Network Hijacker Steals $83,000 In Bitcoin 101
An anonymous reader writes with news that bogus BGP announcements can be used to hijack work done by cryptocurrency mining pools. Quoting El Reg: Researchers at Dell's SecureWorks Counter Threat Unit (CTU) have identified an exploit that can be used to steal cryptocurrency from mining pools — and they claim that at least one unknown miscreant has already used the technique to pilfer tens of thousands of dollars in digital cash. The heist was achieved by using bogus Border Gateway Protocol (BGP) broadcasts to hijack networks belonging to multiple large hosting companies, including Amazon, Digital Ocean, and OVH, among others.
After sending the fake BGP updates miners unknowingly contributed work to the attackers' pools.
Where is the validation? (Score:5, Informative)
So really bitcoin is incidental (Score:5, Informative)
So what we have here are two problems.
One lack of authentication for the miners with the pools. Something a few SSL on the servers and wrapping those sockets calls with openSSL would make the route hijacking ineffective for stealing mining resources.
So there is a lesson in this whatever it is you are doing on the internet if you care AT ALL about it you should be using SSL and checking certs, (Looking at your slashdot) sure there are tons of problems as weaknesses in SSL but until something better comes along its beats the hell out of clear text with no authentication what so ever.
Two BGP needs to be replaced or updated to support much stronger authentication and the network operators need to just push getting it done, even if it means telling customers we can't / won't peer with you and neither will anyone else unless you get you routers and or software update to do this. If they stick together in it there should be no trouble getting that done.
Stealing some computer cycles used to generate bit coins is probably among the least real harm someone with access to advertise bogus routes in BGP could do; and lots of people are in a position to do that. We should be thankful its only a little money these guys were making off with. The Internet has gotten to big for the network operators to just relay on everyone playing nice and being good citizens, We need some stronger technical controls put in place and regular auditing beyound well nobody has complained on NANOG.
Re:That's okay.... (Score:3, Informative)
If you stored Bitcoin in a bank, it would be insured, and there wouldn't be an issue. This isn't even about wallets or banks or credit. This time, it's about a bug in the protocol. Every bug discovered makes the system stronger. Sucks that miners are losing money, but the discovery is good news in the long run. Compare this with the banking system. When a bug is discovered, it takes years to get fixed, millions, sometimes billions of dollars are lost. The process is onerous and intrusive, often resulting in less privacy or harder laws that don't actually address the root cause of the problem. A problem surfaces in Bitcoin world, at worst you're going to have to wait a week before the wallets or miners are patched. What was that you were saying about harm again?
Re:How did people not notice this early? (Score:4, Informative)
I got hit April 25th with this. I noticed within an hour, and it took me about an hour to determine that my connection to the pool had been spoofed, and my miners redirected to the attackers pool. I had no idea at the time *how* it was done.
My mining software was a couple of months old at the time, and the latest version would ignore such redirect requests. I updated and continued on, having lost maybe 2 hours of mining.
The redirect comes from that fact that the "Stratum" protocol used by many minors to request work from the pools was originally designed as a wallet to blockchain server protocol. Under that use case, it makes sense that the server might suggest to a (wallet) client that they use another server.