article featured image


Back in 2008, a group that went by the name of Satoshi Nakomoto came up with an idea that would forever change the very notion of banking. That idea came with– Bitcoin. What if the purpose of Bitcoin? First and foremost, Bitcoin came out as an antagonist to centralized banking. In all intents and purposes, Nakomoto’s Bitcoin was meant to ‘blow up’ the entire customer-intermediary-bank chain, replacing it with a system that leverages peer-to-peer network systems with zero intermediaries, node verification, and public-distributed ledgers – also known as blockchains.

Bitcoin was the first crypto coin and, probably, the most disputed. Throughout its history, many have voiced their concern over the existence of Bitcoin, denouncing its use in overtly illicit activities. Regardless of scope, Bitcoin is a powerful financial instrument and, as they say, he who holds the Bitcoins, hold the key to eternal happiness – or at least a lifetime supply of coffee and Klondike bars. Anyway, in this article I’m going to tackle the cybersecurity part of Bitcoin – malware, financial scams, cryptocurrency-specific cyber-attacks, securing blockchains, and more. So, is Bitcoin safe? Stick around and find out for yourself. Enjoy?

What is Bitcoin?

Even more background on Bitcoin and some fun facts. Here’s one to sink your teeth into: what does pizza have in common with Bitcoin? The answer is Bitcoin Pizza Day. Celebrated every year on the 22nd of May, Bitcoin Pizza Day marks the very first cryptocurrency transaction in history; 21 years ago, BTC owner and source-code contributor Laszlo Hanyecz managed to purchase two pizzas from Dominoes for 10,000 BTC. Considering the price of a bitcoin (that would be around $35,000 at the time the article’s been written), Hanyecz’s purchase can easily pass as the most expensive munchies in modern history. However, back in two-o-ten, the price of one Bitcoin was under one American cent – $0,008, to be precise.

Basically, Hanyecz’s stack of BTCs amounted to a meager $41. Liked this one? Let me hit you with another – did you know that there’s a limited supply of Bitcoins? Because we just love irony, here’s one that will definitely paint a smile on your face – although BTC is a virtual coin, there’s one so much you can buy. So, how many Bitcoins are out there? No, the magic number’s not “42”, but 21. There are only 21 million BTCs out there more than half of that amount (16.3 million) has already been mined, traded, and retraded.

What happens after that? It’s bye-bye Bitcoin mining. According to some predictions, the very last Bitcoin will be mined at the beginning of the 22nd century (2140). Sounds rather farfetched and arbitrary, doesn’t it? Well, many believed that BTC’s upper limit was purely arbitrary, but numerous studies refuted this idea. One of them is called the Bitcoin Distribution model; all very interesting and ‘mathy’, so I won’t dare approach it. If you find this topic fascinating, you can read all about it here.

Even more need-to-know before we go to the next section:

  • Bitcoin Network. also called a blockchain, in simple terms, it’s a (gigantic) data structure that keeps track of all BTC-related transactions. Why blockchain? Because even in a decentralized structure you need some measure of control. The blockchain offers transparency (to some degree) and security. Now, a blockchain is composed of millions of blocks. These tiny LEGO-like pieces are linked by a cryptographical “chain” structure. Here’s where it gets interesting – each block contains information about the previous and the next block; kind of like past, present, and future. The path to the ‘future’ block is blocked by the cryptographical chain. To be able to access the ‘future’ block, you’ll need to solve the associated crypto-riddle, which is a mathematical equation or something along those lines. How do you do that? By using BTC miners. Cool, isn’t it?
  • What can you do with Bitcoins? A lot of things actually: speculate the market, buy stuff, and, of course, diversify your financial portfolio. Two decades ago, a Bitcoin wouldn’t have gotten you a cup of coffee. Remember that Hanyecz had to cough up 10,000 BTCs for two pizzas. Nowadays, a digital wallet of 10,000 Bitcoins can get you a lot of stuff. On top of that, some BTC investors prefer crypto over fiat money given the fact that cryptocurrency is not affected by external factors such as inflation or national debt.
  • Is Bitcoin the only kind of cryptocurrency? Bitcoin may be the oldest cryptocurrency in circulation, but hardly the only one. According to Yahoo Finance, as of April 2020, there are over 5000 cryptocurrencies on the market. Some of the most popular are Ethereum, Ripple, EOS, Litecoin, Bitcoin Cash, Tether, Stellar, Tron, Nano, Cardano, Monero, and Dash.

Hope you’ve learned something new and useful about cryptocurrencies and Bitcoin. Now, on to the more pressing question – Is Bitcoin safe?

Bitcoin Cybersecurity Concerns – Is Bitcoin safe?

The paper “A Survey on Security and Privacy Issues of Bitcoin” defines two types of cryptocurrency-specific attacks: those targeting the system and the “PoW-based consensus protocol” and “misbehavior attacks targeting Bitcoin networks and entities”. I won’t be covering all of them, but I’ll give you a quick rundown. On the PoW (proof-of-work)-based consensus protocol, we have:

(1) Race attack. Also called Double Spending, this attack, which affects sellers, and\or merchants, requires spending the very same Bitcoin amount in several transactions. The outcome – two conflictive transactions, registered in rapid succession.

(2) Finney attack. Occurs when a malicious actor jettisons a previously mined Bitcoin block. The result is double-spending. Happens right when the malicious miner receives the product or service from the victim which, in this case, is a merchant.

(3) Selfish mining. Also known as a Block Discarding attack, this operation abuses forking (i.e., with Bitcoins linked by chains, forking means splitting the chain, making the Bitcoins ‘run’ in a different direction) in order to get a ‘bigger pie cut.’

(4) Brute-force attack. In a cryptocurrency context, brute-forcing a seller or merchant means privately mining on a fork with the purpose of double-spending.

So far, so good. These are some of the attacks that target either sellers or merchants by taking advantage of gaps in the security of the PoW-based consensus protocol. Let us now look at the attacks that target the network itself and entities.

(1) Bribery attack. Basically, you pay someone to mine on your behalf.

(2) Refund attack. Ever tried to make to return an item to the retailer you bought it from? As you know, the refund policy is a pain, but worth getting through to get your money. BTC transactions have their refund policies and guess what happens when someone would go about exploiting loopholes in those policies? Well, then you get a refund attack.

(3) Wallet theft attack. BTC wallets are secured by public-key cryptography. So, when you create a wallet, you receive two keys: a public key (used for encryption) and a private key (used for decryption). In a wallet theft attack, the malicious actor either destroys or steals your private key.

(4) Sybil. It means going William Wilson in the network. More specifically, in a Sybil-type attack, the threat actor creates multiple virtual identities in an attempt to swindle other users or the whole network.

(5) Routing attack. What’s the best way to break a chain? By destroying one of its links, of course. During this kind of attack, the threat actor would isolate one or more nodes from the network in order to slow down or even stop the block propagation (remember that every block in a blockchain depends on the block that came before it and the one that follows).


Bitcoin malware – ElectroRAT, Cryptojacking, and KryptoCibule

Just to make a quick wrap-up; so far, we’ve talked about the history of Bitcoin, learned some fun facts, and discussed known vulnerabilities. Now it’s time to wrap this up with some cryptocurrency-specific malware and, of course, the available countermeasures.


ElectroRAT is the round-opener – discovered in January 2020, ElectroRAT is a full-steam-ahead malicious campaign that indiscriminately targeted crypto-wallet owners.  Security analysts saw in ElectroRAT a perfect blend between social engineering and malicious, code-side TTP – the operation would take about half a year to set up and perhaps, twice as long to return the expected results. As to the group’s MO: the malicious actors would start by setting up spiked websites, filled to the brim with trojanized apps or downloadable content.

Next, they would create social media campaigns and set up fake forums. What would be the purpose of this enterprise? To steal as many private keys as possible, a trick they easy to pull off, especially if you have the right tool. In this case, the tool is ElectroRAT, a remote access key tool written in Golang and engineered to all operating systems. ElectroRAT’s novelty is exactly this tool – experts believe that this remote access tool’s code was written from scratch, making it virtually undetectable. The most notorious campaigns associated with ElectroRAT are DaoPoker, Jamm, and eTrade.


Cryptojacking’s probably the most benign item on this list. To make a very long story short, CJ’s when a threat actor deploys and runs crypto-mining software on your endpoint. Nope, cryptojacking malware won’t demand ransom in exchange for your files, blow up your power supply, deny access to network resources or delete your files. Instead, it will use your endpoint’s resources for bitcoin-mining. It’s frustrating but benign. In most cryptojacking cases, it’s enough to find the most resource-hungry (and out-of-bounds) process and shut it down with your task manager or something.


KryptoCibule, the last item on this list is the love child of ElectroRAT and cryptojacking. KC has the demeanor of a cryptojacking malware (i.e., lands on the machine and uses its resources for crypto-mining operations), but, in the long run, exhibits ElectroRAT-behavior – pokes around wallets, hijacks transactions, and exfils files associated with said transactions. Perfect blend, don’t you think? Anyway, the first version of KC was sighted in or around December 2018, when an attempt to extract Monero (coins) via ‘onionized’ connections was detected. Interestingly enough, the creators behind KryptoCibule tend to attack targets of opportunities located in either the Czech Republic and Slovakia. A pretty sophisticated piece of evil coding; there’s no doubt about that. I’m thinking about writing an article on the topic. Hit the comments and let me know if you would like to read more about KryptoCibule.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Parting thoughts and Anti-malware countermeasures

Is your business running cryptocurrency transactions? Here’s some advice on how to improve overall security.

  1. Symptomatic treatment. If curing the ‘disease’ (i.e., malware) is not a viable option, focus on treating the ‘symptoms’, as they arise: observers in the network to counter double-spending and brute-force attacks, transactional multi-confirmation against Finney attacks, ZeroBlock technique to discourage selfish mining, increased rewards for hard-working and host miners to counter bribery attacks, public-pushed evidence vs. refund attacks, 2FA Security to counter wallet theft, XIM from Sybil, and continuous tracking of round-trip time to fight against routing attacks.
  2. Enhanced cybersecurity. Endpoint security solutions can help prevent data leaks associated with crypto-specific malware. Heimdal™ Security Threat Prevention Endpoint can sanitize your workstations, clear out malicious packets that may be hidden in DNS traffic, detect processes associated with crypto-mining operations, and much more.

So, is Bitcoin safe? I would say that it’s safe as the crypto-wallet holding it. Keeping the best practices in mind will help you secure your account and keep those transactions private. With that in mind, I’ll leave you to your BTC-related endeavors. As always, stay safe, enable 2FA in your wallet, don’t click on suspicious links, and never, ever trade Bitcoin or Etherium or Ripple outside legitimate platforms. If you have further questions on the topic, shoot me a comment or send me an email.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

Leave a Reply

Your email address will not be published. Required fields are marked *