Bitcoins, Other Digital Currencies Stolen in Massive 'Pony' Botnet Attack
700,000 credentials were stolen and 85 virtual wallets were broken into
Mon, February 24, 2014
IDG News Service (San Francisco Bureau) — Cybercriminals have infected the computers of digital currency holders, using a virus known as "Pony" to make off with account credentials, bitcoins and other digital currencies in one of the largest attacks on the technology, security services firm Trustwave said.
The attack was carried out using the "Pony" botnet, a group of infected computers that take orders from a central command-and-control server to steal private data. A small group of cybercriminals were likely behind the attack, Trustwave said.
Over 700,000 credentials, including website, email and FTP account log-ins, were stolen in the breach. The computers belonging to between 100,000 and 200,000 people were infected with the malware, Trustwave said.
The Pony botnet has been identified as the source of some other recent attacks, including the theft of some 2 million log-ins for sites like Facebook, Google and Twitter. But the latest exploit is unique due to its size and because it also targeted virtual wallets storing bitcoins and other digital currencies like Litecoins and Primecoins.
Eighty-five wallets storing the equivalent of US$220,000, as of Monday, were broken into, Trustwave said. That figure is low because of the small number of people using Bitcoin now, the company said, though instances of Pony attacks against Bitcoin are likely to increase as adoption of the technology grows. The attackers behind the Pony botnet were active between last September and mid-January.
"As more people use digital currencies over time, and use digital wallets to store them, it's likely we'll see more attacks to capture the wallets," said Ziv Mador, director of security research at Chicago-based Trustwave.
Most of the wallets that were broken into were unencrypted, he said.
"The motivation for stealing wallets is obviously high -- they contain money," Trustwave said in a blog post describing the attack. Stealing bitcoins might be appealing to criminals because exchanging them for another currency is easier than stealing money from a bank, Trustwave said.
There have been numerous cyberattacks directed at Bitcoin over the last year or so as its popularity grew. Last year, a piece of malware circulating over Skype was identified as running a Bitcoin mining application. Bitcoin mining is a process by which computers monitor the Bitcoin network to validate transactions.
"Like with many new technologies, malware can be an issue," said a spokesman for the Bitcoin Foundation, a trade group that promotes the use of Bitcoin, via email. Wallet security should improve, the spokesman said, as more security features are introduced, like multisignature transactions, he said.
Digital currency users can go to this Trustwave site to see if their wallets and credentials have been stolen.