More sophisticated malware — Litke used the word "elegant" — simply monitors the Windows clipboard, watches for a valid Bitcoin address, then replaces it with the hacker's Bitcoin address. (Bitcoin owners often use the clipboard when composing the digitally-signed emails for bitcoin transfers.)
Classified as a kind of "man in the middle" attack, the clipboard-focused malware has very little traditional malware functionality, making it even harder for antivirus vendors to detect. "It flies under the AV radar even more than most," said Litke.
The best defense against bitcoin malware, said Stewart and Litke, are the still-in-the-works "hardware wallets," small specialized devices that store the private keys and verify transactions. They're not foolproof — they don't prevent problems incurred by accessing a Web-based wallet or exchange from an infected PC, for example — but they can't be hacked like a software wallet.
Bitcoin malware will only continue to grow, Stewart and Litke predicted, because for all the missteps by exchanges like Mt. Cox, the two are convinced that digital currencies re here to stay and will only grow in popularity and use.
And unlike during the early days of financially-motivated malware, when the two sides -- hackers and security professionals -- were both starting from scratch in their attacks and defenses, the cyber criminals have the upper hand at the moment.
"This time they have a head start," said Stewart, referring to the hackers. "They have had years of practice making Trojans and password stealers, they have a huge arsenal of code primed and ready to go. Security companies have to bring some kind of order [to Bitcoin protection] with best practices. It's not terribly hard, once you understand how the whole thing works."