Bitcoin and Its Likely Impact on the Threat Landscape

This post is also available in: Portuguese (Brazil) Spanish

Bitcoin, the first blockchain-based cryptocurrency, was created by Satoshi Nakamoto in 2008 and released to the public in 2009. It is a decentralized digital currency without the need for a central bank. Over the last decade, it has evolved from a proof-of-concept where early adopters used the currency for illicit activities on darknet marketplaces to a legitimately traded commodity.

Source: Coindesk

At the time of writing, a single Bitcoin was worth around $38,000. In comparison, a year ago, a Bitcoin was worth less than $10,000. Two years ago? It was worth less than $4,000. And five years ago, it was worth less than $500 a coin! To put this into a cyber-criminal perspective, back in 2015, the original Armada Collective, a Ransom Denial of Service (RDoS) threat group, conducted extortion-based campaigns demanding 20 Bitcoins, roughly $6,000 at the time, from their victims. Today, 20 Bitcoins would be worth nearly $760,000!

Source: Radware

There is no doubt that Bitcoin has made some of us on the legal side richer than our wildest fantasies. Still, the growing valuation has also made some criminal organizations and malicious individuals very wealthy on the flip side. And in my opinion, the impact of this growth in wealth may have a severe impact on the future threat landscape.

[You may also like: Have Crypto-Miners Infiltrated Your Public Cloud?]

Making Cybercriminals Rich

Cybercriminals’ growth in wealth from Bitcoin isn’t exclusive to RDoS groups, either. It’s just an area I focus on, but nearly every cyber-criminal, from Ransomware operators to Cryptojackers, are profiting enormously from the rise in Bitcoin’s value.

One Bitcoin revenue stream that interests me is cryptomining. Cryptomining is the legal process of earning cryptocurrencies by solving cryptographic equations, validating blocks through your computer or a mining rig. Serious cryptominers typically build large mining rigs with either GPU cards, like the one below, or ASIC devices. Miners will leverage these devices and their power to validate blocks on the blockchain ledger for a payment in return.

Typically, a mined block is worth a few Bitcoins between all the miners in a given pool and for reference, the supply of Bitcoin is limited to 21 million coins. Currently, there are 18.6 million in circulation. Still, once miners have unlocked all the bitcoins, the pool will be exhausted, and the value of Bitcoin will naturally rise even higher from there.

Source: Simon Byrne

One of the reasons why cryptomining is of interest to me is due to the malicious activity that surrounds it. While cryptomining is a legal activity, the money involved will drive many to either bend the rules for an advantage or straight-up break the law for profit.

For example, to build these massive mining rigs, one is required to buy dozens of GPUs. And if you have been living underneath a rock for the last few years, GPUs are extremely difficult to purchase nowadays. This is because the demand for the hardware, GPUs, and ASICs, used to mine cryptocurrency has skyrocketed in lockstep with the price of Bitcoin.

The market to buy these devices alone has become so competitive that some are now using bots, a grey technique, to automate the process of checking e-commerce stores for availability and purchasing the hardware if an item is in stock. While this isn’t necessarily a crime–vendors get paid, users get devices–but the use of bots does present an unfair advantage against other customers attempting to purchase the same device manually. For reference, these are the same type of e-commerce bots that we see plaguing the entertainment, fashion, and airline industries.

A Cryptojacking Primer

Another example of malicious activity surrounding cryptomining is cryptojacking.

Cryptojacking is cyptomining, but it is the illegal process of earning cryptocurrencies by solving cryptographic equations with hijacked computer resources. This can be accomplished, illegally, in several ways to avoid the need to acquire dozens of devices or pay hefty electric bills.

The first example is the Web-based cryptojacking. This is the act of maliciously mining cryptocurrency thru a victim’s browsers. Web-based cryptojacking has mostly come and gone in the past few years. Still, during its heyday, services such as Coinhive were leveraged by criminals to mine cryptocurrency via victims’ browsers after they visited a compromised website.

The other example of cryptojacking is file base. This attack vector is still alive and kicking in the overall threat landscape. File base cryptojacking is the act of compromising a device in order to download and deploy payloads designed to mine cryptocurrency. Some recent examples include DDG, Fritzfrog, and Xanthe.

Source: Radware

While some reports in the past have suggested that there are limited profits involved with cryptojacking, I believe most did not consider the long-term valuation and yield of these crimes if the criminals were Hodl’ing, holding cryptocurrency long term rather than selling them immediately.

If profits were nominal as reported, we wouldn’t see the number of mining-based campaigns that we do today. In fact, the competition is so thick among file based cryptojacking that most of the malicious cryptominers I run across in my honeypots today contain hundreds of code lines designed to identify and kill specific processes or competitive malware on targeted devices.

[You may also like: The Rise in Cryptomining]

While the rise in Bitcoins valuation doesn’t immediately benefit those tardy to the party, they will likely benefit in the long term. With Bitcoin’s market cap nearing 1 trillion USD this year, everyone has to begin to consider the legitimacy of Bitcoin and its long-term projections seriously. For example, JPMorgan recently suggested that Bitcoin prices could surge to $146,000 in the long term. Meaning, those criminals who are just now getting into financial-related crime stand to incur a windfall of profit as the value of Bitcoin continues to rise.

Unfortunately, this projected growth in the value of Bitcoin will likely have a devastating effect on the threat landscape. It’s entirely possible that simple criminal organizations today could grow to have the wealth and capability to outspend even the most well-funded security firms in the future. Moreover, this growth in value will likely inspire more criminals to get involved in financially motivated cybercrime now so they too can profit.

“The rise in Bitcoins value presents an elevated risk for a more financially motived threat landscape in the future.”

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center