In what is being called one of the most ambitious cyberattacks affecting virtual currency to date, Chicago-based IT security services provider Trustwave has revealed that a crybercrime ring known as Pony botnet is using a Trojan virus to steal from 30 types of digital currency wallets.
researchers found that credentials for approximately 700,000 digital wallet, email and desktop accounts have been compromised, and that up to $220,000 had been stolen from 85 digital currency wallets as of the time of writing.
Ziv Mador, director of security research at Trustwave, told CoinDesk that consumer and merchant wallets were both affected, and that bitcoins, litecoins, primecoins and feathercoins had been stolen in the attack.
But, what makes the Pony botnet unique, Mador said, is the breadth of its assault:
Trustwave indicates that while the attack has been persisting for months, it stopped suddenly on 24th February. However, in talks with other media outlets, Trustwave suggested it believes the cybercriminal network is still operating.
Mador indicates that Trustwave has been following Pony botnet since September 2013. The official company blog post on the findings revealed that virtual currencies weren't the only digital assets attacked, as 600,000 website login credentials have been stolen by the group to date.
The $220,000 total represents the maximum amount stolen, as once cybercriminals have obtained a user's wallet.dat file, Trustwave noted that both parties share the file and that the true owner is impossible to reveal.
The total confirmed theft so far includes 335 bitcoins, 280 litecoins, 33 primecoins and 46 feathercoins. Trustwave provides a full list of the affected currencies, as well as charts that detail the coordinated efforts of Pony botnet's attacks in its blog post.
Stolen passwords across all affected digital assets - not just digital currency wallets - were most commonly retrieved from consumers in Germany, Poland and Italy, with roughly 50% of stolen passwords originating in these locations.
Protecting your wallet from attacks
Trustwave noted that Pony botnet likely found virtual wallets attractive, given their inherent qualities that provide for irreversible transactions, and the ease with which the currencies can be exchanged for fiat.
Still, relatively simple protections can stop Pony botnet's virus. Said Mador:
Those who believe their wallet may have been compromised by the attack can use a free tool provided by Trustwave that searches for affected wallets by public keys.
Image credit: Digital crime scene via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.