SINGAPORE (Reuters) - Criminals may already have made off with up to $500 million worth of bitcoins since the virtual currency launched in 2009 - and you can double that if it turns out they emptied Mt. Gox.
Internet criminals, security experts say, are attracted to bitcoin because of its stratospheric rise in value, because it's easier to steal than real money, and because it's easier to trade with other criminal elements. But, they add, bitcoin will survive the damage.
"It's just growing pains," says Keith Jarvis, a security researcher at Dell SecureWorks. "Bitcoin is large enough and has enough momentum behind it to survive any public relations damage from this (Mt. Gox) case or anything else."
The fall of Mt Gox, the Tokyo-based exchange which filed for bankruptcy last month after saying it lost some 850,000 bitcoins to hackers, is certainly the virtual currency's biggest crisis.
But data collated by Reuters from specialist bitcoin industry websites and internet forums shows that more than 730,000 bitcoins were already missing to theft, hacking, cyber-ransom payments and other apparently criminal pursuits before Mt. Gox's collapse. That's nearly 6 percent of all bitcoins, and doesn't include dozens, possibly hundreds, of unreported cases of individuals who have lost bitcoins from their computers or online exchanges to hackers.
For sure, there's no way of telling who has these missing bitcoins, or whether they were converted to real money when the price was much lower. And of course some bitcoins may have been counted twice if criminals stole them from each other or they were put back into circulation and stolen again.
But there's no question that bitcoins have attracted the attention of cyber-criminals - as a currency and an asset worth stealing.
A study by Pat Litke and Joe Stewart of Dell SecureWorks showed that as the price of bitcoin soared beyond $1,000 last year, so did the number of viruses designed to steal bitcoins from wallets - programs that hold bitcoins on user's computers or smartphones. Of the 140 types of such software more than 100 appeared in the past year.
Writing such viruses, says Stewart, is easy. "There's no sophistication involved in the storage of bitcoin in wallets. As for malware, it's some of the easiest stuff to write."
Indeed, this cyber-pocket picking wasn't criminals' first foray into bitcoins. Initially, they focused on using their control of large networks of infected computers - called botnets - to make their own bitcoins.
Bitcoins are created through a 'mining' process where a computer's resources are used to perform millions of calculations. For a while, says Kirill Levchenko, a researcher at the University of California, San Diego, criminals added malware to their botnets to turn infected computers into bitcoin miners.
This triggered predictions of doom for bitcoin - that the criminals would take over the mining of bitcoin through botnets and bring the whole currency crashing down. But as bitcoins become harder to mine - according to an algorithm that slows down their production the more people try to create them - this approach has proven less profitable.
In 2012-13, says Danny Huang, another researcher at the University of California, San Diego, they earned at least 4,500 bitcoins, a relatively small sum compared with the total produced. "Few botnets are mining bitcoins now," he said.
Instead, they've turned to stealing them from wallets, or, more lucratively, from exchanges.
According to data compiled last year by academics Tyler Moore and Nicholas Christin, of 40 exchanges tracked 18 had closed, with customer balances wiped out in many cases - not always, they point out, due to fraud. Since then, according to public reports, more than a dozen others have been hacked.
Cyber-criminals have also made use of the ease with which bitcoins can be traded without any third party - such as a bank or online payments service like PayPal - to use it as at least one way of paying for services between themselves.
"Bitcoin made it much easier for them, because they have to trust each other even less. Even complete strangers can cooperate," said Juraj Bednar, a bitcoin security expert in Slovakia.
But while bitcoin has its advantages, it's not a perfect tool for the bad guys.
Take, for example, ransomware. Viruses which encrypt users' data and then demand payment for a key to unlock it have become increasingly sophisticated, says Dell Secureworks' Jarvis.
The most successful: CryptoLocker, which Jarvis believes is run by a Russian-speaking gang who are also behind a botnet called Gameover Zeus that targets financial websites.
Bitcoin often appears on CryptoLocker as an option for victims to pay up. Its appeal, says Bednar, lies in the fact that it needs no third party for the transaction to work.
But there have been problems. For one thing, the type of user to be infected by a virus wasn't likely to be the type who is technologically savvy enough to be familiar with bitcoin. Also, as bitcoin rose in value, it has become a more expensive option for the victim, forcing the criminals to lower their bitcoin ransom demands to match prevailing exchange rates.
Then there's bitcoin's transparency. All transactions are visible, and while they're just digits and letters, in theory they could be connected to an individual and the entire history of all the bitcoin's transactions traced.
Italian computer engineer Michele Spagnuolo, for example, was able to trace a number of ransom payments for CryptoLocker. The gains have been impressive: he and academics from Politecnico di Milano speculate that up to 6,757 bitcoins - then worth around $6 million - could be linked to those behind CryptoLocker late last year. That estimate of their total takings, he says, could be very conservative.
But the fact that such payments can be traced would raise a red flag for cyber-criminals, says Daniel Cohen of RSA, the security division of EMC Corp, even though there are online services that can "launder" bitcoins to hide their origin. "Sure, there are bitcoin laundering services, but still if I tie a wallet to an identity I can see every single movement," he said.
And, ironically, the success that some criminals have had in stealing bitcoins has made it less appealing to the underworld. RSA's Cohen says his team monitoring underground forums has noticed criminals lately see bitcoin as "volatile, seizable and, with the recent thefts, unsafe."
That's not to say bitcoin is out of the woods.
While the protocols underlying bitcoin have proved themselves to work, the weak links have been the software containing the wallets, whether on exchanges or on individuals' computers.
"The attacks on the exchanges did not in themselves indicate any particular weakness of bitcoin per se, but rather exploiting vulnerabilities within the exchanges," says Raj Samani of Intel Corp's internet security company McAfee.
Such holes are being addressed, says Dell Secureworks' Stewart, pointing to such innovations as hardware wallets to replace software ones. "We're just going to have to get into that mode of thinking," he says.
For now, bitcoin users remain a vulnerable target.
That was illustrated when hackers breached Mt. Gox's servers and its owner's blog this week to post files purporting to be Mt. Gox's transactions in bitcoin stretching back to 2011.
Amid the files lurked another surprise awaiting the unwary: a bitcoin-stealing virus.
Editing by Ian Geoghegan