If you've been reading the most recent news from the interwebs, you probably heard that Bitcoin is on a rollercoaster.


If you're not familiar with it, Bitcoin is a global online currency, the cash of the Internet. It has no central regulator and no authority: it's a decentralized system where technology is in control.


Bitcoins are generated by the people part of its network. Generating, or better "mining", Bitcoins requires your computer to perform an expensive cryptographic computation that, combined with a proof-of-work system, ensures that the user spent a certain amount of time and CPU power for each new coin. The global availability of Bitcoins affects the difficulty and cost of performing such computations.


In this way Bitcoin regulates its own growth and distribution in the same way that we do with other limited resources such as gold and silver.


Bitcoin is controversial. It's an independent currency that no government or legal authority has control over, making it an interesting technological, social and economical experiment of the last years. However, it's also an investment: people are buying and selling Bitcoins all the time on stock exchanges like every other traditional currency.


As a consequence, an arms race started with people clustering GPU and FPGA boards to be able to mine at a higher rate and sell the Bitcoins to make an actual profit. Over the last two years, this approach drew the attention of cybercrooks who started using their botnets to run Bitcoin miners and introduce an additional source of income to their business. Some of the most recent botnets include ZeroAccess and Skynet, but there are many more that are following the lead, such as the one very recently uncovered by Kaspersky.


In the last few days, Bitcoin hit an historical record: it grew to a value of almost $270 each, an unprecedented and very promising result for the future of this currency. Then something suddenly happened: it dropped drastically and at the time of writing it floats around $75. You can see it in the following graph:


The value of the currency is determined by its popularity and its availability. The reason for the drop might be caused by a sudden increase in the availability of coins.


There are several Bitcoin exchanges, of smaller and larger size. In the last few days Mt. Gox, the largest existing exchange, suffered some issues originally attributed to a DDoS attack and later attributed to a large and unexpected growth of their user base, and the amount of transactions they found themselves handling. As a result of panic caused by the unavailability or slowness of the website, their users rushed into selling their Bitcoins and "cashing out", affecting the stability of the currency's value.


Can you see the issue here? There's a door open for speculation.

If someone would have the power to affect the stability of Bitcoin exchange, they could force its users to sell their coins, buy them at a lower price and wait for the value to grow up again before selling them and making a profit. In this scenario a DDoS would sound reasonable.


Haaave you met Skynet?

We talked about this botnet and his colorful operator quite some months ago. No, he didn't stop operating his botnet as much as we didn't stop tracking it and occasionally engaging in friendly conversations with him on Twitter.

Screen Shot 2013-04-10 at 11.47.22 PM.png

Apparently the Operator understood the influence he might have just in the same way as I described, and very recently started launching UDP and SYN flooding DDoS attacks against the Bitcoin exchangers VirWox, BitFloor and Mt. Gox.

Following are DDoS commands issued by the operator in the very last days:


21:59 < suda> !udp 53 1000 1100 100 60

22:03 < suda> !udp 53 1000 1100 100 180

22:31 < suda> !syn bitfloor.com 443 100 60

03:36 < suda> !syn bitfloor.com 443 100 30

03:44 < suda> !syn bitfloor.com 443 100 5

03:52 < suda> !syn bitfloor.com 443 100 1

04:06 < suda> !syn bitfloor.com 443 1000 1

17:05 < suda> !syn mtgox.com 443 100 10

17:06 < suda> !syn mtgox.com 443 10 5

17:22 < suda> !syn bitfloor.com 443 1000 1


The owners of BitFloor lamented the issue as well:



Skynet guy, that is not cool .


Bitcoin is a very interesting initiative, though it is encountering multiple obstacles along its way. It's usability issues will probably prevent it from going mainstream and leave the space free for Google Wallet and other similar services. However, it's fundamental structure leaves it open for abuses and speculations by botnet operators, who can possibly influence the market in their favor and destabilize Bitcoin's economics. The fact that cybercriminals can be so instrumental in the fluctuation of the currency leaves me wondering whether they could effectively compromise the reliability of the system and undermine the ongoing investment efforts from the Bitcoin community.


We are actively looking at malware and botnets abusing Bitcoin, if you encounter anything interesting please email me or tweet @botherder, sharing is caring!