February 23, 2012

FC++: Bitcoin & Gresham's Law - the economic inevitability of Collapse

The various and many anonymous authorities are moving against BitCoin, and they are taking the time-tested path: shutting down the exchange operators.

This is the modus operandi that was employed with earlier innovative money suppliers, and unfortunately it is a bit of a killer strategy. In short, someone complained, someone else then lent on the major money operators, who lent on the minor ones providing exchange facilities, who in turn then pulled their accounts with the exchangers.

Paxum Ceases Business With Bitcoin

Over the course of the last two weeks, Paxum has been in communication with our banking partners, Mastercard, and our auditors to evaluate the best interests of Paxum (and its clients) in relation to Bitcoin.

After much discussion and consideration it has been decided that, though Bitcoin's are not illegal, they are considered high risk.

Where, 'high risk' might mean that the people who we rely on to stay in business don't like it, which makes the exchange business extremely vulnerable. Or it might mean that the Bitcoin economy has fundamental problems.

Now, it turns out that honest people have good reason to be suspicious of Bitcoin, up to and including the extreme levels of rampant criminality. And, Philipp Güring and I wrote the paper to explain it:

Philipp Güring and Ian Grigg, Bitcoin & Gresham's Law - the economic inevitability of Collapse (PDF)

Abstract. The Bitcoin economy exhibits remarkable and predictable stability on the supply side based on the power costs of mining. However, that stability is challenged if cost-curve assumption is not solely expressed by the fair cost of power. As there is at least one major player, the botnets, that can operate at a power-cost-curve of zero, the result is a breach of Gresham's Law: stolen electricity will drive out honest mining. This has unfortunate effects for the stability of the Bitcoin economy, and the result is inevitable collapse.

Philipp started by modelling demand and supply for Bitcoin mining. My part was to add the economics rationale why such things cannot succeed.

It is probably a bit too late now, but we had hoped to get the paper into some relevant forum but events above have overtaken us. Hence, here it is in the style of FC++ which means we might do some tweaking, and present it somewhere in a future moment.

Posted by iang at February 23, 2012 12:35 PM | TrackBack

Um ... ya.

About that botnet thing. You are aware of the difference between CPU mining and GPU mining, right?

1 GPU = hundreds, or a thousand or so CPU systems. The botnets only have CPU systems so far, and even if they do try to do GPUs as well, they'll only find a tiny fraction of systems have the high-end GPUs of the kind that Bitcoin miners use. A serious miner is running multiple rigs each with 3 X graphics cards, each card having dual GPUs.

Additionally, FPGAs solutions are now arriving where GPUs are going to have a hard time competing. How many botnets will do FGPA mining? Approximately 0.0% And that won't be changing anytime soon.

Good story though.

Posted by: Anony Mouse at February 22, 2012 11:41 PM

Cheaper for the bots just to steal people's bitcoin wallets.

Posted by: rfk at February 23, 2012 12:12 AM

There are way too much simplifications in the paper. Nothing mentioned about increased botnet thermal footprint (and detectability), perhaps order or two in magnitude.

Posted by: m at February 23, 2012 04:43 AM

Cheaper to purchase all bitcoin in the world today.

Posted by: Jon Matonis at February 23, 2012 05:38 AM

Botnets will never work for minigng..they are to valuable and owners can make more (illegaly) using them in other areas..using them for minign would go the opposite..they would easier be to spot and to spot..no botnet owner right in his head would ever use it for mining..at 100$ per btc they maybe try lol but as long as they dont own specialised hardware that won`t happen..i have FPGA 50 gigahash in 4 weeks..and they are absolutely security hardened in 3 layers..won`t work out

Posted by: WIcked at February 23, 2012 05:52 AM

Perhaps governments will attack the currency but that has little to do with your other arguments. They certainly don't need the coins to come from botnets to start attacking it.

I don't think it matters much if botnets mine coins. Mining was only really intended as a bootstrapping mechanism to initially distribute the coins.

As the coin production tails off the botnets would merely be providing a cheap transaction processing service - where security of the processed transactions is subsidized by the botnets free access to resources.

That isn't likely to cause a shutdown in bitcoin, if anything it makes it even more competitive compared to other alternatives.

Posted by: Rob at February 23, 2012 07:51 AM

I posted a reaction here:

Posted by: Peter Surda at February 23, 2012 08:25 AM

Mafia-concentration. In your putting, that mafia would become involved and invested in BitCoin, and would act like an authority, and authorities become sooner or later interested to to keep things running. But when criticizing something, it is presumed that there is (or can be) something better out there. Today that mafia player is the financial entity that has the power to issue money, so...?

Government. A cryptocurrency is ought to pass over one's boundaries when talking about governments. If you don't think of the USA as "the world", the USA government is not almighty. Yes, the USA government + Federal Treasury controls the dollar which many would call "de facto world currency" and those two together can do pretty much everything with US currency, but that isn't valid any more with such a currency as BitCoin. They can buy/sell large amounts of money causing big fluctuations and that would make speculators happy. Speculators also involuntarily are playing a stabilizing role (as it happens on FOREX), and more of them (more of their purchasing power actually) being involved - the more stability they bring. That government move you described would simply cause a significant value injection into BitCoin, at the expense of dollar, value that they won't be able to get it back in full amount. I therefore don't think governments will get involved in stock exchange games.

Botnets. This is not a sole BitCoin problem, but of all the systems (including the current one) that are relying more and more on computers. And mining is not all that important and serious as you're trying to put it. The fact that someone would come to label that some gain is not fair/legal is entirely subjective and again, it's not a sole BitCoin problem. Occupy Wall-Street is just a popular move, not necessarily justified. People did that all the time in history.

Proof-of-Work. This argument doesn't have any valid place at all. BitCoin acts like cash and can be stolen/laundered/anything else that criminal groups can get involved in the same way like cash is. We still have cash around, do we? Banks currently "make" money out of thin air by simply signing a credit contract. They are able to do so, they do so and nobody bothers to ask any "proof-of-work" (sound ammusing).

Segmentation. That would be a good thing. That would be a mark of an evolving world (of currencies). The best one will prevail in the end. Each new model bring improvements. You mentioned SolidCoin. It would be good if you'll check out why is it worth to exist at all and you might find in this way solutions for some of the problems that you thought of. Keep going, because each problem people put in light create demands for improvement, and unlike the current financial system, that "genius system" (or at least it's kind) is ready to address issues and to come up with a better version of itself.

Posted by: none at February 23, 2012 01:11 PM

From an academic perspective the botnet miners are no different than the "honest" miner, so I fail to see your point. That is to say as far as the bitcoin network is concerned "n" is no different than "n+1." Your point is irrelevant unless your attackers intention is to falsify the block chain, in which case you need to do more research into what the requirements of that would be.

I'd assume you are trying to attack the bitcoin idea from an academic perspective because you put your argument into a format that vaguely resembles an academic paper and you mention "

From a practical standpoint your claims that one party can benefit from the bitcoin because they have access to "free electricity" is nonsense.

Posted by: capricrow at February 26, 2012 10:35 PM

Today I woke up to find my hot wallet on the backup server had all its coins stolen. As a security measure, merchant sites keep the majority of funds offline with just enough in a ‘hot wallet’ to keep operations running smoothly.

Rest assured: I am covering Linode’s mistake from my own income. That means months of my work is wasted and I’m crushed.


I am not the only person affected by this. A few hours ago another guy contacted me that his Linode machine has been attacked and his coins was moved to the same wallet, asking me if I knew what happened (because he found that the 1Mining2 address is mine). We found that our issues are the same – changed password in Manager, stolen coins & Linode staff is telling they have no security issue on their side.

Posted by: Cloud (in)security -- Compromised Linode, thousands of BitCoins stolen at March 1, 2012 06:09 PM

More than $3,700 (£2,400) of the virtual currency Bitcoins has been illegally "mined" by a rogue employee at US games company ESEA....

Posted by: Games network used to 'mine' Bitcoins illegally at May 2, 2013 11:15 AM

Competitive video gaming community E-Sports Entertainment Association secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency, one of its top officials said Wednesday.

The admission by co-founder and league administrator Eric ‘lpkane’ Thunberg came amid complaints from users that their ESEA-supplied software was generating antivirus warnings, computer crashes, and other problems. On Tuesday, one user reported usage of his power-hungry graphics processor was hovering in the 90-percent range even when his PC was idle. In addition to consuming electricity, the unauthorized Bitcoin code could have placed undue strain on the user's hardware since the mining process causes GPUs to run at high temperatures.

"Turns out for the past 2 days, my computer has been farming bitcoins for someone in the esea community," the person with the screen name ENJOY ESEA SHEEP wrote. "Luckily I have family in the software forensics industry."

About five hours later, a separate user posted evidence of the ESEA software client included the Bitcoin code. The user also provided instructions showing how other ESEA players can check to see if their computers are running the secret program.

A few hours later, Thunberg published his own post disclosing that ESEA software had included the Bitcoin miner for a little over two weeks and deposited a little more than 29 BTC into three wallets under the control of ESEA officials. The digital currency was regularly converted into US dollars and netted a total of $3,602.21 as of Wednesday.

Posted by: Secret Bitcoin mining code added to e-sports software sparks outrage at May 2, 2013 11:17 AM

by Dan Goodin - Apr 5, 2013 5:05 pm UTC

Bitcoin mining takes a lot of computing power—so naturally someone created a piece of malware to mine on other people's computers. As the value of bitcoins skyrockets, security researchers have discovered yet another piece of malware that harnesses the processing power of compromised PCs to mint the digital currency.

BTCs, as individual bitcoin units are known, have recently traded as high as $130, about four times their value from February. In Bitcoin vernacular, BTCs are "mined" by computers that solve cryptographic proof-of-work problems. For each correct block of data submitted, contributors are collectively rewarded with 50 25 bitcoins. Legitimate participants, who typically receive a percentage of the reward based on the number of blocks processed, often use powerful systems with multiple graphics processors to streamline the process.

But scammers spreading malware on Skype are taking a decidedly more nefarious approach. Their malicious code hijacks a computer's resources to mine BTC, according to a blog post published Thursday by a researcher from Kaspersky Lab. While the bitcoin-miner.exe malware harnesses only the CPU resources, which are much slower than GPUs in BTC mining, the attackers have the benefit of infecting many computers and then chaining them together to mint the digital currency. Unlike legitimate miners, the criminals don't have to pay the purchase price of the hardware or pay for the electricity to run them.

Bitcoin-mining malware has been circulating for almost two years now. Some versions actually tap infected computers' GPUs and can even run on OS X Macs.


Posted by: Malware spread on Skype taps victim PCs to mint bitcoins at May 2, 2013 11:21 AM

Mr. Hypponen listed the new cyber threats facing the world, and predicted that will see be attacks on every device equipped with processor in order to use CPU time for Bitcoins mining, and that malware will start maliciously locking our cloud services for ransom.


Posted by: seen on the net... at October 31, 2013 06:48 AM

Majority is not Enough: Bitcoin Mining is Vulnerable
Ittay Eyal, Emin Gun Sirer
(Submitted on 1 Nov 2013 (v1), last revised 5 Nov 2013 (this version, v3))

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Selfish mining is feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system.

Posted by: Majority is not Enough: Bitcoin Mining is Vulnerable Ittay Eyal, Emin Gun Sirer at November 6, 2013 01:17 AM

...we are taking a look at a PUP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software’s EULA. This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash.

On Nov 22, we received a request for assistance from one of our users about a file that was taking up 50 percent of the system resources on their system. After trying to remove it by deleting it, he found that it kept coming back, the filename was “jh1d.exe”.

Posted by: Potentially Unwanted Miners – Toolbar Peddlers Use Your System To Make BTC at December 17, 2013 03:05 AM

The state of New Jersey recently announced a $1 million settlement with E-Sports Entertainment, LLC over allegations that the company installed malware on its customers’ computers. The Attorney General claimed that E-Sports’ software allowed the company to use its customer’s computers to mine for Bitcoins without the user’s knowledge, generating thousands of dollars in Bitcoin value for E-Sports (and no value for the users) after numerous reports of unusually high CPU usage by their customers. E-Sports released a statement apologizing and clarifying that this was the behavior of a rogue programmer. They also announced that they are donating the value of the bitcoins ($3,713) to the American Cancer Society plus doubling the donation from their own funds.

Posted by: The Limits of Harvesting Users Online at December 17, 2013 03:08 AM

According to Light Cyber, a security research firm which warned Yahoo of the attacks in late December, one of the malware programs delivered in the attack turned the victim's computer into a bitcoin miner. The computer is set to work performing the calculations required to make the bitcoin network run, but the rewards for doing so accrue to the malware writer.
Fox IT, the Dutch cybersecurity firm which first disclosed the vulnerability to the public, estimated that there were around 27,000 infections every hour the malware was live on the site. If the malware was being served consistently for the three days, it may be the case that almost 2 million computers were infected.

Posted by: Yahoo malware turned European computers into bitcoin slaves at January 8, 2014 02:55 PM


Miscreants are using hacked digital video recorders in a somewhat misguided attempt to mine cryptocurrency BitCoins.

Hackers have created custom code to infect devices normally used for recording footage from security cameras. After getting in, likely to taking advantage of weak default passwords, a common security mistake with embedded devices, the ne'er-do-wells plant malicious code. This malware scans for vulnerable Synology Disk Stations as well as attempting to mine BitCoins.

Security researchers at the SANS Institute's Internet Storm Center spotted the attacks after investigating devices scanning its honeypot, discovering to their surprise that they were actually infected DVRs (digital video recorders). The malware is compiled for ARM CPUs, so it's a specialist nasty.

"The malware is an ARM binary, indicating that it is targeting devices, not your typical x86 Linux server," explains SANS Institute researcher Johannes Ullrich in a write-up. The malicious code is only scanning for vulnerable Synology Disk Stations and not doing anything on these insecure networks attached storage devices, at least for now.

Security researchers at the SANS Institute have since discovered that the Synology scanner is also running on routers.

Mining BitCoins these days requires a specialist rig featuring graphic cards so using low-powered embedded systems is not terribly practical.

"Kudos to camera DVRs hackers for finding something worse (ie, very ineffective cryptocurrency mining) to use them for than surveillance," said Martijn Grooten, Virus Bulletin's anti-spam test director.

Chris Wysopal, co-founder and chief technology officer at code review firm Veracode, was even more dismissive: "Seriously, this is just wasting electricity," he said. ®

Posted by: lame attack on Internet of things... at April 2, 2014 09:43 AM

An unknown hacker has reaped an estimated 500 million dogecoins – worth nearly $200,000 at today’s prices – by hacking into a series of data storage hubs for computer networks, according to SecureWorks, an information services subsidiary of personal computing giant Dell.

The SecureWorks report revealed that the hacker targeted network attached storage (NAS) boxes made by Taiwan-based Synology Inc. and used its computing power to mine dogecoin through a private pool. The action caused problems for Synology’s customers, some of whom reported poor performance on Facebook in February. ...

Posted by: dogecoin attacked... at July 16, 2014 04:44 PM

If you recently installed or updated uTorrent on your PC, you may have have picked up an unwanted passenger: a Bitcoin miner called Epic Scale. That piece of code can be inadvertently installed with the latest uTorrent build (version 3.4.2) and uses your computer as part of a Bitcoin farm to generate revenue for third parties. Users first reported the situation on uTorrent's forums, and it was quickly confirmed by a senior support manager. He said that the app "cannot be installed without permission," but one user claimed that there was "never a warning about it," even though he opted out of other bundled software.

Posted by: Popular torrent client can steal your CPU cycles to mine Bitcoins at March 6, 2015 11:26 AM

The malware "Mal/Miner-C" infects Internet-exposed Seagate Central Network Attached Storage (NAS) devices, and from there takes over connected computers to mine for cryptocurrency. About 77% of all drives have been infected.

Posted by: Cryptogram at September 15, 2016 04:48 AM

From Krebs: An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots. ...

Posted by: Botcoin: Bitcoin Mining by Botnet (July 2013) at May 7, 2017 02:31 PM

Like last week’s WannaCry campaign, this attack makes use of leaked NSA hacking tools and leverages a patched vulnerability in Microsoft Windows networking. The Adylkuzz campaign, in fact predates WannaCry by many days. For organizations running legacy versions of Windows or who have not implemented the SMB patch that Microsoft released last month, PCs and servers will remain vulnerable to this type of attack. Whether they involve ransomware, cryptocurrency miners, or any other type of malware, these attacks are potentially quite disruptive and costly. Two major campaigns have now employed the attack tools and vulnerability; we expect others will follow and recommend that organizations and individuals patch their machines as soon as possible.

Posted by: Viral mining botnet attack at May 19, 2017 04:13 PM

17 Feb 2016: Why recent Hashrate drop? F2Pool founder "Seven Colored Fish": in China many have been caught theft of electricity.

Posted by: Seven Colored Fish at June 3, 2017 11:49 PM

A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.

According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices' SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the "pi" account to:


After this, Linux.MulDrop.14 shuts down several processes and installs libraries required for its operation, including ZMap and sshpass.

The malware then launches its cryptocurrency mining process and uses ZMap to continuously scan the Internet for other devices with an open SSH port.

Once it finds one, the malware uses sshpass to attempt to log in using the username "pi" and the password "raspberry." Only this user/password combo is used, meaning the malware only targets Raspberry Pi single-board computers.

This is somewhat out of the ordinary since most malware tries to target as many platforms as it can. Nonetheless, this version of the malware may be still under development, and other username & password combos may be added at a later date.

Still better than Mirai

Most users would dismiss the idea of using Raspberry Pi devices to mine for cryptocurrency, which is a very computational-heavy operation.

While Raspberry Pi single-board computers do have some hardware resources at their disposal for the task the malware is attempting to perform, they are not as powerful as classic desktop or laptop computers, and nowhere near the efficiency of dedicated mining equipment.

Nevertheless, people have used Raspberry Pi devices to mine for cryptocurrency in the past, with moderate success.

Either way, Linux.MulDrop.14 is certainly more equipped for the task at hand compared to a version of the Mirai IoT malware spotted in mid-April, which also tried to mine for cryptocurrency for a short period of time.

At the time, Errata Security researcher Robert Graham estimated that if a Mirai botnet of 2.5 million bots mined for cryptocurrency, it would be earning only $0.25 per day because of the low computational power of the devices Mirai is capable of infecting (usually security cameras, DVRs, routers, and other IoT equipment).

Posted by: Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices at June 12, 2017 06:22 AM

Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints.

According to Kaspersky, detections for cryptocurrency mining trojans rose from a lowly 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 looks like it will easily surpass that number. ...

Posted by: Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far at September 12, 2017 10:51 AM

Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge. Crooks are currently deploying this technique on Russian and Ukrainian websites, but expect this trend to spread to other regions of the globe.

Malicious ads delivered on gaming and streaming sites - The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code.

The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser.

Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites.

Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.

Posted by: Malvertising Campaign Mines Cryptocurrency Right in Your Browser at September 15, 2017 08:41 AM

A few hours ago a cryptocurrency miner appeared on The Pirate Bay website, using the computer resources of visitors to mine Monero coins. The operators of The Pirate Bay are testing it as a new way to generate revenue, but many users aren't happy.
A few hours ago many Pirate Bay users began noticing that their CPU usage increased dramatically when they browsed certain Pirate Bay pages. Upon closer inspection, this spike appears to have been caused by a Bitcoin miner embedded on the site.

The code in question is tucked away in the site’s footer and uses a miner provided by Coinhive. This service offers site owners the option to convert the CPU power of users into Monero coins.

The miner does indeed appear to increase CPU usage quite a bit. It is throttled at different rates (we’ve seen both 0.6 and 0.8) but the increase in resources is immediately noticeable.

Posted by: The Pirate Bay Website Runs a Cryptocurrency Miner at September 17, 2017 04:38 PM

This past weekend, Showtime websites were found to be running a script that allows the sites to mine visitors’ extra CPU power for cryptocurrency, as pointed out by users on Twitter. The afflicted sites included showtime.com and showtimeanytime.com, but the script has since been removed following reports from Gizmodo and other sites.

The crypto mining Javascript is called Coinhive, and according to the site, it was made as an alternative to banner ads as a way for website owners to get around pesky ad-blockers. Ironically, some ad-blockers have now included Coinhive on the list of the banned.

The script mines the cryptocurrency known as Monero. ...

Posted by: Showtime websites secretly mined user CPU for cryptocurrency at September 27, 2017 02:51 AM

A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers ultimately got access to Amazon’s cloud servers after discovering that their administration consoles weren’t password protected.

“Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers,” reads the RedLock report. Kubernetes is a Google-created, open-source technology that makes it easier to write apps for the cloud.

“The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet,” the report says. ...

Posted by: Forget stealing data -- these hackers broke into Amazon's cloud to mine bitcoin at October 9, 2017 02:21 AM

... CoinDesk reported that two IT workers for the government of Crimea were fired in late September, after it was discovered that they were mining bitcoins on their work computers. In January, an employee for the US Federal Reserve was put on probation and fined for mining on servers owned by the US central bank.

Posted by: more... at October 9, 2017 02:24 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.