X
Business

Want to make money mining bitcoins? Criminals have you beat

Bitcoins are becoming the "national currency" of criminals the world over and are becoming an increasingly poor investment for legitimate miners.
Written by David Gewirtz, Senior Contributing Editor

Bitcoin is an interesting beast. It seems like something out of a William Gibson cyberpunk novel. It was created by a shadowy figure that could be an individual or a cartel. It's infinitely traceable but ownership is completely anonymous. It has value; at the moment I write this, each "coin" is worth $869.61 and the total dollar value of existing bitcoins worldwide is almost $11 billion.

Unlike traditional currency, it exists outside of national control. Like precious metals, it can be mined, but unlike precious metals, you can't hold it in your hand.

It's real, in that some merchants and services will accept bitcoin as payment. It's virtual, in that it exists only as a series of entries in a global data structure.

And it's become the new best friend of criminals the world over.

You can gain ownership of bitcoin in three primary ways: you can buy them, you can get paid in them in return for a product or service, or you can make them through a process called bitcoin mining.

The first two approaches: buying bitcoin and getting paid in bitcoin are interesting, in that any item that can be bought and sold is interesting. Bitcoins might be, to quote Paul Krugman, storehouses of value, or they could someday go "poof" and simply be bits worth less than two bits.

The bitcoin system is set up to limit the total number of bitcoins that will ever be available in the world pool. That limit in total availability artificially forces value on each coin because the resource is designed to have scarcity built into its DNA.

What's propping up the value of bitcoin is both buzz and the limited availability, combined with a decidedly libertarian political flavor and, well, its almost perfect fit with the needs of illicit and illegal transactions. And that brings us to both bitcoin mining and crime.

Bitcoins come into existence as the result of increasingly complex calculations that incur both computing hardware and energy cost. The bitcoin system requires that each new bitcoin is incrementally harder to "mine" than the preceding coin. What this means is that each new bitcoin requires more and more calculation power than the coins that came before.

When bitcoins first blinked into existence, they could be mined by a few spare computers, just left to crank away. Now that there are so many more bitcoins in circulation, those computers can barely mine a fragment of a bitcoin in anything resembling a reasonable amount of time.

Given that bitcoin mining is designed to always need more computing power thrown at it, a market sprang up for custom bitcoin mining computers, machines built with custom ASIC (application-specific semiconductor) chips designed to optimize the processing of bitcoin mining algorithms.

As more and more bitcoins are born into the world, more and more processing power is required. The custom bitcoin mining machines have become increasingly expensive to purchase, and — also very important — increasingly expensive to operate as they eat raw electical power at a phenomenal rate.

All of this makes a sort of elegant sense. They take more work to create, so the rate of supply of new bitcoins slows down over time as the cost to produce them goes up along with — at least in theory — the overall value of each coin.

That means that each coin has a cost of production. The profit attributable to each coin, therefore, can be calculated as the net selling price of the coin, minus the cost to produce.

At least that's the case for people and companies who mine bitcoins and who are unwilling to break the law. The game (and the profit structure) is completely different for criminals.

All your coin are belong to us

Think about what it takes to produce bitcoins, the means of production: processing power. Law-abiding bitcoin miners spin up this processing power either using ever more powerful, special purpose computers or -- in a relatively new trend -- rent bitcoin processing time from service providers who sell timeslices of their processing power plants.

Now think about the cost items. You have the cost of the mining computers, storage space, and energy for cooling and powering the mining machines. The profit in bitcoin mining is all about making sure that the selling price (or stored trading value) of the mined bitcoins is greater than the cost to mine them in the first place.

As the Bitcoin mining profitability calculator shows, profitability is all about getting the hash rate (speed of calculation) high enough, while the cost of hardware and energy is low enough. Even so, because bitcoins become more difficult to create, the existing hardware (no matter how large its current hash rate) will quickly obsolete.

This means that a law-abiding miner will have to constantly upgrade and discard hardware, simply to keep up with the ever-increasing difficulty rate inherent in bitcoin mining.

Breakin' the law, breakin' the law

But what if you're willing to break the law (which, for the record, I do not advocate)? Do the production cost ratios for bitcoins change?

That's what we'll discuss on the next page...

What would need to change to make a difference? Or, more to the point, what has available inherent flexibility that might impact profit margin?

You certainly can't change the difficulty or the algorithm required to mine bitcoins. The very agreement of all the participants to accept this currency relies on those two items as being sacrosanct.

But while you can't change the difficulty, you can change the cost of producing the calculations. What if you could drive energy cost to near zero along with processing power? What if you could remove the two inherent cost items from production cost?

That's where criminal bitcoin miners are coming into play. Cybercriminals already have a very well-established, tested, and long-operating mechanism to perform marginal-cost distributed computing: botnets.

Rather than buying expensive bitcoin mining machines, criminals are seeding the computers the world-over with malware like "Fareit," which then implants bitcoin mining software on victim machines, sending the results of the mining process to intermediate transactional bitcoin wallets, which are harvested on a regular basis, moving bulk collections of bitcoin shards into anonymous bitcoin wallets not obviously connected to the intermediate harvesting wallets.

The result is criminals are able to extract the cost of production from the bitcoin mining process, making bitcoin mining almost infinitely more profitable for law-breakers than law-abiders.

Theft of bitcoin

Law-breakers have another tool in their bitcoin acquisition arsenal: thievery. Bitcoins aren't owned, they're merely assigned to bitcoin wallets.

In this way, they're more like cash than any other online currency. If you have a hundred bucks in cash in your back pocket and someone surreptitiously lifts that cash from your pocket, that cash is pretty difficult to trace back to you.

Yes, most pieces of paper currency have a serial number, and all bitcoins have a ledger describing their movements. Individual cash users (like you and me) don't register our ownership of specific bills in any central registry. Instead, our possession of the cash is what assigns the ownership.

Bitcoins work the same way. While there is a clear transactional history assigned to the entire network of bitcoins, once a bitcoin lands in your bitcoin wallet, it's yours. Period.

That makes bitcoin theft rather appealing to certain criminals. All they have to do is steal the wallet and the bitcoins change ownership.

As you might imagine, this has led to both direct penetration hacking and malware like Bitcoin Jacker and Bitcoin Infostealer.Coinbit, which infect machines and scan them for bitcoin wallets, transferring any unprotected or weakly protected wallets back to the malware initiators.

Speaking personally

I've been following the bitcoin explosion rather closely and, for a while, considered investing in optimized Bitcoin mining hardware like the ones produced by Butterfly Labs. While the cost of the mining hardware itself was certainly a consideration, I liked the idea of stacking a bunch of machines in my garage and letting them crank away, churning out money.

But then I researched it more deeply, which is what resulted in this article. First, I was very turned off by the idea of pre-ordering hardware. Because each bitcoin is harder to produce over time, a machine ordered today but delivered in April is inherently less valuable even before it ships.

Then I started to look into the competitive marketplace, and it became clear that the one truly profitable competitive path to bitcoin profits was through malware and botnets — which meant that no matter how much I was willing to invest legitimately, law breakers would always have a competitive advantage.

Combine that with the ease with which it's possible to lose your wallet if you make one mistake, along the almost flagrant abuse of our planet's scarce energy, and the entire opportunity seemed more like a house of cards (and, to quote my wife, "kind of immoral"). I'm staying away, and, instead, have advised law enforcement to keep a closer eye on bitcoin, as I describe in the next section.

Follow the money

All of this gives the criminal element a concentration of economic advantage in the bitcoin ecosphere.

Legitimate miners and buyers have to incur substantial production and energy costs, or have to pay the going exchange rates for bitcoins.

Criminal miners pay virtually nothing for the production of new coins, outsourcing the work to hapless victim machines the world over. Criminal bitcoin thieves don't incur the exchange rate cost for acquisition of bitcoins. They simply rely on hacking and malware to siphon bitcoin wallets from law-abiding owners.

What we've got here, then, is a commodity (I hesitate to call it a currency) that has a current value, is free from regulation (for the moment), allows for completely anonymous ownership, and is both highly profitable and almost free to produce (if you're willing to break the law).

There is no doubt that bitcoin has staying power, but whether that's just among criminals (and those who wish to traffic with them, like the Silk Road drug sellers and customers), or whether it will become a valuable trading commodity for the rest of us is unclear.

My advice to law enforcement is simple: follow the bitcoin. There is no doubt that more and more criminals will be using bitcoin to generate profit as well as cover their tracks. Whenever you see a stash of bitcoin and have judicial permission to follow the footprints, do so.

While bitcoin use is not limited to criminals, there is an undeniably high correlation between bitcoin ownership and criminal activity. Especially since bitcoins are becoming every more profitable to criminal malware seeders and botnet operators while concurrently becoming ever less profitable for legitimate traders.

Here's the key take-away: bitcoins are becoming the "national currency" of criminals the world over and are becoming an increasingly poor investment for legitimate miners.

This is a very volatile environment. Things could change tomorrow. Keep that in mind, too.

Editorial standards