In 2014, hackers stole about $350 million in bitcoins from Tokyo's Mt. Gox exchange. More recently, attackers successfully moved about $60 million worth of the virtual currency ether from the DAO, or Decentralized Autonomous Organization, to an account controlled by an unknown individual or group. Although most - but not all - of the funds taken in that theft were later recovered, it was another reminder that cybercriminals are targeting cryptocurrencies.
Cryptocurrencies, such as bitcoins and other digital alternatives, have been hailed as representing the future of money and global finance. Bitcoin, the first cryptocurrency, was created in 2009. Nowadays, hundreds of types of cryptocurrencies are in use, often referred to as altcoins (an abbreviation of “bitcoin alternative.”) New altcoins get launched every day.
There’s reason for the excitement. The technology lets people and institutions shift funds instantly and without the need for a middleman. Unlike paper currencies controlled by governments, cryptocurrencies are fully decentralized and operate independently of central banks. The digital assets work as a medium of exchange using principles of cryptography to secure transactions.
These various digital currencies have soared in popularity with a market capitalization now estimated to be around $13 billion.
But with regulators and governments still trying to figure out appropriate legal structures and business norms governing cryptocurrencies, cybercriminals are finding clever ways to exploit that window of opportunity.
Regulators still a step behind the technology
A study funded by the Department of Homeland Security found that about 33 percent of bitcoin trading platforms have been hacked. What’s more, cryptocurrencies now frequently feature as preferred forms of exchange in ransomware attacks.
In late 2015, a U.K. phone and broadband provider called TalkTalk received a ransom demand for £80,000 in bitcoin. Around the same time, three Greek banks were threatened with dire consequences by an entity calling itself the Armada Collective unless they paid “hundreds of thousands of Euros,” also in bitcoin. More recently, a number of hospitals in the U.S., such as Hollywood Presbyterian Medical Center, have been attacked by hackers who demanded their victims pay ransom, also in digital currencies. The common thread in these and other ransomware incidents: attackers can easily mask their true identities on cryptocurrency exchanges where they then convert their profits back into traditional currencies.
As cryptocurrencies become more widespread, there’s concern that criminal actors will try to use them to camouflage their illicit activities in other arenas, particularly when it comes to laundering funds. In late 2015, for instance, Dutch police arrested six people on suspicion of bitcoin-related money laundering. And early last year, they arrested another 10 people in connection with a suspected global bitcoin laundering scheme valued at $22 million.
It’s part of a trend that law enforcement agencies expect will gather momentum in the new year. And given the lack of independent oversight, criminals already have a head start.
However, none of this is likely enough to derail the popularity of cryptocurrencies. Every new technology suffers through growing pains on its way to being accepted by the mainstream. There’s no reason to believe that cryptocurrencies will be any different.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.