AAPL Stock: 117.81 ( -0.22 )

Printed from

Researchers discover cryptocurrency hack costing mining pools $83,000

updated 12:52 pm EDT, Fri August 8, 2014

Network compromise redirected mining pool traffic to alternate server

Security researchers have discovered a vulnerability in the way cryptocurrencies, such as Bitcoin, are stored in mining pools, allowing for funds to be stolen. Discovered by the Dell SecureWorks Counter Threat Unit, the exploit has allegedly already been used at least once, with one attacker said to have acquired approximately $83,000 using the technique.

The attack used fake "Border Gateway Protocol" (BGP) broadcasts, an external routing protocol typically used to allow networks to see each other. The Register reports the attackers spoofed the broadcast in order to route communications to their servers, instead of legitimate mining servers hosted by Amazon, Digital Ocean, OVH, and other hosting networks. Rather than the mining pool issuing payouts for work completed, the rerouted traffic allowed the attacker to instead receive the rewards.

A total of 51 networks were compromised by the technique across 19 Internet providers, the research team advised. The $83,000 attack was a sustained campaign which lasted between February and May of this year, and though the researchers tracked the broadcasts to an unnamed Canadian ISP's router, the identity of the attacker remains unknown. Due to the nature of the attack, it is hypothesized that it could be a rogue employee or an ex-employee of the ISP with an unchanged router password, or a malicious hacker. The ISP in question has been informed and put a stop to the malicious BGP broadcasts, but did not feed back any further details about the issue.

Since the attack hinges on being able to create BGP broadcasts, a process which requires both the sender and the recipient to be manually configured before communication can start, the research team advises that BGP peering is still "reasonably secure," with hijacking being a minimal threat. Even so, it suggests to ISPs that they opt in to the Resource Public Key Infrastructure, while pool servers could use the SSL protocol to prevent such redirection attempts.

The exploit is the latest security incident to occur to companies connected to Bitcoin. In March, Bitcoin exchange Flexcoin closed after the theft of approximately $620,000 in the currency. In the same month, large exchange Mt. Gox discovered a cache of Bitcoins thought to have been stolen by hackers, and though the 200,000 bitcoin collection was worth $115 million at the time, it still had another 600,000 bitcoin left to account for.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented