Virtual cash heist diverts net traffic Published duration 8 August 2014

image copyright Reuters image caption Bitcoin and other virtual currencies use lots of computer power to track transactions and generate new coins

More than $83,000 (£50,000) in virtual cash has been stolen by a thief who managed to hijack net traffic from 19 separate ISPs, say security experts.

The hijacked data was involved in the "mining pools" that generate virtual cash and keep track of who spent what.

The thief directed the results of the mining and transaction tracking to his own server so he could cash in.

Internal access to a Canadian ISP allowed the thief to divert traffic, said experts.

The theft was uncovered by security researcher Joe Stewart, who was part of one of the mining pools that was hit by the thief.

Mining pools underpin the way many different crypto currencies work. They involve people connecting up their home computers to process the information generated when virtual cash is spent, swapped or gifted.

In return for doing this hard computational work, miners are regularly rewarded with freshly minted coins.

By regularly diverting traffic passing between members of several different mining pools, the attacker was able to reap all the rewards for themselves, Mr Stewart told Wired

"Some people are more attentive to their mining rigs than others," he said. "Many users didn't check their set-ups for weeks, and they were doing all this work on behalf of the hijacker."

The targeted hijacks only lasted 30 seconds but that was long enough to trick the collaborating computers into handing over the results of their work to the attacker.

At its height the attack netted more than $9,000 (£5,350) a day in bitcoins, dogecoins and worldcoins for the thief.

The diversion was made possible by the attacker gaining access to the internal systems at a Canadian ISP from where they were able to tell net hardware to reroute traffic.

The attack started in February but was shut down in May when it was detected.