A Canadian high school student has been identified as the most likely suspect behind a phishing site that allegedly ripped off thousands of dollars worth of Bitcoins from unsuspecting users.

The student, according to an ongoing investigation initiated by private individuals, has been in possessions of sold Bitcoin wallets loaded with thousands of dollars worth of the digital currency.

A profile linked to the suspect on public site HackForums claimed to have sold two accounts each containing 40 Bitcoins today alone, worth about $7000 at the time of writing.

It was also selling hacked LiteCoin account.

How the BitCoins were stolen

The phishing site used to launch the attacks, Mt Gox-Chat, hosted a Java exploit which hijacked user machines with what researchers said appeared to be an Autoit script.

The malware was then used to drain the digital currency from victims' Bitcoin wallets in a series of non-reversible transactions.

One victim using the handle BitBully wrote on the Bitcointalk forum they lost 34 Bitcoins to the scammer, worth anywhere between $3500 to $8000 due to the fluctuating value of Bitcoins this week.

The transaction pointed to an account that held 72 Bitcoins, worth around $8000 at the time of writing.

The victim was compromised after they clicked through Java warnings prompted by the MtGox-Chat site.

He told SC he wanted to warn others of the attack and attempt to get the stolen Bitcoins returned.

Online sleuths

Following the victim accounts, a small group of online sleuths began the investigation to identify the perpetrator and invited SC Magazine to bear witness to their collaboration.

Analysis of the malware by a member of the anonymous group of sleuths, who claimed to be a security researcher, pointed to IP addresses which were linked to other accounts used by the suspect.

This information led the group to suspect the scammer was using his Canadian residential address to host a command and control server.

The research also revealed a series of domain information and months of login data, along with website profiles - including the suspects' Facebook account, which provided further evidence of the man's identity.

The party investigating the scam engaged in a Skype chat with their suspect hacker, but he claimed the information gathered was fake and promptly terminated the conversation.

At the time of writing, those investigating the scammer had threatened to reveal the data gathered in the investigation unless the suspect returned the stolen Bitcoins to victims.

SC Magazine recommends that Bitcoin users operate online with a heightened awareness of security. Users should activate two-factor authentication for online accounts where possible, disable Java in web browsers used for BitCoin transactions and be extremely cautious about following links posted in forums and chat rooms.