This triggered predictions of doom for bitcoin - that the criminals would take over the mining of bitcoin through botnets and bring the whole currency crashing down. But as bitcoins become harder to mine - according to an algorithm that slows down their production the more people try to create them - this approach has proven less profitable.
In 2012-13, says Danny Huang, another researcher at the University of California, San Diego, they earned at least 4,500 bitcoins, a relatively small sum compared with the total produced. "Few botnets are mining bitcoins now," he said.
Instead, they've turned to stealing them from wallets, or, more lucratively, from exchanges.
According to data compiled last year by academics Tyler Moore and Nicholas Christin, of 40 exchanges tracked 18 had closed, with customer balances wiped out in many cases - not always, they point out, due to fraud. Since then, according to public reports, more than a dozen others have been hacked.
Currency of thieves
Cyber-criminals have also made use of the ease with which bitcoins can be traded without any third party - such as a bank or online payments service like PayPal - to use it as at least one way of paying for services between themselves.
"Bitcoin made it much easier for them, because they have to trust each other even less. Even complete strangers can cooperate," said Juraj Bednar, a bitcoin security expert in Slovakia.
But while bitcoin has its advantages, it's not a perfect tool for the bad guys.
(Read more: Bitcoin's Mt.Gox disappears, insolvency feared)
Take, for example, ransomware. Viruses which encrypt users' data and then demand payment for a key to unlock it have become increasingly sophisticated, says Dell Secureworks' Jarvis.
The most successful: CryptoLocker, which Jarvis believes is run by a Russian-speaking gang who are also behind a botnet called Gameover Zeus that targets financial websites.
Bitcoin often appears on CryptoLocker as an option for victims to pay up. Its appeal, says Bednar, lies in the fact that it needs no third party for the transaction to work.
But there have been problems. For one thing, the type of user to be infected by a virus wasn't likely to be the type who is technologically savvy enough to be familiar with bitcoin. Also, as bitcoin rose in value, it has become a more expensive option for the victim, forcing the criminals to lower their bitcoin ransom demands to match prevailing exchange rates.
Then there's bitcoin's transparency. All transactions are visible, and while they're just digits and letters, in theory they could be connected to an individual and the entire history of all the bitcoin's transactions traced.
Italian computer engineer Michele Spagnuolo, for example, was able to trace a number of ransom payments for CryptoLocker. The gains have been impressive: he and academics from Politecnico di Milano speculate that up to 6,757 bitcoins - then worth around $6 million - could be linked to those behind CryptoLocker late last year. That estimate of their total takings, he says, could be very conservative.
But the fact that such payments can be traced would raise a red flag for cyber-criminals, says Daniel Cohen of RSA, the security division of EMC Corp, even though there are online services that can "launder" bitcoins to hide their origin. "Sure, there are bitcoin laundering services, but still if I tie a wallet to an identity I can see every single movement," he said.
And, ironically, the success that some criminals have had in stealing bitcoins has made it less appealing to the underworld. RSA's Cohen says his team monitoring underground forums has noticed criminals lately see bitcoin as "volatile, seizable and, with the recent thefts, unsafe."
That's not to say bitcoin is out of the woods.
While the protocols underlying bitcoin have proved themselves to work, the weak links have been the software containing the wallets, whether on exchanges or on individuals' computers.
"The attacks on the exchanges did not in themselves indicate any particular weakness of bitcoin per se, but rather exploiting vulnerabilities within the exchanges," says Raj Samani of Intel Corp's internet security company McAfee.
Such holes are being addressed, says Dell Secureworks' Stewart, pointing to such innovations as hardware wallets to replace software ones. "We're just going to have to get into that mode of thinking," he says.
For now, bitcoin users remain a vulnerable target.
That was illustrated when hackers breached Mt. Gox's servers and its owner's blog this week to post files purporting to be Mt. Gox's transactions in bitcoin stretching back to 2011.
Amid the files lurked another surprise awaiting the unwary: a bitcoin-stealing virus.