Do the malware writers know something about cryptocurrency that the rest of us don’t?

Disclaimer - If you haven't read my disclaimer yet, make sure you do so here. TL;DR version - Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you.

Also, I hold a little bit of Bitcoin and Ethereum.

Way back in the fall of 2012, I attend the Virus Bulletin conference in Dallas, TX. While I was there, I remember either attending, or hearing about a session, entitled Malware taking a bit(coin) more than we bargained for.

The presentation was by a researcher at Microsoft, and they talked about how bitcoin was a new digital currency just starting to gain traction. In response, new malware families were arising that would either take over user's computers to mine bitcoin (this was back in the day when a single computer still had a reasonable change of actually mining one), or try to steal users' bitcoins. I think that may have been my first introduction to Bitcoin, and I remember at the time that it was interesting, but wasn't sure whether or not it would catch on as a digital currency. If the malware creators succeeded in mining Bitcoin, they would have seen it go up in value by 100x.

Fast forward several years, to 2017, with the WannaCry malware outbreak. Malware hurts, and ransomware is even more painful as you're locked out of your system, but the market incentive to pay the fine is enticing if you can be certain that it will unlock your system; the drawback is that it incentivizes bad behavior for the malware author.

Both cases are examples of malware creators looking toward alternative payment methods to make themselves less trackable.

But what's interesting is how malware writers have stayed with that principle but have switched out cryptocurrencies. Whereas before they were mining bitcoin, now they are mining Monero:

These are just a few snippets of articles I found, and you can see they span 15 months. So, while it's a newer thing, it's not totally brand new. But the point is: Hackers are diversifying into alt-coins (an alt-coin is anything that is not a bitcoin).

As I say in some of my other cryptocurrency articles, the value of a digital currency built on blockchain is how many users believe in it, build on top of it, and start using it. Hackers and malware authors were early adopters of Bitcoin, and they seem to be proven right (so far... barring a collapse of Bitcoin). Do they have any special insight into whether or not Monero will eventually be successful?

You can do your own research into what Monero is and how it differs from Bitcoin. My own quick summary is that it's a digital currency like Bitcoin, but it's not built on the Bitcoin code like how a lot of other cryptocurrencies are. And whereas Bitcoin is pseudonymous, all transactions are public. If you observe enough patterns, you can see that randomNumber ID #1 that sends 0.5 btc to randomNumber ID #2 is a transaction. You don't have the identities of everyone yet, but with enough observations you may be able to figure out some of the identities. Bitcoin leaves a trail that is reversible back to its original transaction participants (in some cases, depending upon how many resources the investigator wants to spend).

Monero is different because it is much more private. Instead of this:

A sends xx bitcoins to B

You get this:

? sends ? to ?

You can see that's more private and not trackable.

There are some legitimate use cases of hiding your financial transactions from all viewing eyes. Using regular cash is kind of like this. But on the other hand, one of those use cases is criminal activity; if you're exchanging illegal goods or services, you want that to be hidden from everyone. Thus, if Bitcoin had a reputation as being useful for underground transactions, Monero could market itself the same way. No doubt cyber criminals already do, as that's why they are mining Monero using other people's machines.

I sympathize with the solutions to problems that altcoins are trying to solve. But, by introducing stronger privacy, they also set themselves up as a magnet for criminal activity. The maintainers of the code may say that they are building a platform and are not responsible for its usage. I'm not so sure about that.

Just ask Facebook.

Skip to main content