Stop those thieves—they have my bitcoins!
Bitcoin may offer a level of freedom that traditional currencies do not, but it's hardly the most secure form of money.
Just as a pickpocket or mugger can rob you on the street, so a hacker can swipe your virtual money. And it can be much more difficult to recover stolen virtual cash than legal tender.
The combination of the fairly anonymous nature of the bitcoin world and hacker know-how makes it difficult for law enforcement agencies to track thieves. And because bitcoin transactions are nonreversible, users often have little recourse when they discover that their bitcoin "wallet"—which stores their virtual coins and notes any transactions—has been ripped off.
(Read more: Megatrends: Fast food and the middle class)
"If the wallet is held on a personal device and they accidentally delete it or forget the password or even if the device is severely damaged, we can use our digital forensic expertise to recover" the wallet," said Simon Lang, senior digital forensics consultant at SyTech, a communications solutions company. "If, however, it is stolen from an account or wallet, then it does become extremely difficult—and quite impossible at times."
(Read more: Bitcoin gets the FBI, Homeland treatment)
SyTech has recently started a tracing service for stolen bitcoins, but the problem is that exchanges can supply only limited information when a transfer (legitimate or fraudulent) takes place, data that is often restricted to the IP address, and date and reference number of the transaction.
The most valuable piece is the IP address, which can lead straight to the hacker. But a skilled fraudster can make the IP address untraceable.
"As federal regulators acknowledge bitcoin is a currency and establish a regulatory framework around it, there will be an expectation on the part of consumers being regulated that law enforcement will be available to investigate this," said Alex Ferrara, a partner with Bessemer Venture Partners. "They're going to need better tools to connect the transaction ledger and wallet IDs with real world sources."
In a 2012 report titled "Bitcoin Virtual Currency: Intelligence Unique Features Present Distinct Challenges for Deterring Illicit Activity," the FBI conceded that theft was likely to increase in this area and noted the special difficulty in identifying and nabbing culprits.
"As long as there is a means of converting bitcoins into real money, criminal actors will have an incentive to steal them," the agency wrote. "The FBI assesses with medium confidence that law enforcement can discover more information about, and in some cases identify, malicious actors, if the actors convert their bitcoins into a fiat currency."
The FBI did not respond to a request for comment.
Experts say it's impossible to determine how much bitcoin theft is taking place, but anecdotal evidence suggests it's growing and could rise commensurate with the currency's increased acceptance. Converting bitcoin to a fiat currency is challenging. Because few countries formally recognize bitcoin, most payments are for services, though some exchanges (usually done in person) are made for cash.
Governments are increasingly reviewing and scrutinizing bitcoin, though.
In August, for example, a Texas judge ruled that bitcoin was a form of money, allowing the Securities and Exchange Commission to move forward with a lawsuit against an alleged Ponzi scheme operator.
(Read more: Thailand bans bitcoin)
Virtual currency theft is often avoidable. While large scams get headlines, most bitcoin theft is done on individually using well-known hacking methods.
According to Ferrara at Bessemer, wallets kept on centralized, cloud-based services are more vulnerable than those on a local drive, not because of security failings but because they are larger targets with a substantial amount of bitcoin. Users of those services are often susceptible to malware or phishing emails that can trick them into divulging passwords.
(Read more: Megatrends: The rise of the global 99 percent)
"I recommend to every single user of bitcoin to use a form of two-factor authentication," Lang said. "It is so easy to use and set up that there really isn't any excuse."
Examples include a simple phone app such as Authy or Google Authenticator, which provide codes that are updated about every 20 seconds. Users can also have a code sent to their phone via SMS to function as a secondary log-in. That means a attacker needs access to a user's handset, and username and password.
Bitcoin users should pay attention to security warnings. Bitcoin sounded an alarm last month about a critical weakness in Android that exposed digital wallets using the mobile platform to theft. (A fix has been released.)
Perhaps most painful for victims of bitcoin theft is the finality. Banks savings are insured. Credit card holders aren't responsible for fraudulent charges. Bitcoins, generally, have no such safety net.
Only one bitcoin exchange offers accounts that are federally insured. Tradehill recently announced plans to transition its accounts to the Internet Archive Federal Credit Union, which will offer an added layer of security.
Some bitcoin wallets will reimburse victims of theft, but that's not likely to continue, especially as the value of the digital currency (now at roughly $122 per bitcoin) continues to rise.
"As bitcoin becomes more valuable and this becomes a bigger issue, I don't see any way these companies are going to be able to do that," Ferrara said. "They're going to need to get insured."
—By Chris Morris, Special to CNBC.com