Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Blood in the Water: Bitcoin Woes Cause Attackers to Converge

Created: 07 Mar 2014 19:24:20 GMT • Translations available: 日本語
Dick O'Brien's picture
+2 2 Votes
Login to vote

Bitcoin Woes 1.png

Virtual currency Bitcoin has experienced some turbulent times in recent weeks as attackers focused their attention on a newly publicized weakness in Bitcoin’s software in an attempt to siphon off huge sums. The instability has already claimed the scalp of Mt Gox, which was once the world’s largest Bitcoin exchange and thousands of investors have lost their deposits.  The thefts caused the currency’s value to plunge but it has since recovered significantly, indicating that investors still have an appetite despite the risks. Nevertheless, this spate of incidents perfectly illustrates how attackers can swarm around a particular area once a weakness is found and attempt to pick it clean.

The first sign of trouble came on February 7, when Mt Gox announced that it had suspended withdrawals. The exchange, which is based in Japan, said that it was working to fix a bug in Bitcoin’s software and the flow of withdrawals was hindering its progress. At the time, there was no hint that anything else was awry. Nevertheless, the announcement triggered a plunge in Bitcoin’s value. Having traded at above US$800 prior to the incident, the currency fell to approximately $650.

The bug, known as “transaction malleability” makes it possible for attackers to alter transaction details to make it seem like a transfer of funds to a Bitcoin wallet did not occur when in fact it did. Since the transaction appears as if it has not proceeded correctly, the sender could be duped into sending more Bitcoins.

Within days, the problems spread. Two more major Bitcoin exchanges were forced to suspend withdrawals as attackers mounted Distributed Denial of Service (DDoS) attacks against them in a bid to exploit the vulnerability. Bitstamp, which is based in Slovenia and BTC-e, which operates from Bulgaria, were both hit by the attacks, which flooded the exchanges with malformed transactions designed to create confusion across their systems.

While Bitstamp and BTC-e were back trading normally within days, the same could not be said for Mt Gox. The company’s bar on withdrawals remained in place until February 24, when the exchange suddenly went offline. Leaked internal documents suggested that the company had been the victim of a massive theft, in which hundreds of millions of dollars’ worth of the currency had been stolen.

Three days later, Mt Gox filed for bankruptcy, confirming that nearly US $500 million worth of the currency had been stolen from its systems. The company claimed that a bug in Bitcoin’s software had allowed attackers steal approximately 750,000 Bitcoin deposited by customers and 100,000 Bitcoin owned by the company.

Even after its closure, Mt Gox remained a focus for attackers. For example, scammers were quick in circulating an email that claimed the company will be returning Bitcoins stolen from its users. The scam email contained a link to a video that is described as containing news on how people can get their Bitcoin back. When the recipient clicks on the link, they are directed to a website that prompts them to install “Adobe Flash Player” in order to play the video. Clicking on the install button will download a compressed .rar file containing malware. Symantec detects this malware as Trojan.Klovbot.

The phishing campaign is a perfect example of how once a sector falls into the spotlight, attackers can smell blood in the water and will attempt to exploit every conceivable angle before moving on.

Bitcoin Woes 2.png

Figure 1: Bitcoin’s value has recovered somewhat in the aftermath of the attacks. (Source: blockchain.info)

These recent attacks are not the first time Bitcoin has come under pressure. Late last year, a series of virtual bank robberies resulted in millions of dollars’ worth of the currency being stolen. However, the collapse of Mt Gox is one of the most significant security breaches to date. Despite this, investor demand for Bitcoin has remained strong. The currency plunged when news broke of Mt Gox’s suspension, dropping from $800 on February 6 to a low of $528 on February 26. However, since then it has rallied and it is now trading at around $630. Considering that Bitcoin was trading at $42 only a year ago, it is clear that there is still a considerable degree of enthusiasm for the currency despite the attacks. Whether this optimism is warranted remains to be seen.