UPDATED 15:00 EST / FEBRUARY 26 2015

What Morgan Spurlock left out of his Bitcoin documentary: How to steal bitcoins

Morgan Spurlock, the documentarist who brought us the award-winning film “Super Size Me,” now has an investigative show on CNN called Inside Man. His recent episode dealt with living only on the cryptocurrency Bitcoin for a week, taking the opportunity to discuss Bitcoin security and the impact on the Bitcoin exchange market when Mt.Gox lost nearly a billion bitcoin to theft.  While Spurlock spent a great deal explaining how to secure bitcoins, he didn’t offer nearly as much detail on how they can be stolen from what’s supposed to be a highly protected exchange market. 

Those tracking Bitcoin news probably noticed the growing string of Bitcoin services that have recently shut down. Some have filed for bankruptcy related to the plummeting value of Bitcoin, while others have closed their doors after being hacked.

Bitcoin

Like in the case of Mt.Gox, which filed for bankruptcy in early 2014 after allegedly being hacked. The once popular exchange lost $27 million in cash and nearly a billion bitcoins worth close to $450 million at that time, and claimed that hackers were the ones responsible for the missing Bitcoins.

In a modern day twist on bank heists, hackers today are infiltrating these cryptocurrency exchanges to get the bitcoins stored by the services. Even if the value of Bitcoin has significantly dropped since the latter part of 2013, a single Bitcoin is currently equivalent to $238.66. Now imagine getting a hold of 1,000 Bitcoins; that’s a lot of money to spend.

But how easy it is to steal Bitcoins? Is hacking the only way to steal the digital currency? And is there actually a market for stolen Bitcoins?

Malware

 

Malicious software or malware can be used to infiltrate systems and obtain data covertly or make the system perform tasks surreptitiously. Malware can come in various forms and serve different purposes, including stealing Bitcoins. When installed in a computer, malware can start looking for a “wallet.dat” file or other commonly used filenames and directories related to Bitcoin wallets, and then transfer the needed files to the remote server. From there, a user’s key can be extracted from the wallet to start transferring the Bitcoins to another wallet.

Malware can also attack exchange services and steal user credentials by intercepting the login process. Another method includes man-in-the-browser malware, which waits until a user copies a Bitcoin address. The thief then replaces the copied Bitcoin address with his desired address so the Bitcoin will be transferred to the thief. A Bitcoin address is pretty complex and hard to memorize, which means users won’t easily notice if the address has changed.

Hacking Bitcoin mining pools

 

Creating Bitcoins requires large computer processing power; thus, mining pools or people contributing their computer processing power to mine Bitcoins are quite popular in the cryptocurrency community.

In 2014, it was discovered that a thief redirected a portion of online traffic from 19 Internet service providers to steal Bitcoins from mining pools. The hacker was able to perform the attack 22 times, with each attack lasting about 30 seconds. Each attack allowed the hacker to hijack and gain control of the processing power of a Bitcoin mining pool, tricking the miners to continue mining while the financial gains of the operations were redirected to the hacker.

Exploiting Tor

 

Tor is free software that enables anonymous communication. It has been used by some in the Bitcoin community to add a layer of anonymity to the use of the cryptocurrency. A report from Forbes stated that last year hackers exploited Tor to steal Bitcoins by setting up malicious exit relays on Tor.

There are three types of relays in the Tor network: middle relay, which receives the traffic and passes it to another relay; bridge relay, which is not publicly listed and used to circumvent censorship; and exit relay, which is the final relay passed through before traffic reaches its final destination. The hackers set up the malicious exit relays and blocked the legitimate exit relays. By redirecting traffic to the malicious exit relays, the hackers were able to pilfer usernames and passwords from users of Blockchain.info and LocalBitcoins who use Tor.

Are malware and hackers always to blame?

 .

In the case of EgoPay, a Bitcoin payments processor that ceased trading in January, there may be a ponzi scheme behind stolen bitcoins. Unconfirmed reports stated that the founders of EgoPay stole at least $500,000 from their clients. The problem started in late December when merchants began reporting having issues when the EgoPay API returned failed transaction notifications. Further investigation revealed EgoPay’s shady start. Who is the person behind EgoPay? Our own Duncan Riley has been looking into the matter. You can follow his reporting here.

 

Image source: Bitcoin Wiki


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU