Bitcoin attackers present "a new frontier" for cybercrime, a gathering of top security specialists heard in Barcelona this week.
Government agencies, banks, universities, private companies and consulting firms attending the Anti-Phishing Working Group's (APWG) eCrime 2015 event on Tuesday were warned by a panel of cryptocurrency experts that research in the sector is lagging behind criminal practice.
Speaking inside the CaixaForum, APWG chairman Dave Jevans, who has been following bitcoin since 2011, told the audience that this knowledge gap presented a challenge for everyone in the room, noting:
Founded in 2003, the APWG is a 2,000-strong member organisation that aims to tackle security threats in the digital age by pooling resources and brainpower across the public and private sectors.
The four-day symposium, billed as the destination "where cybercrime fighters meet and collaborate", included cryptocurrencies on the agenda for the first time in the group's 12-year history.
Speaking to CoinDesk, APWG secretary general Peter Cassidy said it had taken a while for digital currencies to gain enough momentum to be taken seriously by the organisation.
Support from merchants like Dell and TigerDirect, he said, played a part in changing this, explaining:
"We have to learn to understand how the bad guys are using it to instrument new forms of crime, or old forms of crime with a new [twist]," he added.
The topic of how to go about out-innovating criminal activity featured throughout the day's cryptocurrency sessions.
However, despite some successes in areas like transaction clustering, one privacy tool that has withstood researchers' scrutiny has been the bitcoin 'mixing' model.
With no real way to trace relationships between the senders and receivers using these services, Haslhofer proposed that crimefighters could choose to 'blacklist' criminal transactions instead.
Other panelists argued that coordinating and maintaining such lists across exchanges, wallets and law enforcement agencies could prove difficult. Miller went on to suggest that media and consumer awareness could be enough to pressure stakeholders into such an agreement.
Maurits Lucas, head of cyber intelligence at Fox inTELL, presented a skeptical counterpoint to others on the panel, terming the cryptocurrency sector a "Wild West".
"A lot of the issues that we’re facing here with cryptocurrencies today are the exact reasons why we thought up the institution of a bank in the first place," he said, adding that the technology is a solution in search of a problem.
Criminals, too, have found the currency problematic, he said. Its volatility means most are eager to cash out and run as soon as possible.
A DDoS researcher in the audience also regaled how bitcoin was a poor currency for other digital criminals, explaining:
Jevans was more enthusiastic about the potential benefits of a technology like bitcoin. The Marble Security CEO revealed he had got into the currency early, buying in at $6 a coin.
He later shared images of the goo-cooled custom mining rig he constructed with a friend.
Following Gem's January announcement that it had implemented a custom Hardware Security Module (HSM) to protect its private keys, Miller stressed that bitcoin could learn a lot from the way the banking industry uses the technology, which "has been done for years."
The CEO was less bullish on consumer hardware, USB wallets like Trezor and Ledger, which he said were not the answer to "mass scale adoption".
"My personal opinion is that a software wallet will win the day because I think if you're not a hardcore bitcoin enthusiast you don't want to carry something like that around with you. It's a small market," he remarked.
Wardman, who talked about account validation at PayPal earlier in the day, agreed that overcomplicating tech could be a barrier for some users – despite the benefits, adding:
A show of hands in the room indicated that around 10% of attendees owned bitcoin. However, with one in every tenth coin stolen, audience members questioned how the cryptocurrency could cross into the rest of the room, let alone reach widespread mainstream use.
Consumer adoption aside, due to the sophistication and skill of bitcoin attacks, Cassidy warned that cryptocurrencies would be something the group could not afford to ignore. The topic would now be a fixture on future APWG events, he added.
Miller said it was obvious that bad actors would feature in some of bitcoin's 20 million wallets, emphasising that criminals have historically been "the early adopters of things".
However, he added, this shouldn't deter those exploring bitcoin's legitimate uses, concluding:
Images via Grace Caffyn for CoinDesk
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.