Hacker hijacks ISPs, steals $83,000 from Bitcoin mining pools

Hacker hijacks ISPs, steals $83,000 from Bitcoin mining pools

Summary: Bitcoin exchanges and trading posts have been hacking targets over the past year, but now one hacker has taken on ISPs to loot Bitcoin from mining pools.

SHARE:
TOPICS: Security
2
bitcoins-pile-620x202-620x202

It's no longer surprising when we hear a cryptocurrency exchange has suffered a security breach, but now a hacker has targeted mining pools -- and managed to steal $83,000 in cryptocurrency as a result.

The Dell SecureWorks Counter Threat Unit (CTU) research team said Thursday they have identified an exploit which can be used to lift cryptocurrency from mining pools, and at least one hacker has already taken advantage of the security flaw.

A hijacker was able to use a fake Border Gateway Protocol (BGP) broadcast in order to compromise networks belonging to some of the biggest names in the field -- including Amazon, Digital Ocean, and OVH, among others -- between February and May 2014. According to the researchers, at least 51 networks were compromised from 19 different ISPs, and at least one hijacker was able to use this flaw to redirect cryptocurrency miners' connections to a hijacker-controlled mining pool, therefore collecting the miner's profit for themselves.

Miners were able to continue searching for blocks, which results in the minting of new Bitcoins, but spoofed servers ensured that miners never received their cut -- instead, the hijacker took off with all of the earnings.

Screen Shot 2014-08-08 at 10.56.17

In total, it is believed this single hijacker has been able to earn $83,000 in roughly four months.

Although Bitcoin was the main target of the heist, with 1 BTC currently worth $589, it was not the only cryptocurrency affected.

"The threat actor hijacked the mining pool, so many cryptocurrencies were impacted," the researchers said. "The protocols make it impossible to identify exactly which ones, but CTU researchers have mapped activity to certain addresses."

One miner spoken to by Dell SecureWorks said he estimates 8,000 Dogecoin were hijacked and stolen in March, worth $1.39. The miner later added a firewall rule to reject connections from the hacker's mining server, which rejected the hijack and led to normal mining regularity. While $1.39 is a tiny amount, if widespread, such hacking can be lucrative.

The researchers were eventually able to trace the fake broadcasts to a single router at an ISP in Canada. While the hijacker has not been identified, CTU believes the scheme can be blamed on a rogue employee of the ISP, an ex-employee with an unchanged router password, or simply a black-hat hacker.

The CTU research team provided its evidence to the ISP closest to the source of the activity, and the malicious BGP announcements stopped three days later. The team says that despite approximately $2.6 million in cryptocurrency mining activity occurring each day, the chance of future BGP attacks is "minimal," writing:

"BGP peering requires that both networks be manually configured and aware of one another. Requiring human interaction for proper configuration makes BGP peering reasonably secure, as ISPs will not peer with anyone without a legitimate reason. These hijacks and miner redirections would not have been possible without peer-to-broadcast routes."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Why so few comments.

    No comments after a bitcoin article, after several hours? It seems the bitcoin craze is over for good.
    On the article: Nobody would think of transferring real money over a protocol that hasn't been secured against such an attack, or any form of man in the middle attack. Yet they transfer cryptocurrencies worth tens of thousands of dollars over such a link. The irony is that cryptocurrencies only came to life due to encryption.
    Sacr
  • Gump's mama had it right...

    "Stupid is as stupid does" fits bitcoin perfectly.

    Why bother when a million dollars only weighs 22 pounds and fits in a briefcase?
    Makes Things