Blog Incidents in Mining

Bitcoin Hijacking: Routing Attacks on Cryptocurrencies

Cryptocurrency

Bitcoin, as the most popular and capitalized cryptocurrency, remains a coveted target for attackers. Many attack vectors have been discovered in recent years, from exploits in clients to vulnerabilities in smart contracts. But one key vector has long remained in the shadows – the Internet routing infrastructure that physically powers the entire Bitcoin network.

This paper is the first to systematize routing attacks and demonstrate how attackers can use BGP hijacking to intercept, slow down or isolate traffic between network nodes, including mining pools.

The essence of the attack: BGP Hijack and traffic manipulation

The Internet is designed so that routes between autonomous systems (AS) are routed using the Border Gateway Protocol (BGP). If an attacker gains control of an AS or router, they can announce false routes and intercept traffic destined for other nodes.

In the case of Bitcoin:

  • can isolate pools of miners from the rest of the network;
  • slow down the spread of blocks and thus cause “chain splitting”;
  • cause a loss of power – miners will mine in an isolated branch and lose revenue;
  • potentially take advantage of double spending.

What did the study show?

Researchers:

analyzed the current topology of the Bitcoin network (based on supernode and BGP data), proved that an attacker only needs to capture < 100 BGP prefixes to:

  • isolate up to 50% of all computing power,
  • even though large pools are multi-homed,
  • demonstrated in practice that by being on-path, an attacker can slow down critical Bitcoin messages
  • particularly those responsible for block and transaction propagation.

Implications

Isolation of mining pools can result in:

  • significant loss of rewards,
  • an increase in the number of orphaned blocks,
  • block chain instability.

Delaying the distribution of blocks can:

  • accelerate network centralization (small pools lose efficiency),
  • create conditions for a double spend attack in exchange transactions.

How to protect yourself?

Short-term measures:

  • Tracking BGP announcements and anomalies (e.g. via BGPMon, RIPE NCC, etc.).
  • Utilizing encrypted connections between hosts (e.g., via VPN/Overlay networks)
  • Moving to more resilient peer-to-peer routes (e.g., via I2P or CJDNS)

Long-term measures:

  • Implement RPKI (Resource Public Key Infrastructure) in AS routing
  • Establish mechanisms for trusted route verification
  • Develop a new network infrastructure for blockchains that is resistant to BGP attacks

Conclusion

Despite the power of hash rates, a vulnerability in a few routers can take out half the network. Digital security cannot ignore physical reality.