Recently, a Hong Kong based Bitcoin cryptocurrency exchange company collapsed. This news reminded us that the application and trading of cryptocurrency in Hong Kong has emerged. The price of bitcoin had once soared to USD 1,230, attracting a large number of users to join. However many users are not aware of the security risks in using cryptocurrency. This article uses Bitcoin as an example to illustrate the risk management of cryptocurrency from the information security point of view, including security incidents found in Bitcoin exchange platform, malware related to Bitcoin and how to protect your bitcoins.

What is Bitcoin?

Bitcoin is a "cryptocurrency" introduced in 2009. It uses cryptography technology to control the production and transfer of currency. Bitcoin is now the most popular and highest market value cryptocurrency. The market value of all bitcoins in circulation exceeded USD 30 billion in February 2015. Bitcoin works without the need of a bank or an intermediary organization. It uses Peer-to-Peer (P2P) technology to manage the cryptocurrency system in a decentralized network environment. All the transaction record are required to be openly accessible to all users on the network. Bitcoins are generated by a process called “mining”. Users are required to install special mining software and contribute their computing power to verify and record the transactions to gain bitcoins. The number of bitcoins production has a upper limit of 21 million. With the increasing number of miners and continuously improving performance of equipment, the difficulty of Bitcoin mining is increasing as well.

Users store bitcoins in PC, mobile device or online wallet software to carry out the transaction. Bitcoins wallet can be in paper or soft copy form. Users need to store the Bitcoin private key and address for transaction. The Bitcoin private key is used to prove the ownership of bitcoins. In each transaction, each party needs to use a unique address for payments and collections, but the identity of the users behind the address is unknown. Bitcoin is now being used to purchase goods, services or exchange to physical currency.

Security incident found in Bitcoin exchange platform

With the growing popularity of Bitcoin, a lot of exchange platforms become available on the market to provide bitcoins trading services. It is worrying that some of these exchange platforms had been compromised by hackers in spate of security incident in recent years. The most notable incident is with Mt. Gox, the world's largest Bitcoin exchange platform, which was believed to be compromised by hacker via a security vulnerability discovered in February 2014 (Ref. 1). In that incident, 850,000 bitcoins were stolen, equivalent to USD 5 billion according to the prevailing market value. Subsequently Mt. Gox applied for bankruptcy.

Malware related to Bitcoin

Due to the rising value of bitcoin and the anonymous nature of transactions, criminals covet it have huge benefits and convenience of hiding the identity. The malware related to Bitcoin can be divided into three categories:

1. Bitcoin mining malware - As the Bitcoin production process requires a large amount of computing power. Some criminals use malware to control computers or mobile devices to run Bitcoin mining for profit. ZeroAccess is one of the well-known botnet malware containing the Bitcoin mining feature. The entire botnet consumed additional 3,458 MWh electricity energy on daily mining operation, enough to provide one day electricity for 110,000 households.


2. Bitcoin wallet theft - Dell SecureWorks security services company published a Cryptocurrency-Stealing malware research report (Ref. 2) in 2014. They identified 146 kinds of specialized stealing malware for Bitcoin, with an increase of 45% compared to 2013. The rise of the number of malware follows the growth of the Bitcoin exchange rate.
   
   Image source: Dell SecureWorks
   
   Malware steals the wallet data file which store the Bitcoin private key, such as "wallet.dat" and can take control of victim’s Bitcoin transaction or monitor the victim input the payment of Bitcoin address, and then replaced with a malware author’s Bitcoin addresses.


3. Payment method of encryption ransomware - Encryption ransomware encrypts data files on an infected computers or mobile devices and then demands ransom in exchange of the decryption key. Because Bitcoin transaction are anonymous, criminals have begun to allow victims to use bitcoin to pay the ransom. Law enforcement agencies find it difficult to trace the identity of the ransom payee. CryptoLocker is one of the well-known encryption ransomware that allows victim to use bitcoin to pay the ransom. According to open transaction record of Bitcoin address, FBI estimated the amount around USD 30 million.

How to protect your bitcoins ?

Image source: Dell SecureWorks

Bitcoin is a cryptocurrency that has no linkage to any personal identification. Users must use with care and protect the Bitcoin wallet for storing the private key (Ref. 3). We recommend the following steps to protect your bitcoins, to avoid problems due to human error, machine or software failure, theft to cause the loss:

Steps applicable to all users

• The issued Bitcoin transaction instructions cannot be reversed. Users should verify the payment address carefully
• Avoid storing a large amount of bitcoins in a single wallet. It is recommended to reduce the risk by multiple separated wallets.
• Perform regular backups. Keep at least 1 offline copy of wallet file or create a paper wallet to store Bitcoin address and private key information in QR Code format, and store in a safe place
• Install security protection software on a computer or mobile device that is installed with wallet software or online wallet service and maintain operating systems and software updates to reduce the risk of malware infection

Steps applicable to wallet software users

• Choose a wallet software with encryption storage function
• Choose a strong password for encryption storage, at least 8 characters and include a combination of alphanumeric characters
• Use the latest version of wallet software to get the benefit on stability and security

Steps applicable to online wallet and exchange services users

• Choose service providers carefully. The service must has a good reputation in terms of security and stability
• Choose the service providers with two factor authentication
• Upload the amount of bitcoins only enough for transaction to reduce the risk of losses

Reference

1. http://www.reuters.com/article/2014/03/18/us-bitcoin-mtgox-website-idUSBREA2H09V20140318Reference
2. http://www.secureworks.com/cyber-threat-intelligence/threats/cryptocurrency-stealing-malware-landscape/
3. https://bitcoin.org/en/secure-your-wallet