I like to see it as ISPs and cloud providers increasing their security and patching vulnerabilities thanks to Bitcoin's growing adoption :)
It is difficult for me to imagine a better way to incentivize the creation and deployment of malware than Bitcoin today.
> Though each redirection lasted just 30 second or so, the thief was able to perform the attack 22 times, each time hijacking and gaining control of the processing power of a group of bitcoin miners
> At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day.
An estimated 22 half-minute episodes of hijacking a flow worth $9000 / day. There are 1440 minutes in a day, so $9000*11/1440 = $68.75 . The means here are much more impressive than the ends.
edit: forget what I said, the article later says that $83,000 of currency was taken.
The nice thing is, security breaches in a decentralized network like bitcoin serve to make the entire network anti-fragile. There's a huge incentive for people with bitcoin to secure their own bitcoins against known exploits and hence make that exploit null while inevitably protecting against similar class exploits.
Keeping bitcoin online enough for convenient transactions carries the small but important risk of losing your entire wallet.
Much like early immigrants to North America who had leaving the stability and safety of UK/European banks for an emerging market and/or the Wild West.
Seems like the right kind of way to do a canary.
But why bitcoin is targeted?
Because bitcoin is an open protocol, they could target it's root, mining rigs because that's where the value is generated. In banking systems, to generate money you need to have internal access and secure credits .
These can be target vectors too.
If you manage to steal Bitcoin, you can transfer it all to your personal wallet in one transaction in broad daylight and, by design, no one can stop you or reverse the transaction once it's discovered to be fraudulent. Maybe run it through a darknet tumbler for good measure, but you're basically home free the second you get the private keys.
Stealing $100m worth of Bitcoin would be massively more valuable than stealing CC numbers with access to $500m in credit because you can actually cash out all of it. So much larger R&D budgets and more sophisticated attacks make financial sense.
If your private key is compromised, the thief takes your entire balance, and there's nothing you can do about it. So you really want to keep it safe.
Lose your private key, lose everything it was protecting. So keeping the key in only one place, and one place where only you can access, is a big problem. There is nobody out there to give access to your money if you pass away. A hardware failure can be catastrophic.
The problem is that everything that makes the private key survive accidents makes it easier to hack. The way we treat something like this in a corporation is with things like shared secrets: Need 3 out of 5 people to use their issued keys so that the real private key protecting everything is revealed. And even with that level of effort, getting the key is still possible with enough effort.
With Bitcoin, every marginal theft adds 100% to the total Bitcoin thefts.
Really interesting stuff. It is only getting better as well (imho). I am honestly not noticing any increase in security aptitude in the average engineer. People are still making the same mistakes.
(Ok, half kidding, it's not secure, whatever computer I could talk about.)
They'd have every reason already to increase their security. So I'll take the other approach, and continue to enjoy popcorn when I read about yet another one of these heists.
This is one aspect of bitcoin that I really like, it shows us where the weaknesses are.
It's both hilarious and ironic that they didn't.
If bitcoin were genuinely anonymous (it isn't, because it's highly linkable, even if essentially pseudonymous), it would probably be vastly more dangerous in this way -- there would be billions of dollars spent on exploiting security outside bitcoin++ to steal bitcoin++.
Two years ago, obtaining the same amount of bitcoins as this attack did would net you 1/100th the profit in dollars (bitcoins were around $6 a piece two years ago).
I think it's likely that attackers started considering this scheme around a year ago, when the bitcoin price shot up to $100, and the potential rewards became sizable.
Not entirely surprised regarding rogue employee possibility.
For example, Google DNS anycast would stop working: http://bgp.he.net/net/18.104.22.168/24 as would basically anyone else doing anycast.
I'm unsure exactly which was originating the route.
I think this likely means it's a smaller ISP.