It looks like the Pony botnet that stole two million passwords in December has an even more egregious sibling galloping around. According to security firm Trustwave, this more advanced botnet has compromised 700,000 various online accounts up to date (it's been active since September), including 85 Bitcoin and other cryptocurrency wallets mostly from Europe. In the months since the equine-loving hackers got the wallets' private keys, a total of $220,000 have been transferred into and out of the accounts.

Because anyone can take over a wallet with the appropriate private key (and cryptocurrencies' transactions go through anonymously), it's unclear whether that much money was actually stolen. Some of those transactions could very well be performed by the original owners themselves. Still, add this incident on top of the $1.2 million Bitcoin heist in 2013, and it's clear users need to start using (strong) transaction passwords and store their wallets offline. Those who've sadly been negligent in the security department can use Trustwave's Bitcoin tool to check if they own one of the 85 accounts. Considering popular Bitcoin exchange website Mt. Gox just went dark, as well, we hope nobody's retirement funds got wiped out.


Bitcoin and other cryptocurrencies compromised by Pony botnet