC for a total amount of $228,000. The victims were mainly users of trading platforms such spil Bitcoinica (around 43,000 BTC) and private users.

Te that case, the attackers compromised a customer service portal to target wallets stored on Linode servers. It is considered the omschrijving of a canap robbery. According to the official statement released by Linode after the attacks:

“All activity by the intruder wasgoed limited to a total of eight customers, all of which had references to ‘Bitcoin,’…The intruder proceeded to compromise those Linode Manager accounts, with the apparent aim of finding and transferring any Bitcoins. Those customers affected have bot notified.”

If wij go back te time wij find another significant case of Bitcoin theft. Te June 2011, one of the principal Bitcoin exchanges wasgoed victim of an attack. The hackers stolen around 400,000 Bitcoins for a total amount of $9 million, but the attack is considered memorable because the quantity of coins illegally obtained corresponded to 6% of all the virtual currency ter circulation at that time. 478 accounts have bot abandoned of 25,000 Bitcoin transferred on the largest currency exchange. Mt. Gox reported the event.

Figure 1 – Bitcoin Value during the attack on June 2011

The following table is a list of principal events ordered by amount of stolen Bitcoin extracted from book “Digital Virtual Currency and Bitcoins – The Dark Webs Financial Market – Exchange &, Secrets”

Figure Two – Principal attacks ordered by amount of stolen Bitcoin

The attacks reported up to this point mainly targeted service providers such spil the Bitcoin exchange. Spil anticipated, another way to steal Bitcoin is to directly attack users exploiting lack of security ter their systems and ter many cases the total absence of defenses to secure digital wallets.

The simplest way to attack a Bitcoin wallet is to steal/detect its password, the attack against Mt. Gox wasgoed possible due hacking that exposed the list of user accounts and password hashes.

The skill of the password permits the hackers to compromise the encrypted user’s wallet. Ter thesis cases, the attack is facilitated by the bad habit of holding coins te an unencrypted wallet.

The wallet encryption doesn’t represent a excellent protection against hacking attacks. Wallets protected with passphrase encryption still remain vulnerable to a replay attack if the host has bot compromised by malware, or if malicious code is able to sniff the passphrase using, for example, a keylogger.

There are various methods to protect Bitcoin wallets such spil the adoption of “off-line wallets.” Thesis are essential defense measures when the total amount of Bitcoin has significant value.

A “hardware wallet” and many others protection mechanisms are listed ter the Wiki pagina “Securing Your Wallet.”

The Internet is utter of news related to malware designed to steal Bitcoin. Recently, the Webroot blog published an article on malicious code attempting to make money on all sorts of digital transactions. The Webroot Threat Research Department has already detected many malicious campaigns targeting Bitcoin users. The last revelation is on a source code for a Bitcoin Jacker that, once deployed, scans machines searching for Bitcoin wallet files and transmits the gegevens back to the attacker.

The author of the software encourages its users to steal Bitcoin wallet files and then postbode them on “public” repositories permitting to third actor to decrypt their content by cracking powerless passwords to steal the precious coin. Spil usual, the malware could benefit the bad user habit of choosing feeble passwords containing words that are te the dictionary, or passwords that do not contain a combination of upper case and lower case letters, numbers and symbols.

Figure Trio – Bitcoin Jacker screenshot

To improve the efficiency of the malicious code designed to steal Bitcoin wallets, criminals can compile it with a keylogger, such spil Private Keylogger, to grab the passwords related to a stolen wallet opstopping, making them instantaneously usable.

One of the most malicious malware ter history wasgoed created with specific intent to steal Bitcoin Infostealer.Coinbit. It is a Trojan pony that attempts to steal Bitcoin wallets stored on Windows machines. During execution, it searches for a Bitcoin wallet on the victim’s PC into following path:

If the malware finds a wallet, it attempts to send it to the attacker via email using the SMTP server Of course, the malware authors attempted to target those wallets that were unencrypted. The malware is dated and fortunately, it hasn’t had a broad distribution. The number of instances detected wasgoed limited.

Symantec experts discovered its source code on underground forums, which locates the wallet and uploads it to the attacker’s servers using FTP protocol. The black market is considered a breeding ground for malware that evolves thanks continuing improvement made by groups of criminals that typically rents or sells their criminal services.

The easiest way to protect a Bitcoin wallet from this type of attack is to encrypt it and avoiding storing it on wide-open indexes on the Web. Let’s recall ter fact that decently using search engines such spil Google, it is possible to locate the wallets with a ordinary query like the following:

intitle:index.of wallet filetype:dat intitle:index.of “wallet.dat”

Malware-based attacks on Bitcoin wallets aren’t a foot prerogative of Windows machines. Ter November 2011 the Mac malware DevilRobber wasgoed spreading ter bit-torrent verkeersopstopping sharing sites inwards copies of a Mac OS X image-editing app called Graphic Converter version 7.Four.

According Sophos security stiff, the legitimate Apple program wasgoed altered by toegevoegd code for Bitcoin miners. DevilRobber OSX/Miner-D utilized Mac’s GPU (Graphics Processing Unit) for mining activities. Te case the malicious code finds the user’s Bitcoin wallet it will steal it sending back gegevens to a remote server.

Botnets and Bitcoin

Another way to monetize the use of Bitcoin is to contribute to the generation of fresh coins, also known spil Bitcoin mining. But, to do this, it necessary to solve an algorithm that has enlargening complexity related to the number of Bitcoins ter circulation. The complexity of the mining process is functionally on the Bitcoin ter circulation, according the original idea of Nakamoto, the author of the virtual currency scheme, to avoid inflation phenomenon and more ter general to preserve the currency from any zuigeling of speculation.

Cyber-criminals attempt to exploit the mechanism of Bitcoin mining using computational resources illegally obtained —for example infecting a large number of machines with malware able to mine Bitcoin spil part of a malicious botnet.

Te a Bitcoin peer-to-peer architecture, each knot could acquire coin blocks sharing its computational resources to solve the cryptographic proof-of-work problem ter a Bitcoin mining process that could permit to the user to lead to a prize of up to 50 Bitcoins vanaf block if he were successful ter solving a block.

Large botnets could provide necessary computational resources to mine Bitcoins, but also te this case, cyber-criminal organizations have to evaluate the effort cautiously to project the possible earnings from their illegal activities. To do this, it is necessary to understand the dimensions of the botnet, evaluating its profitability. To have an idea of assessments made by criminals when they project to build a botnet, let’s analyze the mining power of a single machine with medium computation capabilities that can elaborate harshly one mega-hash/2nd.

The very first problem for the criminals is to recruit a machine to compose the botnet, this is possible spreading a malware tooled with a miner component.

The infection phase could be organized te various ways such spil:

  • Compromising a webstek with a web exploit.

Once infected, the malware downloads Bitcoin miners, CPU and GPU drivers exploit computational resources of the victim and uses them te the mining process. Periodically the amount of Bitcoins generated is transferred to one or more wallets managed by cyber-criminals.

To evaluate the productivity of a botnet, let’s use one of the various online Bitcoin mining calculators on the Internet: zakjapanner, that permit us to calculate coins produced vanaf day, vanaf week and vanaf month kicking off from the following input gegevens:

Using the following parameters today (April 24, 2013) wij obtain the following calculation related to a single day of mining activity.

Figure Four – Bitcoin mining rekenmachine

To evaluate the profitability of a botnet, wij have to multiply the obtained gegevens for the number of machines that compose the malicious structure and for the number of days it operates. Wij assume that the calculations are based on mining permanently for 24 hours using the CPU only at current exchange rate and difficulty factor.

For example, to estimate the earnings for Botnet mining vanaf month for various botnet size

Related movie: Tyler, The Creator – Who Dat Boy

Leave a Reply

Your email address will not be published. Required fields are marked *