How Bitcoins Can Be Stolen: Botnets, Viruses, Phishing, and More

Bitcoins can be stolen in a variety of ways. In fact, researchers at SecureWorks, a division of Dell, released a paper at the RSA conference and highlighted that there are over 146 different types of malware which have the capability to steal bitcoins. Moreover, many are highly sophisticated, and very difficult to detect.

First of all, we need to understand why more and more bitcoins are being stolen. Well, there are a lot of reasons, but one of the main reason is that Bitcoin can be used in a way that grants some level of anonymity, as you can create as many addresses you want.  On top of this, the fact that Bitcoin transactions are instant, and not reversible, makes the currency a prime target for malicious actors. Though there have been many advancements in Bitcoin wallet security, they are not perfect, and many of the more secure features take time and effort to use properly.

So, black hat hackers are resorting to various methods to try to extract BTC, and we will review a few of those here, as well as a few steps you can take to try to protect yourself.

Botnets:  Stealing Bitcoin Encryption Passwords or Forcing You to Mine Bitcoins

A botnet is a massive network of infected computers. Many black hat hackers are resorting to utilizing botnets, and if your computer is captured by a botnet, it is likely capable of stealing your bitcoins. Once you are infected the owner of the botnet can do pretty much anything with your computer.  They can log your keystrokes, to steal Bitcoin wallet encryption passwords, and even stream your screen live.  Not only that, botnets are sometimes used to mine bitcoins, or an altcoin.  This can increase the electricity your computer uses, or even overwork your CPU or GPU until they burn out.

Luckily, most people are unlikely to be part of a botnet, as standard antivirus and firewall software are quite good at catching attempts to send information to and from a strange location.

That said, if your computer has suddenly begun to run slowly, seems to be running harder than normal when you are not using it, or you notice that your internet in general is slower, then it would be a good idea to double check.  Online virus scanners, such as Bitdefender, can be useful, in case your local antivirus software has been compromised, as can setting your firewall to require approval for ALL incoming or outgoing connections.  If certain programs or files, especially ones that you do not recognize, are asking for permission to send information, then make a note of its name.  Search online to see if others have flagged that program, or file, as malicious.

Malware and Viruses that Target Bitcoin Wallets

Once downloaded, these files search for the wallet.dat file on your computer.  As your wallet.dat contains the private keys that control your bitcoins, these files are then sent to the hacker, who then uses them to steal the bitcoins.  Encrypting your Bitcoin wallet with a strong password, containing 15+ characters, including upper and lower case letterts, numbers, and symbols, will make it difficult for the hacker to use the stolen wallet.dat.  Unfortunately, if the virus is also a keylogger, and has logged you typing in your encryption password, then they can still open the wallet.

Another clever method that is being used is malware that lies dormant, until a user on an infected computer copies a Bitcoin address.  At that point, the malware becomes active, and subsequently, it changes the address to an address owned by the hacker.  So instead of sending the bitcoins to the person you intended to, the bitcoins are sent to the hacker.

Finally there is Bitcoin ransomware, which locks a computer, and promises to only unlock it if a certain amount of bitcoins are paid to a specific address.  This is extremely nefarious, as the ransomware programs are nearly impossible to remove once they have taken over.  However, they DO actually unlock the computer if the ransom is paid.  This combination makes this malware very effective at extracting bitcoins, even from people who previously did not use Bitcoin at all, and is growing more and more sophisticated.

The only real protection from these types of attacks are a combination of good antivirus software, a solid firewall, and smart online habits.  Do not install programs that you are unsure about, avoid links to websites from people you do not know, or seem unsafe.  If you feel like you MUST visit websites that seem unsafe, then use a combination of a virtual machine, connecting through a VPN, to access them.

Phishing for Bitcoin Wallets

This is one such method wherein a hacker creates a clone of a website, and when a user enters his login credentials, the information is sent to the hacker who subsequently uses them to login to your account and steal the funds. This can be done for any website with a little bit of work and this method has been in use since a long time. Thus, it is necessary to check some basic things such as the domain you visit befor logging in, for example, always check the ssl certificate text when visiting blockchain.info

Also, avoid using the same username and password for multiple websites…or at the very least, use unique passwords for your email address, and accounts that contain bitcoins, sensitive data, or other information that you would not want a hacker to access.  Additionally, two factor authentication should be activated for any Bitcoin exchange account, or online wallet.  This extra level of protection makes it more difficult for a hacker to log into your account, even if they have the username and password.

Compromised Bitcoin Exchanges and Wallet Services

If you use an online exchange or an online wallet service, even if you take every precaution necessary, the service itself could be hacked.  This is supposedly the reason behind the infamous collapse of Mt. Gox, which resulted in the loss of over 850,000 bitcoins . It is necessary to ensure that the service you are using has a good amount of transparency and solid security.  Even then, you should only keep bitcoins in an online account temporarily, and only when necessary.  It also helps if the service is insured in one way or another, is known to be solvent, and keeps the majority of their funds stored in cold storage.

Protect Your Bitcoins With a Few Easy Precautions

Overall, it is necessary to ensure that you are safe from these vulnerabilities and compromises. Perform a simple “background check” before trusting a service with your funds.  Search online for other user’s reviews, look for any provable information regarding their solvency, check to see if the owners of the service are known, and even then, be very careful with which ones you trust.

The other issues, such as phishing and malware can be tackled by proper use of antivirus software, firewalls, checking the SSL certificate, the domain name, and using programs such as sandboxes which isolates programs and prevents them from making changes to your computer.  Finally, the absolute best way to protect your bitcoins is via cold storage.  Any funds you have, and are not planning on using very soon, should be stored in a cold storage wallet, so that even if your computer is compromised, your BTC will remain safe.