Bitcoin Vigil Guards Against Intrusion and Coin Theft

A new project uses bitcoin wallets to detect computer malware and intruders' attempts to steal coins.

AccessTimeIconApr 13, 2014 at 1:04 p.m. UTC
Updated Feb 21, 2023 at 3:46 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Bitcoin Vigil is a project aiming to give users a new way to detect malware on their personal computers, offering a method of intrusion detection that tracks malware attempting to steal bitcoins from PC wallets.

Eric Springer, a Canadian developer living in Mexico, thinks Bitcoin Vigil's idea is pretty simple:

"You can just leave the bitcoin wallet on your computer, and it will let you know if you have malware."

How it works

When users fund a wallet on the Bitcoin Vigil website, they can download a database file containing the wallet's information. It is effectively a wallet generated with bitcoins that is unencrypted to make it as easy on malware as possible, Springer explained.

With the rise of cryptocurrency-stealing libraries being dropped into malware, Bitcoin Vigil acts as what it calls a "money pot" – a carrot that malicious software commonly looks for on infected computers.

If the key is used to move the small amount of bitcoins, Bitcoin Vigil notifies the user by email, with an additional option for an SMS notification.

moneypots
moneypots

Springer says that malware creators have no qualms about looking for bitcoin like low hanging fruit:

"I don’t think anyone’s going in specifically targeting bitcoin as their only purpose [for malware], I just don’t think that they have any ethical concerns stealing whatever they find."

Malware going after bitcoin

Dell SecureWorks recently released a report that identified almost 150 strains of what it calls cryptocurrency stealing malware (CCSM), up from 45 a year prior.

The reason for the surge is simple: decentralized money is becoming popular, and that means it is a valuable thing to take from unsuspecting users.

cryptomalware

Joe Stewart, one of the authors of the SecureWorks report, recently tweeted about Springer's service:

— Joe Stewart (@joestewart71) April 10, 2014

IDS stands for intrusion detection system, which is Bitcoin Vigil's role in monitoring the wallet addresses.

According to SecureWorks, the most common type of CCSM is known as the "wallet stealer." It looks for files in common locations that are similar to "wallet.dat" – the same type of file that Bitcoin Vigil uses.

And if the money is moved from the wallet, Bitcoin Vigil's system sees it, said Springer.

"Whenever it notices a transaction it just looks at all the inputs. And if it comes from one of the wallets I generated I just send an SMS and email out."

Cryptocurrencies as IT security

Springer said he decided to create the service to detect wallet file theft after realizing one didn't exist. "After losing some bitcoins, it seemed like a logical idea," he said.

Though he concedes to the fact that most people don't keep wallets stored on their computers, he believes that many who are at risk of losing important information on an insecure system unknowingly infected with malware could use Bitcoin Vigil.

detectionrates

Another problem, he said, is that people need bitcoins in order to make this method work, which means it might be more suited for larger systems, versus individual PCs:

"The limiting factor is that you actually have to put money in each of the wallets."

Despite these challenges, Bitcoin Vigil again proves that cryptocurrencies can be used as an IT security tool. Recently, crowdsourced IT security startup CrowdCurity launched its 'Capture the Coin' contest, placing bitcoin private keys on its site to see if participants could find them.

"You need to be on a computer that doesn’t have bitcoin-stealing malware," said Springer, and the growing popularity of decentralized money means that malware creators are on the hunt for private keys.

Ideas like Bitcoin Vigil are ways to detect system intrusions proactively rather than running scans reactively when something appears to be wrong.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.