Pony thieves blamed for bitcoin heist

Summary:A gang of criminals using an army of infected computers has made off with at least $220,000 worth of bitcoins and other virtual currencies.

Researchers from the security firm Trustwave say that a heist of at least $220,000 worth of bitcoins and other virtual currencies was accomplished by a botnet of computers using malware that has been dubbed "Pony".

The Pony botnet has affected an estimated 700,000 people or computers, allowing the criminals to control those accounts.

The scheme "collected approximately $220,000 worth, at time of writing, of virtual currencies such as bitcoin, LiteCoin, FeatherCoin, and 27 others", said a blog post from researchers Daniel Chechik and Anat Davidi.

The gang operating the Pony botnet was active between September 2013 and mid January 2014.

The botnet stole 600,000 website login credentials, 100,000 email account credentials, and other secure account information.

The news comes amid growing use of virtual currencies such as bitcoins, which have been developed by cryptographic experts as a way to move money at a lower costs than traditional finance systems.

While many uses of bitcoins are legitimate, the virtual currencies have also been tied to money laundering and drug trafficking, as well as underground websites such as Silk Road, the target of a US raid.

"Bitcoins are stored in virtual wallets, which are essentially pairs of private and public keys," the Trustwave researchers said, adding that whoever has those keys can take the currency.

"Stealing bitcoins and exchanging them for another currency, even a regulated one such as US dollars, is much easier than stealing money from a bank."

They said thieves with bitcoins can use any number of trading websites, to get real cash while maintaining anonymity.

Topics: Security, Emerging Tech

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.