Botcoin: Monetizing Stolen Cycles

At the current stratospheric value of Bitcoin, miners with access to significant computational horsepower are literally printing money. For example, the first operator of a USD $1,500 custom ASIC mining platform claims to have recouped his investment in less than three weeks in early February 2013, and the value of a bitcoin has more than tripled since then. Not surprisingly, cybercriminals have also been drawn to this potentially lucrative endeavor, but instead are leveraging the resources available to them: stolen CPU hours in the form of botnets. We conduct the first comprehensive study of Bitcoin mining malware, and describe the infrastructure and mechanism deployed by several major players. By carefully reconstructing the Bitcoin transaction records, we are able to deduce the amount of money a number of mining botnets have made.

[1]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[2]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[3]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[4]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[5]  Chris Kanich,et al.  Show Me the Money: Characterizing Spam-advertised Revenue , 2011, USENIX Security Symposium.

[6]  Christopher Krügel,et al.  The Underground Economy of Fake Antivirus Software , 2011, WEIS.

[7]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[8]  Yuan The Antisocial Network , 2012 .

[9]  Stefan Savage,et al.  Manufacturing compromise: the emergence of exploit-as-a-service , 2012, CCS.

[10]  Herbert Bos,et al.  SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[12]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[13]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[14]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[15]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[16]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.