Oddly, though, this has not adversely affected the value of
the cryptocurrency, which seems to thrive on publicity, whether
positive or negative.
Despite the heists, plus high-profile law-enforcement actions against ‘dark market’ sites such as
Silk Road, which conducted transactions in Bitcoin, the currency is now valued at $919 per coin, it’s highest-ever valuation.
Earlier this year, ESET detected new variants malware that attempted
to steal Bitcoins, mine Bitcoins illegally, or break into wallets.
Malware targeting other similar currencies such as
Litecoin. An in-depth analysis of these by ESET researcher Robert Lipovsky is
here.
We Live Security spoke to
James Andrews, Finance Editor at Yahoo UK, for a perspective on the currency from outside the world of technology.
“Nothing in finance is truly safe,” Andrews said. “Real currencies
collapse, but the Bitcoin is less safe than most. It’s been called the
world’s most perfect speculative material, which is fair. It has
absolutely no value or use bar it’s rarity. If people stop valuing that
it’s entirely worthless more or less instantly. Equally, though, prices
might just keep rising and rising and rising – as more people buy into
the idea and demand rises.”
On Twitter, an image showing the enormous rise and sudden collapse in
prices of Dutch Tulips during the brief craze when the bulbs were first
introduced in 1637 has circulated.
Could the same happen to Bitcoin? Perhaps – but there are steps you can take to keep your Bitcoins safer than most.
If your wallet’s stolen, act fast
If your Bitcoin wallet HAS been stolen, it’s not quite as
easy for the attacker as stealing a real wallet – he or she has to move
the currency out of it. If you’re lucky, and fast, this can sometimes
save your coins. ESET malware researcher Robert Lipovsky says, “When the
Bitcoin wallet is stolen from the victim, the attacker will have to
“spend” the Bitcoins in it – by either adding them to his own wallet,
purchasing something, etc.”
“The only way to get away without losing the money is if the victim
is lucky enough to “spend” the Bitcoins (purchase something or import
them to a new wallet) before the attacker does. Obviously, the chances
of that are pretty slim.”
Keep your PC clean if you’re dabbling in Bitcoin
Cybercriminals love Bitcoin. ESET Malware Researcher Robert Lipovsky
wrote in an earlier We Live Security post that
Bitcoin and other crypto-currencies are being targeted by
cybercriminals. “There are numerous malware families today that either
perform Bitcoin mining or directly steal the contents of victims’
Bitcoin wallets, or both,” Lipovsky writes. “Keep your computer clean
and uncompromised by “thinking before you click” and keeping your
system, applications and anti-virus up-to-date.”
Despite Bitcoin’s own beautiful illustrations of glittery coins, what
you’re dealing with are numbers – long encryption keys. To stay safe,
you just have to ensure no one else ever has access to these. ESET’s
Robert Lipovsky says, “There are several important rules to keep
Bitcoins safe. The key words here are: back up and encrypt. Bitcoin
provides a way to encrypt wallets, and this would make it much more
difficult for the attacker to get his hands on the Bitcoins.” Clever
Bitcoin users will encrypt all their wallets – although this slows
performance – and have several for different uses. Very small amounts of
money
Don’t keep all your eggs in one basket – or your Bitcoin in one wallet
Bitcoin is a special case – if you’re worried a site breach
or Trojan attack may have put your hoard within reach, don’t just
change passwords, even if your wallet is encrypted. Make a new one, and
move your coins to it (with a new, strong password). Lipovsky says that
the Bitcoin foundation’s own advice is excellent, “If a wallet or an
encrypted wallet’s password has been compromised, it is wise to create a
new wallet and transfer the full balance of bitcoins to addresses
contained only in the newly created wallet.”
Most finance experts advise – don’t put your life savings in Bitcoin
Yahoo’s Andrews says that the soaring price of Bitcoin
isn’t a signal to invest: “If you’ve made a profit on Bitcoins you
already own, well done. There’s simply no way to know whether their
prices will keep rising, stabilise or collapse. And there are a lot of
risks – everything from them being hacked, your e-wallet being hacked,
someone successfully forging them or Bitcoins being made illegal.”
If you must store Bitcoins online, don’t store large amounts
Online Bitcoin wallets are not designed to work like bank
accounts – they’re convenient, as you can access them from anywhere –
but they’re a prime target for cybercriminals. An attack on Bitcoin site BIPS
targeted web wallets. CEO Kris Henrikson said, ““Web Wallets are like a
regular wallet that you carry cash in and not meant to keep large
amounts in,” after his site was robbed of $1.2 million in Bitcoin.
Bitcoin says, tactfully, “Online wallets have a number of pros and
cons.” After Bitcoin site
Inputs.io was hacked,
and $1.2 million stolen, its founder said, “I don’t recommend storing
any bitcoins accessible on computers connected to the internet.”
Various Android apps offer ways to carry Bitcoins with you – but again, these come with their own risks. Earlier this year, a flaw in Android
rendered ALL Bitcoin wallets unsafe – although it was rapidly patched –
and apps which allow transfer via NFC add additional risks,
particularly if a device is lost. “Mobile wallet applications are
available for Android devices that allow you to send bitcoins by QR code
or NFC, but this opens up the possibility of loss if mobile device is
compromised. It is not advisable to store a large amount of bitcoins
there.”
Keep your fortune in “cold storage”
If you’re serious about Bitcoin, the security procedures are long and
complex – even Bitcoin admits that setting up an offline wallet, stored
on CDs and USB sticks is “tedious” and “not user friendly”. A good
guide to how to do this is here – and it may also provide an
illustration of why mainstream PC users might want to consider sticking
to good old US dollars. Bitcoin says, “Because bitcoins are stored
directly on your computer and because they are real money, the
motivation for sophisticated and targeted attacks against your system is
higher than in the pre-bitcoin era.” Bitcoin’s own procedure for
creating an “offline” wallet, which never contacts the internet in
plaintext form, is here. This procedure is also known as creating an
“air gap” or “cold storage”. Followed correctly, it provides protection
from malware and cyberattacks – although not, of course, from
traditional crimes such as extortion.
Still worried? Store them on paper
One safe – if extreme – way of ensuring Bitcoins don’t fall into the
hands of hackers is to store them on paper. Bitcoin says, “When
generated securely and stored on paper, or other offline storage media, a
paper wallet decreases the chances of your bitcoins being stolen by
hackers, or computer viruses.With each entry on a paper wallet, you are
securing a sequence of secret numbers that is used to prove your right
to spend the bitcoinsThis secret number, called a private key, most
commonly written as a sequence of fifty-one alphanumeric characters,
beginning with a ’5′.” Be sure, though, your PC is clean before you
print – the free software used to generate codes has been targeted by
cybercriminals. Run a complete scan of your machine first, then keep AV
software running as you print out.
