The cybersecurity side of cryptocurrency

Find out why cybercriminals are targeting Bitcoin and other cryptocurrencies

by Charles Cooper

In 2014, hackers stole about $350 million in bitcoins from Tokyo's Mt. Gox exchange.

More recently, attackers successfully moved about $60 million worth of the virtual currency ether from the DAO, or Decentralized Autonomous Organization, to an account controlled by an unknown individual or group. Although most - but not all - of the funds taken in that theft were later recovered, it was another reminder that cybercriminals are targeting cryptocurrencies.

Cryptocurrencies, such as bitcoins and other digital alternatives, have been hailed as representing the future of money and global finance.

Bitcoin, the first cryptocurrency, was created in 2009. Nowadays, hundreds of types of cryptocurrencies are in use, often referred to as altcoins (an abbreviation of “bitcoin alternative.”) New altcoins get launched every day.

There’s reason for the excitement. The technology lets people and institutions shift funds instantly and without the need for a middleman.  

Unlike paper currencies controlled by governments, cryptocurrencies are fully decentralized and operate independently of central banks. The digital assets work as a medium of exchange using principles of cryptography to secure transactions.

These various digital currencies have soared in popularity with a market capitalization now estimated to be around $13 billion.

Despite the excitement, regulators and governments are still trying to figure out appropriate legal structures and business norms governing cryptocurrencies. Cybercriminals are finding clever ways to exploit that window of opportunity.

Regulators still a step behind the technology

A study funded by the Department of Homeland Security found that about 33 percent of bitcoin trading platforms have been hacked. What’s more, cryptocurrencies now frequently feature as preferred forms of exchange in ransomware attacks.

In late 2015, a U.K. phone and broadband provider called TalkTalk received a ransom demand for £80,000 in bitcoin. Around the same time, three Greek banks were threatened with dire consequences by an entity calling itself the Armada Collective unless they paid “hundreds of thousands of Euros,” also in bitcoin.

More recently, a number of hospitals in the U.S., such as Hollywood Presbyterian Medical Center, have been attacked by hackers who demanded their victims pay ransom, also in digital currencies.

The common thread in these and other ransomware incidents: attackers can easily mask their true identities on cryptocurrency exchanges where they then convert their profits back into traditional currencies.

As cryptocurrencies become more widespread, there’s concern that criminal actors will try to use them to camouflage their illicit activities in other arenas, particularly when it comes to laundering funds.

In late 2015, for instance, Dutch police arrested six people on suspicion of bitcoin-related money laundering. And early last year, they arrested another 10 people in connection with a suspected global bitcoin laundering scheme valued at $22 million.

It’s part of a trend that law enforcement agencies expect will gather momentum. And given the lack of independent oversight, criminals already have a head start.

However, none of this is likely enough to derail the popularity of cryptocurrencies. Every new technology suffers through growing pains on its way to being accepted by the mainstream. There’s no reason to believe that cryptocurrencies will be any different.

For more on cybersecurity, visit the AT&T Cybersecurity Services page.