Bitcoins, Pools and Thieves

Bitcoins, Pools and Thieves

Bitcoin started out as a digital currency, free from duplication and free from centralization and assumed, free from organized crime. However over the last couple weeks, there have been two major incidents against online Bitcoin trading and storage that have resulted in the loss of approximately $5.4 Million in Bitcoins.

The exchange rate currently lies at  $354.00 = 1 BTC, that sounds like a pretty good currency, until you realize that one year ago, the rate was $11.18 = 1 BTC, according to the charts at If the dynamic state of the exchange doesn’t convince you about the volatile nature of the Bitcoin currency, just wait until I tell you about the vulnerabilities.

Starting on Oct 23rd and continuing on Oct 26th, the Bitcoin wallet service was hacked, as reported by Wired, and the culprits made out with a total of 4,100 BTC or $1.2 Million (at the time, $1.4 Mil now).  The attack consisted of a large social-engineering element that allowed the attackers admin access to the cloud-based storage provider of


The purpose of was to allow an online source for users to store their Bitcoins, presumably, securely as well as speed up Bitcoin payments. There is of course the possibility for users to store their Bitcoins offline, however the payment process was slower.

TradeFortress, the creator of informed the user base after the attack that they did not posess enough Bitcoins to compensate the amount lost in the attack and instead vowed to pay back what he could, from his personal Bitcoin balance.

China GBL

Chinese Bitcoin traders were out more than $4 million on Oct 26th when the trading service they were using called GBL suddenly went offline. In an article on CoinDesk, it appears that the creators of GBL provided false identification when registering the business and never actually received any official documentation to allow them to run as a financial institution.  Therefore, it is believed that the owners of this service, set it up, waited until they had a fair amount of investors (approx 1,000) then took the money and ran.

online security - businessman stealing a credit card

I imagine it looked something like this

Since it’s inception, Bitcoin users have been subjected to a variety of scams and threats, as listed on the Bitcoin Talk Forum. The greatest of which occurred in 2011-2012 where an estimated 263,024 BTC were stolen; using todays exchange rate, that would be worth $92,240,000!

Greedy Miners and Rogue Pools

So thieves and scammers exist for every type of currency, doesn’t mean we need to question whether or not to use it. However, most currency doesn’t have a built in option for complete destabilization, or if it does it’s a very well kept secret.

As postulated by researchers at Cornell in a paper titled “Majority is not Enough: Bitcoin Mining is Vulnerable”, the decentralized nature of Bitcoin could be threatened by some clever and greedy miners.

Now before I get into this, it’s probably important to know what Bitcoin mining is: basically, it’s putting your computer to work performing highly complex mathematical operations in order to crack a cryptographic puzzle for the sake of helping Bitcoin transactions do their thing. In return for this, people are rewarded with Bitcoins. Those who devote their systems to this end are known as Miners.

That might not be the BEST explanation as there is much more to it, so here is a neat video that explains it well enough:

See, easy.

So every transaction done on the Bitcoin network is grouped into a ‘block’, for organizational purposes these blocks are lined up in a ‘block chain’. Bitcoin miners pool together to ‘solve’ the cryptographic puzzle presented with each block in order to verify and authenticate the transactions. The first miner to solve a block receives a prize and shares it with the pool. That same miner creates a new block by grabbing a new pile of transactions.




If two miners solve the same block at the same time, two new blocks are created and it comes down to which block is seen first by other miners who then try to solve it, this creates two ‘branches’. Once a subsequent block is found  on a certain branch, it is deemed the longer branch and therefore everyone else starts working on that longer branch and it becomes the primary and continues on the chain.

Now on to the threat…

If a rogue pool of miners decides to withhold the fact that they have solved a block from the rest of the miners in the world, they can continue solving the subsequent block in a ‘private’ chain. As long as they are able to solve the blocks faster than the other or ‘honest’ miner pools, they can continue keeping it private.

Since an individual pool, especially a rogue one, probably doesn’t have the kind of processing power as the honest miners, they will lose their lead.  When this becomes apparent, they publish not just the block they have solved but also all the subsequent blocks.  What does that mean?

Hacking category

“Mo Mining, Mo Problems”

Like I said earlier, when a branch is deemed longer than any others, it becomes the primary and all miners involved in solving that chain earn $$ for their efforts.  When the rogue pool publishes their branch, if it is longer than the honest branch, it becomes the primary and the rogue pool gets rewarded for not only solving the first block but also all subsequent ones.

For example, if the rogue pool solved the first, kept it to themselves and then created three more blocks ahead of the honest pool, then published it, they would receive 4x the reward. and every miner in that pool would receive 4x the amount of bitcoins for their efforts.

In addition, all the effort made by the honest miners would be for naught. So if they were to solve 3 subsequent blocks on the honest block-chain, but the rogue pool solved 4 before they published, the honest miners would receive no reward at all and would eat the cost of processing power and electricity they spent trying to solve blocks in a chain that was deemed invalid.


Courtesy of Allie Brosh

Now back to how that could end up CENTRALIZING the bitcoin currency.  If honest miners caught wind that they could make more $$ by joining the Rogue pool, in their own interest they would join up.  Eventually, the number of honest miners would decrease and the Rogue pool would become so large that they end up solving all blocks and becoming a central authority for all authentication of transactions. I leave it to your own imagination what could become of Bitcoin if that happened, but here is a hint: some transactions, even if they aren’t “legitimate” might make it into the block chains and somebody could make a LOT of money.


The researchers pose a solution of randomizing which branches are chosen, rather than just using the longest one or the first seen. This would decrease the likelihood that the Rogue branch was used and the pool would receive any reward.

This solution, unfortunately, doesn’t stop the fact that there are already miner pools that possess over 25% of the computational power on the Bitcoin network.  In the event that a single group grows large enough, the same problem could happen and Biitcoin could become centralized.


I personally think that man’s nature to make more $$ would prevail in the end. If you are part of a miner pool that only gives you a very small reward for your efforts, you may be more inclined to branch off into smaller pools that have a higher return value, even if the likelihood of success is smaller than with the larger pool.

Even the issue with Rogue pools and branches, eventually the problem will solve itself as the method these miners use to earn more $ will become ineffective and obsolete as their methods become the primary authentication standard. At that point, new pools will arise to do exactly the same thing in order to make more $ and the process will start over again.

My predictions for Bitcoin are that it will continue to be a competitive and fast-paced market where one person or a group of people will always try to outdo the other in an attempt to earn more cash. Centralization would not only be hurtful to Bitcoin miners but to the standard itself and therefore, regardless of greedy miner pools, eventually they will need to censor their own efforts in the name of keeping the currency valuable and the efforts worthwhile.

And as far as crime goes, we will continue to see attempts at scams and theft just as we do with paper money, but Bitcoin is still young and we are all still figuring out how to use it. I think it is incredibly promising, having grown to such a valuable ‘virtual’ currency in the span of 4 years, once we know how to properly deal with it, I expect to see clear sailing with a more secure and stable currency than the world has ever seen.

Thanks for reading, safe surfing and DFTBA!


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.