This could be a really useful thread to keep people informed.
I would watch for a maginificent upscale in the # of spearfishing attempts (crafted phish messages to incite mouseclickie) when all the masses stream into crypto once the debt systems of the world begin to fail. At that time, the scumbags will be filling everyone's inboxes. It's much more profitable to tactically map the general stupidity (clicking emails) than to craft actual code to do such and such.
But, as with the Siemens debauching their own systems with Stuxnet, I expect the true behemoth of cryptocoin malware is being crafted right now, and will be fielded by you-know-who, who fielded Stuxnet for the same reason. Teams of programmers built Stuxnet over at least two years.
If they built Stuxnet, which basically has made all SCADA control systems unreliable now (read: more meltdowns someday), then the post mortem on their bitcoin weapon malware when they field it, will take some time as well. Better if some tech working on it right now, can do a Snowden and out them before that thing even gets built. My .02