Bitcoin attackers present "a new frontier" for cybercrime, a gathering of top security specialists heard in Barcelona this week.
Founded in 2003, the APWG is a 2,000-strong member organisation that aims to tackle security threats in the digital age by pooling resources and brainpower across the public and private sectors.
The four-day symposium, billed as the destination "where cybercrime fighters meet and collaborate", included cryptocurrencies on the agenda for the first time in the group's 12-year history.
Speaking to CoinDesk, APWG secretary general Peter Cassidy said it had taken a while for digital currencies to gain enough momentum to be taken seriously by the organisation.
Support from merchants like Dell and TigerDirect, he said, played a part in changing this, explaining:
"We have to learn to understand how the bad guys are using it to instrument new forms of crime, or old forms of crime with a new [twist]," he added.
The topic of how to go about out-innovating criminal activity featured throughout the day's cryptocurrency sessions.
However, despite some successes in areas like transaction clustering, one privacy tool that has withstood researchers' scrutiny has been the bitcoin 'mixing' model.
With no real way to trace relationships between the senders and receivers using these services, Haslhofer proposed that crimefighters could choose to 'blacklist' criminal transactions instead.
Other panelists argued that coordinating and maintaining such lists across exchanges, wallets and law enforcement agencies could prove difficult. Miller went on to suggest that media and consumer awareness could be enough to pressure stakeholders into such an agreement.
Maurits Lucas, head of cyber intelligence at Fox inTELL, presented a skeptical counterpoint to others on the panel, terming the cryptocurrency sector a "Wild West".
"A lot of the issues that we’re facing here with cryptocurrencies today are the exact reasons why we thought up the institution of a bank in the first place," he said, adding that the technology is a solution in search of a problem.
Criminals, too, have found the currency problematic, he said. Its volatility means most are eager to cash out and run as soon as possible.
A DDoS researcher in the audience also regaled how bitcoin was a poor currency for other digital criminals, explaining:
Jevans was more enthusiastic about the potential benefits of a technology like bitcoin. The Marble Security CEO revealed he had got into the currency early, buying in at $6 a coin.
He later shared images of the goo-cooled custom mining rig he constructed with a friend.
Following Gem's January announcement that it had implemented a custom Hardware Security Module (HSM) to protect its private keys, Miller stressed that bitcoin could learn a lot from the way the banking industry uses the technology, which "has been done for years."
The CEO was less bullish on consumer hardware, USB wallets like Trezor and Ledger, which he said were not the answer to "mass scale adoption".
"My personal opinion is that a software wallet will win the day because I think if you're not a hardcore bitcoin enthusiast you don't want to carry something like that around with you. It's a small market," he remarked.
Wardman, who talked about account validation at PayPal earlier in the day, agreed that overcomplicating tech could be a barrier for some users – despite the benefits, adding:
A show of hands in the room indicated that around 10% of attendees owned bitcoin. However, with one in every tenth coin stolen, audience members questioned how the cryptocurrency could cross into the rest of the room, let alone reach widespread mainstream use.
Consumer adoption aside, due to the sophistication and skill of bitcoin attacks, Cassidy warned that cryptocurrencies would be something the group could not afford to ignore. The topic would now be a fixture on future APWG events, he added.
Miller said it was obvious that bad actors would feature in some of bitcoin's 20 million wallets, emphasising that criminals have historically been "the early adopters of things".
However, he added, this shouldn't deter those exploring bitcoin's legitimate uses, concluding:
Images via Grace Caffyn for CoinDesk
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.