Cryptographic currency’s massive rise in value ends up in a corresponding increase in online heists by criminals seeking easy paydays.

Say you’ve created a cryptographic currency called bitcoin that promises users relative anonymity and untraceable transactions. What may be able to get it wrong? The reply, obviously, is that these virtues also attract hackers, malware developers, and arranged crime rings who wouldn’t consider carefully about committing virtual bank robberies.

Earlier this month, as an example, Bitcoin Internet Payment System (BIPS), a Denmark-based Bitcoin payment processor, suffered a denial-of-service (DDoS) attack. Unfortunately for users of the company’s free online wallets for storing bitcoins, the DDoS attack was merely a smokescreen for a digital heist that quickly drained numerous wallets, netting the attackers a reported 1,295 bitcoins — worth nearly $1 million — and leaving wallet users with little chance that they’d ever see their money again.

“On November 15th BIPS was the objective of a huge DDoS attack, that is now believed to had been the initial preparation for a subsequent attack on November 17th,” Kris Henriksen, the CEO of BIPS, said via Reddit. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to realize access and compromise several wallets.”

BIPS was conducting a digital forensic investigation and dealing with authorities to take a look at to spot the perpetrators. It said that early results showed that the attack originated “from Russia and neighboring countries.”

The BIPS heist followed two separate October attacks against Australia-based Inputs.io, where attackers netted about $1.3 million in bitcoins after stealing all 4,100 bitcoins being held by the free e-wallet service.

[Criminals are taking shelter under bitcoins. See Dutch Banking Malware Gang Busted: Bitcoin’s Role.]

The value of bitcoins continues to fluctuate wildly as a result of a bubble created by bitcoin speculators. In 2011, let’s say, the currency’s value fell from $33 to simply $1 per bitcoin before rising to greater than $900 earlier this month on MtGox, the world’s biggest bitcoin exchange. But that bubble burst day after today, when the worth of bitcoins fell by half. As of early Wednesday, however, the currency’s value had once more skyrocketed, trading at greater than $980 on MtGox.

That rise in value has driven hackers to attack online wallet services that store bitcoins. “Each of those companies were operating officially for just a few months, yet already had entrusted to them millions of greenbacks which are now within the hands of cybercrooks,” Paul Ducklin, head of technology for Sophos within the Asia Pacific region, said Tuesday in a blog post.

Malware writers have also taken a keen interest in bitcoins, with some — especially Russian gangs — modifying their crimeware tools to spot and steal any bitcoins found on infected PCs. “There are a lot of malware families today that either perform Bitcoin mining or directly steal the contents of victims’ Bitcoin wallets, or both,” in line with a blog post from Robert Lipovsky, a researcher at security firm ESET.

Other malware attacks have started in the direction of home. Last week, for instance, the hot Jersey state attorney general’s office announced that it had settled a complaint it filed against Commack, N.Y.-based online gaming company E-Sports, in addition company co-founder Eric Thunberg and software engineer Sean Hunczak. In line with the complaint, Hunczak designed malware that infected about 14,000 computers that subscribed to the company’s service, and which mined their PCs for bitcoins, which the perpetrators then sold for approximately $3,500. Under the terms of the state’s $1 million settlement agreement, the corporate can pay an exceptional of $325,000, however the rest may be vacated, providing the corporate complies with a ten-year compliance program.

But not all bitcoin heists had been executed via hack attacks or malware. For instance, a China-based bitcoin exchange called GBL launched in May. Almost 1,000 people used the service to deposit bitcoins worth about $4.1 million. However the exchange was revealed to be an elaborate scam after whoever launched the positioning shut it down on October 26 and absconded with the funds.

Given the prospective spoils from a successful online heist, it isn’t surprising that related attacks are getting more common. “Please be advised that attacks don’t seem to be isolated to us and if you’re storing larger amounts of coins with any third party you might want to search out alternative storage solutions once possible, preferably cold storage in case you should not have immediate access to these coins,” said Henriksen.

Bitcoin users have echoed that suggestion. “One note of warning: don’t trust any online wallet,” read a touch upon a up to date Guardian feature. “Both biggest ones have already been robbed. Use your personal wallet by yourself computer and back it up on a USB stick.”

“Remember, you do not have to maintain your Bitcoins online with another person: you are able to store your Bitcoins yourself, encrypted and offline,” said Ducklin at Sophos.

Knowing your enemy is step one in guarding against him. On this Dark Reading report, Integrating Vulnerability Management Into The applying Development Process, we examine the area of cybercriminals — including their motives, resources and processes — and recommend what enterprises should do to maintain their data and computing systems safe within the face of an ever-growing and ever-more-sophisticated threat. (Free registration required.)

More Insights